[c-nsp] RPKI extended-community RFC8097

Gert Doering gert at greenie.muc.de
Sat Apr 18 11:57:52 EDT 2020 

Hi,

On Sat, Apr 18, 2020 at 05:24:27PM +0200, Lukas Tribus wrote:
> On Sat, 18 Apr 2020 at 16:24, Gert Doering <gert at greenie.muc.de> wrote:
> > On Sat, Apr 18, 2020 at 02:13:07PM +0000, Ben Maddison wrote:
> > > I meant "dumb" as in "I painted the life-saving emergency stop button
> > > green and mounted it on a green wall behind a locked fire-proof door in
> > > a different building, which was dumb"
> >
> > Very dumb indeed :-) - in a very british tradition of fine understatement.
> >
> > I do not very much like IOS XE anyway, and my classic IOS boxes that do
> > speak BGP are too old for RPKI support ("no, you can't have new control
> > plane features, if we think your hardware is old") and will retire in
> > the next few months anyway.
> >
> > Yes, you Sup720 and Sup2Ts, this is you.  Out!
> 
> You should really upgrade to 7600 then (but 7200 or ME3600 will work
> too, slightly different platforms of course) ;)

7600, really?  This was the first Cisco BU to try the "how much can 
we annoy customers before they go and buy elsewhere" stunt.  And no.

And no, the ME3600-now-ASR920 is not exactly what I'd call "trustworthy
routers".  Nice metro/mpls switches.

> FWIW: Mark is trying to get the fix as far back as 7200 series:
> 
> https://mailman.nanog.org/pipermail/nanog/2020-March/107009.html

I didn't know that 7200s actually had any sort of RPKI support, given
that they are all long EOL and much more interesting bugfixes have
never come (like the L2TP crash bugs affecting LNSes).

But anyway, my last few 7301s that do "close to full table" BGP have
no eBGP sessions anymore, and will go into retirement soon as well.


As for "what do you use instead?" - for the edge stuff with no full
tables, 6500s are being replaced by Arista 7050 (T2+/T3), "full BGP"
stuff is being replaced by ASR9k, and testing Arista 7280R now.

We really like Arista.  Yes, they can not do everything Cisco can,
but the stuff that they *do* has been really rock-solid for us
(and the "oh, that does not work" bits are not as surprising as with
Cisco... ran into "no, you cannot have STP for a VLAN with mixed
tagged untagged ports on IOS XR" yesterday, much to my dismay).

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20200418/cb51554a/attachment.sig>

More information about the cisco-nsp mailing list