[c-nsp] FIB scale on ASR9001
Mark Tinka
mark at tinka.africa
Thu Nov 11 07:28:31 EST 2021
On 11/11/21 11:22, Saku Ytti wrote:
> I think it should just be a config error. You're not just cucking
> yourself, but your peers and customers. So it shouldn't be a choice
> you can make.
I don't disagree, especially as there are likely several other operators
working this way, and not knowing it because the neighbor either hasn't
complained, or isn't detecting for Route Refresh noise.
However, the documentation should still be updated for folk running old
code earlier than the new code which would have this improvement.
>
> We can also imagine improvements
> 1) by default keep all RPKI rejects, and have 'soft-inbound never'
> optionally to turn that off
Similar to how Junos does it, but specifically for RPKI. That would make
sense.
Of course, if someone already uses 'soft-reconfiguration inbound' for
historical reasons, then keeping it as they enable ROV works out for
them anyway.
> 2) have 1 bit per neighbor indicating policy had rpki rejects and 2
> bits for validation database update iindicating database become
> less/more permissive
> IFF database became more permissive and neighbor has rpki
> rejects and we have soft-inbound never, then refresh
Reasonable.
Mark.
More information about the cisco-nsp
mailing list