[j-nsp] Please push Juniper to implement RFC6907
Job Snijders
job at instituut.net
Thu Oct 10 04:25:21 EDT 2019
On Thu, Oct 10, 2019 at 10:19:42AM +0200, Mark Tinka wrote:
> On 10/Oct/19 09:58, Job Snijders wrote:
> > Can you show a screenshot? Not entirely sure what you are looking at.
>
> The list said my screenshot was too big.
>
> But I'm sure you got it.
Yup, I got it!
It appears there is a bug in the RIPE NCC RPKI Cache Validator, or a
visibility issue in the RIPE RIS collection mechanism. I'd suspect the
former, as RIPE RIS itself receives a fair amount of scrutiny compared
to the "BGP Preview" feature in the validator.
The full story is this:
$ bgpctl show rib 194.45.182.0/23 all
flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
S = Stale, E = Error
origin validation state: N = not-found, V = valid, ! = invalid
origin: i = IGP, e = EGP, ? = Incomplete
flags ovs destination gateway lpref med aspath origin
I*> V 194.45.182.0/23 165.254.255.1 100 1001 2914 286 i
I*> ! 194.45.182.0/24 165.254.255.1 100 1001 2914 286 2858 { 517 } i
I*> ! 194.45.183.0/24 165.254.255.1 100 1001 2914 286 2858 { 517 12469 } i
The "BGP Preview" is only showing the /23, but the issue at hand is
expressed in the two /24s covered by the /23.
Kind regards,
Job
More information about the juniper-nsp
mailing list