On Sat, Apr 27, 2024 at 08:18:18AM +0200, Daniel Suchy via Bird-users wrote: > There's internet draft describing in detail, why it's not a good idea to > store RPKI validation state inside community variables at all.. > > https://www.ietf.org/archive/id/draft-ietf-sidrops-avoid-rpki-state-in-bgp-00.html
Well, note that this draft is primarily about not announcing validation state in transitive attributes to the whole internet. But there are good reasons for having validation state in non-transitive BGP attributes (or communities properly filtered out on AS egress). Validating RPKI and marking routes at AS ingress ensures that all routers within AS have consistent routing state and thus avoiding routing loops. Unfortunately large communities do not have transitive flag like extended ones, so perhaps it would make sense to use extended community for this purpose. Or perhaps there should be well-known extended community for that ... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) "To err is human -- to blame it on a computer is even more so."
