[c-nsp] RPKI extended-community RFC8097

Lukas Tribus lists at ltri.eu
Sat Apr 18 10:23:23 EDT 2020


Hello,

On Sat, 18 Apr 2020 at 14:44, Ben Maddison via cisco-nsp
<cisco-nsp at puck.nether.net> wrote:
> Going back to the OP's question, though: we (AS37271) use 8097.
> Not because I think that it's a particularly sensible design (I don't),
> but because we have IOS-XE bgp-speakers, and you can't do ROV on XE or
> Classic without it. At least, if you want routing to work ;-)

And this is why the conversation with the OP started in the first
place (not on this list).

I'm not deploying 8097 because it serves no purpose, other than
working around Cisco IOS stupidities and I'm not going to deploy the
former only to workaround the latter, because it introduces
unnecessary variables.

More about this issue here:
https://www.mail-archive.com/nanog@nanog.org/msg104776.html

Code with CSCvc84848 fixed will hopefully ship this summer, until then
I'm not touching RPKI on IOS(-XE) devices.


As per the 8097 implementation, it looks like both Juniper and Cisco botched it:

https://www.nog.bt/wp-content/uploads/2019/06/rpki_deployment_in_tashicell.pdf

Money quote:
> Both cisco & juniper doesn't follow rfc 8097


- lukas


More information about the cisco-nsp mailing list