Hello! On 6/21/19 9:09 AM, Tim Bruijnzeels wrote: > I am not sure if this is an artefact of my set-up, or a missing feature / bug > in Bird.
Yes, it is a documented missing feature in Bird, see the RPKI chapter in
documentation:
You can validate routes (RFC 6483) using
function <cf/roa_check()/ in filter and set it as import filter at the
BGP
protocol. BIRD should re-validate all of affected routes after RPKI
update by
RFC 6811, but we don't support it yet! You can use a BIRD's client
command
<cf>reload in <m/bgp_protocol_name/</cf> for manual call of
revalidation of all
routes.
> [...]
>
> According to RFC6811 affected prefixes MUST be re-validated when the cache
> has changes:
> https://tools.ietf.org/html/rfc6811#section-4
>
> My work-around was to restart the sessions with peers and this forced
> re-validation. But it is not the best solution. I also loose all the routes
> temporarily.
Use
reload in <protocolname>
after ROA is changed.
> Is this a local issue? Did I miss something in my set-up? Or is this expected
> behaviour in Bird? If so, is supporting re-validation on the roadmap?
Yes, it is even partially done, anyway it needed some internal structural
changes
inside BIRD. We know about it and we consider it better to have limited ROA
support
instead of having nothing.
This is one of the hottest features to be done ASAP.
Maria
developer of BIRD
smime.p7s
Description: S/MIME Cryptographic Signature
