On Sat, 13 Nov 2021 at 13:48, Mark Tinka <[email protected]> wrote: >
> So some friends and I are working on an RFC draft to fix this: > > https://datatracker.ietf.org/doc/html/draft-ymbk-sidrops-rov-no-rr > > Comments and contributions are most welcome. I chose my words carefully when I said 'RPKI rejects', instead of 'invalid'. The problem only cursorily relates to a specific RPKI validation state. We may reject RPKI 'unknown', we may even imagine policies which reject based on some criteria AND RPKI 'valid' (maybe I have my own motivations for how I use VRP and want to capitalise on all three states arbitrarily, maybe I'm rejecting valids, because I'm collecting invalids to some separate RIB for research purposes). That is: soft-reconfiguration inbound never # don't keep anything soft-reconfiguration inbound rpki ## default, keep if policy rejected route while using validation database state (may have used something else, but as long as reject policy used validation state, regardless of state, we need to keep it). -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
