[c-nsp] FIB scale on ASR9001
Mark Tinka
mark at tinka.africa
Sat Nov 13 14:23:32 EST 2021
On 11/13/21 17:20, Saku Ytti wrote:
> I chose my words carefully when I said 'RPKI rejects', instead of 'invalid'.
Well, this only really happens on IOS XE since Cisco apply policy by
default.
On IOS XR, you'll need 'bgp bestpath origin-as allow invalid' for
Invalids not to be automatically dropped.
> The problem only cursorily relates to a specific RPKI validation
> state. We may reject RPKI 'unknown', we may even imagine policies
> which reject based on some criteria AND RPKI 'valid' (maybe I have my
> own motivations for how I use VRP and want to capitalise on all three
> states arbitrarily, maybe I'm rejecting valids, because I'm collecting
> invalids to some separate RIB for research purposes).
And that is all fine, provided YOU, as the operator, are deciding policy.
The problem is that Cisco seem to want to automatically apply policy,
particularly on IOS XE. We've hounded them about this since 2015, and
nothing has changed.
IOS XR is a little better in this specific regard, but not by much when
compared against Junos.
> soft-reconfiguration inbound rpki ## default, keep if policy
> rejected route while using validation database state (may have used
> something else, but as long as reject policy used validation state,
> regardless of state, we need to keep it).
This is what we are trying to write the RFC for - to decouple the
historical need to keep or drop Adj-RIB-In from the operational
requirements of RTR dynamics, i.e., leverage the value of Route Refresh
to its fullest extent.
Mark.
More information about the cisco-nsp
mailing list