Hello!

this is going to be fixed by going multithreaded, then the BGP sessions will be 
independent on DNS resolution in RPKI.

Basically, BIRD 3 is the solution and there is not much of a hurry to fix this 
in BIRD 2. Also, you can just add the record to /etc/hosts, as you may want the 
RPKI to load before DNS is reachable.

Maria

On 21 October 2024 10:17:50 GMT-04:00, "Ondřej Caletka" <ond...@caletka.cz> 
wrote:
>Dear BIRD users,
>
>I have recently noticed an interesting issue. A newly set up BGP session 
>between BIRD on our side and a remote party running whatever was taken down 
>every hour or so. The reason for the session being terminated was Received: 
>Hold timer expired.
>
>Looking at the logs, it turned out that this was caused by broken DNS resolver 
>on the machine where BIRD is running. Whenever BIRD was trying to resolve the 
>host name of the RPKI Validator cache, it got stuck for 24 seconds. This was 
>apparently enough for the other BGP speaker to consider it dead and take the 
>session down (the hold timers were shortened from the standard values there).
>
>Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: rpki_validator: Cannot resolve 
>hostname 'rpki-validator.mtg.ripe.net': >
>Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: I/O loop cycle took 24009.001 
>ms for 1 events
>Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: Kernel dropped some netlink 
>messages, will resync on next scan.
>Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: peer_as2852_v4: Received: Hold 
>timer expired
>Oct 15 13:46:55 vrtr-4.mtg.ripe.net bird[907]: peer_as2852_v4.ipv4: Automatic 
>RPKI reload not active for import
>
>This case was fixed by making sure DNS resolver works, but I still wonder 
>whether this is a known limitation or whether this is something that can 
>possibly be improved.
>
>--
>Best regards,
>
>Ondřej Caletka

-- 
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.

Reply via email to