RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

["Jakob Heitz \(jheitz\) via NANOG" <nanog () nanog org>]

'RPKI-tested-only' will store all routes that encounter a 'validation-state' test
in the inbound route policy. In that case, when an RPKI server updates a VRP to the
router, it can re-run the inbound policy from the stored route and not require a
refresh request to be sent.

This option saves memory if you use a coarse filter in the route-policy before
the validation test. For example, you use a peer-locking filter to drop peer
routes from your customers before they hit the validation-state test. Then
a massive route leak won't chew up soft-reconfiguration memory.

If a validation-state test drops a route and that route is not stored by
soft-reconfiguration, then when the RPKI server updates any VRP, the router
needs to send a route-refresh request.

'RPKI-dropped-only' causes the dropped routes to be stored. This will prevent
the unnecessary route-refreshes described above. It does not prevent all
route-refreshes, but uses significantly less memory than 'RPKI-tested-only'

Regards,
Jakob.

-----Original Message-----
From: Saku Ytti <saku () ytti fi> 
Sent: Friday, May 13, 2022 12:36 AM
To: Jakob Heitz (jheitz) <jheitz () cisco com>
Cc: nanog () nanog org
Subject: Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

On Fri, 13 May 2022 at 00:44, Jakob Heitz (jheitz) via NANOG
<nanog () nanog org> wrote:

> RPKI-dropped-only
> Saves a copy of only the routes dropped by an RPKI validation-state test in neighbor-in route-policy.
>
> RPKI-tested-only
> Saves a copy of only the routes tested in an RPKI validation-state test in neighbor-in route-policy.

What does this mean? If any term refers to validation-state, the route
gets stored?

Eg.

if validation-state is valid then
  pass
else
  drop


a) Would 'RPKI-dropped-only' store everything or nothing?
b) Would 'RPKI-tested-only' store everything?

-- 
  ++ytti