Re: where was my white knight....

[Nick Hilliard <nick () foobar org>]

On 08/11/2011 21:32, Valdis.Kletnieks () vt edu wrote:
> Anybody who puts their rpki cache someplace that isn't accessible until they
> get the rpki initialized gets what they deserve.

One solution is to have directly-connected rpki caches available to all 
your bgp edge routers throughout your entire network.  This may turn out to 
be expensive capex-wise, and will turn out to be yet another critical 
infrastructure item to maintain, increasing opex.

Alternatively, you host rpki caches on all your AS-edge routers => upgrades 
- and lots of currently-sold kit will simply not handle this sort of thing 
properly.

> Once you realize this, the rest of the "what do we do for routing until
> it comes up" concern trolling in the rest of that paragraph becomes
> pretty easy to sort out...

I humbly apologise for expressing concern about the wisdom of imposing a 
hierarchical, higher-layer validation structure for forwarding-info 
management on a pre-existing lower layer fully distributed system which is 
already pretty damned complex...

What's that principle called again?  Was it "Keep It Complex, Stupid"?  I 
can't seem to remember :-)

> Caching just enough to validate the routes you need to get to a more capable
> rpki server shouldn't have a high write life-cycle.

Lots of older flash isn't going to like this => higher implementation cost 
due to upgrades.

> Heck, you could just manually
> configure a host route pointing to the rpki server...

Yep, hard coding things - good idea, that.

> And it would hardly be the first time that people have been unable to deploy
> feature XYZ because it wouldn't fit in the flash on older boxes still in
> production.

This is one of several points I'm making: there is a cost factor here, and 
it's not clear how large it is.

Nick