Re: SOVC - BGp RPKI

[Mohammad Khalil <eng.mssk () gmail com>]

Thanks all for the kind reply and feedback. I guess Sofia listed the needed
: )

On Thu, 1 Feb 2024 at 13:25, Sofia Silva Berenguer <sofia () apnic net> wrote:

> How polite of it to apologize!!
>
>
>
> I asked Bing’s Copilot and it says SOVC stands for “Signed Object
> Validation Cache” but I wasn’t able to get a source for that either ☹
>
>
>
> Oh these AI times…
>
>
>
> Warm regards,
>
> Sofía
>
> --
>
> *I am sending this email at a time that suits me and the time zone I work
> in. Please feel free to read, and act on or respond, at a time that suits
> you.*
>
>
>
> ____________________________________________________________________
>
> Sofía Silva Berenguer
>
> RPKI Program Manager, NRO / Process and Productivity Engineer, APNIC
>
> e: sofia () apnic net
>
> ____________________________________________________________________
>
>
>
>
>
> *From: *NANOG <nanog-bounces+sofia=apnic.net () nanog org> on behalf of
> Compton, Rich via NANOG <nanog () nanog org>
> *Date: *Thursday, 1 February 2024 at 9:10 am
> *To: *Justin H. <justindh.ml () gmail com>, NANOG list <nanog () nanog org>
> *Subject: *Re: SOVC - BGp RPKI
>
> I think it hallucinated.
>
> When asked to site its sources:
>
>
>
> “I apologize for the confusion, but my response about "SOVC" in the
> context of RPKI on Cisco routers was based on general knowledge of RPKI and
> networking principles, not from a specific source. The explanation combined
> standard practices and concepts in network security and routing, especially
> as they relate to RPKI and BGP.
>
> Since the acronym "SOVC" is not a standard or widely recognized term in
> the context of RPKI, it's possible that it might be specific to certain
> environments or proprietary to certain Cisco router models or software
> versions. For the most accurate and detailed information, it's always best
> to consult the official Cisco documentation or support resources,
> especially for terms that might be specific to their products.”
>
>
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com () nanog org> on
> behalf of Justin H. <justindh.ml () gmail com>
> *Date: *Wednesday, January 31, 2024 at 3:06 PM
> *To: *NANOG list <nanog () nanog org>
> *Subject: *Re: SOVC - BGp RPKI
>
> I'd be curious to know why it thinks that the S is "Stale".  I don't
> suppose it cites its sources?
>
> Compton, Rich via NANOG wrote:
> > ChatGPT says:
> >
> > SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> > Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> > security framework designed to secure the Internet's routing
> > infrastructure, primarily through route origin validation. It ensures
> > that the Internet number resources (like IP addresses and AS numbers)
> > are used by the legitimate owners or authorized AS (Autonomous System).
> >
> > In RPKI, Route Origin Authorizations (ROAs) are used to define which
> > AS is authorized to announce a specific IP address block. Network
> > devices, like Cisco routers, use these ROAs to validate the
> > authenticity of BGP (Border Gateway Protocol) route announcements.
> >
> > The term "stale" in SOVC refers to a situation where the router's
> > RPKI-to-Router protocol client has lost its connection to the RPKI
> > server, or when the RPKI cache data is outdated and not refreshed for
> > some reason. This can happen due to network issues, configuration
> > errors, or problems with the RPKI server itself. When the RPKI cache
> > is stale, the router cannot reliably validate BGP route announcements
> > against the latest ROA data, potentially affecting routing decisions.
> >
> > In a network security context, maintaining an up-to-date RPKI cache is
> > crucial for ensuring that the network only accepts legitimate routing
> > announcements, thereby reducing the risk of routing hijacks or
> > misconfigurations. As a network security engineer, managing and
> > monitoring the RPKI status on routers is an important aspect of
> > ensuring network security and integrity.
> >
> > I see it mentioned in this doc:
> https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fios-xml%2Fios%2Fiproute_bgp%2Fconfiguration%2F15-s%2Firg-15-s-book%2Firg-origin-as.pdf__%3B!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j%24&data=05%7C02%7C%7C3d796a2b66524de1535108dc22b1d251%7C127d8d0d7ccf473dab096e44ad752ded%7C0%7C0%7C638423394350601380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ahfazRG906rDju2Rd9Rbnt1rUkPQ0SA9FrGCIujzJGA%3D&reserved=0>
> > *From: *NANOG <nanog-bounces+rich_compton=comcast.com () nanog org> on
> > behalf of Mohammad Khalil <eng.mssk () gmail com>
> > *Date: *Wednesday, January 31, 2024 at 10:35 AM
> > *To: *NANOG list <nanog () nanog org>
> > *Subject: *SOVC - BGp RPKI
> >
> > Greetings Am have tried to find out what is the abbreviation for SOVC
> > with no luck. #sh bgp ipv4 unicast rpki servers  BGP SOVC neighbor is
> > X. X. X. 47/323 connected to port 323 Anyone have encountered this?
> > Thanks! ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍
> >
> > Greetings
> >
> > Am have tried to find out what is the abbreviation for SOVC with no luck.
> >
> > #sh bgp ipv4 unicast rpki servers
> >
> > BGP SOVC neighbor is X.X.X.47/323 connected to port 323
> >
> > Anyone have encountered this?
> >
> > Thanks!