On Thu, 12 Jun 2025, at 15:33, André Grüneberg wrote: > Hi Bird team, > > We are currently evaluating the implementation of RFC9234 for our IXP route > servers. Looking at it naively, one just needs to set local role rs_server in > the protocol. And indeed, routes from peers will be rejected and this is > logged. > > Instead of just logging, we would really like to apply our "blame and shame" > policy, i.e. make the invalid routes (in our case, anything with an OTC set) > visible in our looking glass (similar to RPKI invalids). To do so, we'd need > the "ineligible" routes to be imported into the main table, tagged in a > sensible way. > > I understand that RFC9234 section 5 mandates that the behaviour wrt OTC > attribute handling shall not be configurable by the operator. But ineligible > does not require the route to be invisible (see section 3).
Does "import keep filtered on" preserve these routes (when viewed with "show route filtered")? (Now, I think that leaves questions around identifying the reason why a route was filtered etc. But that might be [the start of] an approach) Now, I admit that swicthing to that for all filtering reasons probably involves quite a bunch of changes to the bird configs that IXPs use today, which is definitely a bit unnerving. > Would it be possible to implement a more relaxed behaviour by allowing the > import of ineligible routes (but never export)? > > Our current alternative is to avoid using BGP roles capability, but only > implement OTC handling in filters. A disadvantage of that, of course, is that you lose peer role checking (although peers supporting roles are very rare today - despite having run with OTC support enabled ourselves for a couple of years now, we have only one bilat on BCIX which advertises role support towards us) - Erin
