Re: [sidr] RPKI-RTR implementation clues

Hi Dennis, The issue is not only with new BGP updates you receive during the cache update, the issue is also how to treat already received updates. The safest is to operate with the RPKI state known prior the start of a cache update. Once the cache is updated, re-evaluate all BGP updates you

Re: [sidr] RPKI-RTR implementation clues

>> I'm in the process of adding RPKI-RTR (RFC6810) support to OpenBGPd > This is not directly related to your question, but note that the new > RFC, standardizing the new version of RTR (version 1, RFC 6810 was > version 0) is in AUTH48-DONE and can be published any time now >

[sidr] RFC 8206 on BGPsec Considerations for Autonomous System (AS) Migration

A new Request for Comments is now available in online RFC libraries. RFC 8206 Title: BGPsec Considerations for Autonomous System (AS) Migration Author: W. George, S. Murphy Status: Standards Track

[sidr] RFC 8209 on A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests

A new Request for Comments is now available in online RFC libraries. RFC 8209 Title: A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests Author: M. Reynolds,

[sidr] RFC 8210 on The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1

A new Request for Comments is now available in online RFC libraries. RFC 8210 Title: The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1 Author: R. Bush, R. Austein Status:

[sidr] BCP 211, RFC 8207 on BGPsec Operational Considerations

A new Request for Comments is now available in online RFC libraries. BCP 211 RFC 8207 Title: BGPsec Operational Considerations Author: R. Bush Status: Best Current Practice Stream: IETF Date: September 2017

[sidr] RFC 8208 on BGPsec Algorithms, Key Formats, and Signature Formats

A new Request for Comments is now available in online RFC libraries. RFC 8208 Title: BGPsec Algorithms, Key Formats, and Signature Formats Author: S. Turner, O. Borchert Status: Standards Track

[sidr] RPKI-RTR implementation clues

Hi, I'm in the process of adding RPKI-RTR (RFC6810) support to OpenBGPd and I am wondering about how others have implemented it. - How is the process started ? Currently, when I start bgpd, it will fetch a list of VRP from the cache and at the same time get prefixes from its peers. As soon as

Re: [sidr] RPKI-RTR implementation clues

> - How are subsequent validation handled ? > Do you start the validation process as soon as you get a new VRP or do you > wait > for a refresh timer ? In the former, a prefix could stay in the wrong state > for ^^^ latter