[c-nsp] FIB scale on ASR9001

[Mark Tinka]

On 11/13/21 17:20, Saku Ytti wrote:

> I chose my words carefully when I said 'RPKI rejects', instead of 'invalid'.

Well, this only really happens on IOS XE since Cisco apply policy by 
default.

On IOS XR, you'll need 'bgp bestpath origin-as allow invalid' for 
Invalids not to be automatically dropped.


> The problem only cursorily relates to a specific RPKI validation
> state. We may reject RPKI 'unknown', we may even imagine policies
> which reject based on some criteria AND RPKI 'valid' (maybe I have my
> own motivations for how I use VRP and want to capitalise on all three
> states arbitrarily, maybe I'm rejecting valids, because I'm collecting
> invalids to some separate RIB for research purposes).

And that is all fine, provided YOU, as the operator, are deciding policy.

The problem is that Cisco seem to want to automatically apply policy, 
particularly on IOS XE. We've hounded them about this since 2015, and 
nothing has changed.

IOS XR is a little better in this specific regard, but not by much when 
compared against Junos.


>    soft-reconfiguration inbound rpki ## default, keep if policy
> rejected route while using validation database state (may have used
> something else, but as long as reject policy used validation state,
> regardless of state, we need to keep it).

This is what we are trying to write the RFC for - to decouple the 
historical need to keep or drop Adj-RIB-In from the operational 
requirements of RTR dynamics, i.e., leverage the value of Route Refresh 
to its fullest extent.

Mark.