Re: Reactive RPKI ROV (Was: Hurricane Electric has reached 0 RPKI INVALIDs)

[Job Snijders <job () ntt net>]

Dear Baldur,

On Wed, Jun 17, 2020 at 01:42:36PM +0200, Baldur Norddahl wrote:
> Lets say someone makes an announcement that creates a RPKI invalid and
> it is determined to be a mistake. They then go back and add ROA
> objects to fix the problem. With this reactive RPKI approach then
> continue to block the route because filters where already generated
> and pushed out to routers? Or in other words, if the system can insert
> the filter in less than 60 seconds, how long does it take to get rid
> of the filter again when someone publish valid a ROA ?

What you describe here is what I'd call a "Garbage Collection" process.
Garbage collection has to happen periodically.

Probably not slower than once an hour. See the following link for an
attempt to document that type of aspect of RPKI ROV deployments:
https://tools.ietf.org/html/draft-ietf-sidrops-rpki-rov-timing-00.html

Maybe HE can comment on their current timers?

Kind regards,

Job