-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bgpd: Revalidate locally originated routes also when RPKI state changes #16483
base: master
Are you sure you want to change the base?
bgpd: Revalidate locally originated routes also when RPKI state changes #16483
Conversation
d11efc5
to
d1c7c65
Compare
I know we have other places in the code where we have timers to regenerate data in BGP but I am personally not happy about that approach as that it adds unnecessary load to already loaded systems when there are a bunch of prefixes in the system. Is there a way we can have routes revalidated automatically? what is going on that we have to set a timer? |
Routes are never revalidated actually (including static routes ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this might need to be redesigned so it's not timer based ...
waiting on #16474 to be tested to make certain it resolves this issue |
#16474 is fixed using this approach. @donaldsharp do you have any other solution or we can go with this? |
It's not really possible easily. RPKI cache server sends only changed prefixes. E.g. using StayRTR:
If I change to:
Then With the timer, it's deterministic, we always know we have the right state eventually. It can be controlled with high timer values and does not need to be every 30 seconds. UPDATE: Opened an issue, but I doubt it's even possible because it's more like up to the RPKI cache server to send those removed prefixes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
@donaldsharp are we still looking into another way to do this, or should we go with this commit for the moment? |
I would really really prefer that we fix this problem the correct way the first time. I don't think we are in too much of a hurry since this is a day one problem with the rpki code. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
If we have something like: ``` router bgp 65001 network 10.10.10.0/24 route-map rpki ! route-map rpki permit 10 match rpki valid set local-preference 150 route-map rpki permit 20 match rpki notfound set local-preference 50 ! ``` Then 10.10.10.0/24 is never revalidated when RPKI state changes. E.g. if it was valid, and moves to notfound => local-preference remains 150, but should be 50. With this patch we force BGP network (static) routes to be revalidated when revalidation event is triggered from RPKI module. Signed-off-by: Donatas Abraitis <[email protected]>
If we have something like: ``` router bgp 65001 redistribute connected route-map rpki ! route-map rpki permit 10 match rpki valid set local-preference 150 route-map rpki permit 20 match rpki notfound set local-preference 50 ! ``` Then connected routes are never revalidated when RPKI state changes. E.g. if it was valid, and moves to notfound => local-preference remains 150, but should be 50. With this patch we force redistributed routes to be revalidated when revalidation event is triggered from RPKI module. Signed-off-by: Donatas Abraitis <[email protected]>
Signed-off-by: Donatas Abraitis <[email protected]>
d1c7c65
to
77476b6
Compare
Where are we on this? Still waiting on a better way to resolve it? |
TBH, there is no other proper way of handling this other than scanning and revalidating. For the same reason, RPKI cache server daemons just do not send "removed" prefixes, and rtrlib is just a middleware here. |
If we have something like:
Then 10.10.10.0/24 is never revalidated when RPKI state changes. E.g. if it was valid, and moves to notfound => local-preference remains 150, but should be 50.
With this patch we force BGP network (static) routes to be revalidated when revalidation event is triggered from RPKI module.
Fixes #16474