Hi Dennis,
The issue is not only with new BGP updates you receive during the cache update,
the issue is also how to treat already received updates.
The safest is to operate with the RPKI state known prior the start of a cache
update. Once the cache is updated, re-evaluate all
BGP updates you
>> I'm in the process of adding RPKI-RTR (RFC6810) support to OpenBGPd
> This is not directly related to your question, but note that the new
> RFC, standardizing the new version of RTR (version 1, RFC 6810 was
> version 0) is in AUTH48-DONE and can be published any time now
>
A new Request for Comments is now available in online RFC libraries.
RFC 8206
Title: BGPsec Considerations for
Autonomous System (AS) Migration
Author: W. George,
S. Murphy
Status: Standards Track
A new Request for Comments is now available in online RFC libraries.
RFC 8209
Title: A Profile for BGPsec Router
Certificates, Certificate Revocation Lists,
and Certification Requests
Author: M. Reynolds,
A new Request for Comments is now available in online RFC libraries.
RFC 8210
Title: The Resource Public Key Infrastructure
(RPKI) to Router Protocol, Version 1
Author: R. Bush,
R. Austein
Status:
A new Request for Comments is now available in online RFC libraries.
BCP 211
RFC 8207
Title: BGPsec Operational Considerations
Author: R. Bush
Status: Best Current Practice
Stream: IETF
Date: September 2017
A new Request for Comments is now available in online RFC libraries.
RFC 8208
Title: BGPsec Algorithms, Key Formats, and
Signature Formats
Author: S. Turner,
O. Borchert
Status: Standards Track
Hi,
I'm in the process of adding RPKI-RTR (RFC6810) support to OpenBGPd and I am
wondering about how others have implemented it.
- How is the process started ?
Currently, when I start bgpd, it will fetch a list of VRP from the cache and at
the same time get prefixes from its peers. As soon as
> - How are subsequent validation handled ?
> Do you start the validation process as soon as you get a new VRP or do you
> wait
> for a refresh timer ? In the former, a prefix could stay in the wrong state
> for
^^^ latter