RPKI Route Origin Validation Without Route Refresh
Internet Initiative Japan & Arrcus, Inc.
1856 SW Edgewood Dr
Portland
Oregon
97210
United States of America
randy@psg.com
Arrcus
2077 Gateway Place, Suite #400
San Jose
CA
95119
United States of America
keyur@arrcus.com
A BGP Speaker performing RPKI-based Route Origin Validation should
not issue Route Refresh to its neighbors when receiving new VRPs.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 when, and only when, they appear in all
capitals, as shown here.
Memory constraints in early routers caused classic BGP implementations to not keep a full
Adj-RIB-In (Sec. 1.1). When doing RPKI-based Route Origin
Validation ( and ), if such a BGP speaker receives new ROAs/VRPs,
it might not have kept paths previously marked as Invalid. Such
an implementation must then request a Route Refresh from its neighbors to recover the paths which
might be covered by these new VRPs. This will be perceived as
rude by those neighbors as it passes a serious resource burden on
to them. This document suggests marking but keeping Invalidated
paths so the Route Refresh is no longer needed.
It is assumed that the reader understands BGP, and Route Refresh , the
RPKI , Route Origin Authorizations (ROAs),
, The Resource Public Key Infrastructure
(RPKI) to Router Protocol ,
RPKI-based Prefix Validation, , and Origin
Validation Clarifications, .
Operators deploying ROV SHOULD ensure that the router implemention
is not causing unnecessary Route Refresh requests to neighbors.
If the router does not implement the recommendations here, the
operator SHOULD enable "soft reconfiguration inbound," and check
that this stops unnecessary Route Refresh requests to neighbors.
If the router has insufficient resources to support this, it
SHOULD not be used for Route Origin Validation.
This document adds no additional security considerations to those
already described by the referenced documents.
The authors wish to thank Philip Smith and Mark Tinka.