> Though I’m not sure that there is a huge distinction between disabling > BGPSec and taking the router offline since disabling BGPSec would trigger > neighbor session resets for capability renegotiation unless we’ve > specified otherwise in the protocol docs (doesn’t look like it in my quick > skim), and most likely force an entirely ungraceful set of updates as the > neighbors re-send their announcements with AS_PATH instead of BGPSEC_PATH.
likely significantly shorter than whatever time it takes to revoke, get new cert, install, and then go through the bgp reset. though you will eventually do that anyway. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
