[c-nsp] RPKI extended-community RFC8097
adamv0025 at netconsultings.com
adamv0025 at netconsultings.com
Mon Dec 21 11:07:30 EST 2020
> Saku Ytti
> Sent: Saturday, December 19, 2020 12:57 PM
>
> On Sat, 19 Dec 2020 at 13:45, Lukas Tribus <lukas at ltri.eu> wrote:
>
> > soft-reconfig inbound always amounts to 100 MB of memory consumption
> > for a v4 + v6 full feed as of last week on 32-bit XR. I can live with
> > 100MB of memory consumption per full feed, so I'm doing soft-reconfig
> > inbound always everywhere. This also helps with troubleshooting.
>
> It is also DRAM exhaustion attack vector. But of course routers are
extremely
> fragile and anyone motivated can easily bring them down by plethora of
> methods. Even with max-prefix it may be, as max-prefix may mean before or
> after policy count, depending on platform and configuration toggle.
>
Good point, also all the potential attribute filtering (in XR) would it be
applied prior to accepting the route into soft-reconfig version of the
table?
I guess the enhance bgp error correction would kick in prior to letting the
malformed update (i.e. at the update process time).
adam
More information about the cisco-nsp
mailing list