[c-nsp] FIB scale on ASR9001
Saku Ytti
saku at ytti.fi
Thu Nov 11 04:22:36 EST 2021
On Thu, 11 Nov 2021 at 10:19, Mark Tinka <mark at tinka.africa> wrote:
> Thanks for the clue, Saku. Hopefully someone here has the energy to ask
> Cisco to update their documentation, to make this a recommendation. I
> can't be asked :-).
I think it should just be a config error. You're not just cucking
yourself, but your peers and customers. So it shouldn't be a choice
you can make.
We can also imagine improvements
1) by default keep all RPKI rejects, and have 'soft-inbound never'
optionally to turn that off
2) have 1 bit per neighbor indicating policy had rpki rejects and 2
bits for validation database update iindicating database become
less/more permissive
IFF database became more permissive and neighbor has rpki
rejects and we have soft-inbound never, then refresh
--
++ytti
More information about the cisco-nsp
mailing list