Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

[Saku Ytti <saku () ytti fi>]

On Tue, 16 Jun 2020 at 07:51, Mike Leber via NANOG <nanog () nanog org> wrote:

Hey,

> These prefix filters are updated automatically both through a system of
> daily updates and real time updates to prevent RPKI INVALID routes from
> being carried in our routing table.

What does real time mean in this context? Does it mean exactly 0s leak
of INVALID, or 99% less than 30s? Or how do you define it?

I'm trying to think of an ideal way to do this in Junos which does a
few second ephemeral config commits. I could have an always-on SSH
session to each device to amortise login time, but even then if I can
do this cycle in 5s, I'd have to wait for BGP propagation delay in
DFZ, which is measured in minutes not seconds. So my definition of
real time here would be 99% <5min.

-- 
  ++ytti