bgpd: Revalidate locally originated routes also when RPKI state changes #16483
Conversation
ton31337
force-pushed
the
fix/validate_rpki_network_routes
branch
3 times, most recently
from
d11efc5
to
d1c7c65
Compare
|
I know we have other places in the code where we have timers to regenerate data in BGP but I am personally not happy about that approach as that it adds unnecessary load to already loaded systems when there are a bunch of prefixes in the system. Is there a way we can have routes revalidated automatically? what is going on that we have to set a timer? |
Routes are never revalidated actually (including static routes ( |
|
waiting on #16474 to be tested to make certain it resolves this issue |
|
#16474 is fixed using this approach. @donaldsharp do you have any other solution or we can go with this? |
It's not really possible easily. RPKI cache server sends only changed prefixes. E.g. using StayRTR: If I change to: Then With the timer, it's deterministic, we always know we have the right state eventually. It can be controlled with high timer values and does not need to be every 30 seconds. UPDATE: Opened an issue, but I doubt it's even possible because it's more like up to the RPKI cache server to send those removed prefixes. |
|
@donaldsharp are we still looking into another way to do this, or should we go with this commit for the moment? |
|
I would really really prefer that we fix this problem the correct way the first time. I don't think we are in too much of a hurry since this is a day one problem with the rpki code. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
If we have something like: ``` router bgp 65001 network 10.10.10.0/24 route-map rpki ! route-map rpki permit 10 match rpki valid set local-preference 150 route-map rpki permit 20 match rpki notfound set local-preference 50 ! ``` Then 10.10.10.0/24 is never revalidated when RPKI state changes. E.g. if it was valid, and moves to notfound => local-preference remains 150, but should be 50. With this patch we force BGP network (static) routes to be revalidated when revalidation event is triggered from RPKI module. Signed-off-by: Donatas Abraitis <[email protected]>
If we have something like: ``` router bgp 65001 redistribute connected route-map rpki ! route-map rpki permit 10 match rpki valid set local-preference 150 route-map rpki permit 20 match rpki notfound set local-preference 50 ! ``` Then connected routes are never revalidated when RPKI state changes. E.g. if it was valid, and moves to notfound => local-preference remains 150, but should be 50. With this patch we force redistributed routes to be revalidated when revalidation event is triggered from RPKI module. Signed-off-by: Donatas Abraitis <[email protected]>
Signed-off-by: Donatas Abraitis <[email protected]>
ton31337
force-pushed
the
fix/validate_rpki_network_routes
branch
from
d1c7c65
to
77476b6
Compare
|
Where are we on this? Still waiting on a better way to resolve it? |
If we have something like:
Then 10.10.10.0/24 is never revalidated when RPKI state changes. E.g. if it was valid, and moves to notfound => local-preference remains 150, but should be 50.
With this patch we force BGP network (static) routes to be revalidated when revalidation event is triggered from RPKI module.
Fixes #16474