Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Post Reply
 
alex_rhys-hurn
Member
Member
Topic Author
Posts: 352
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:
Contact alex_rhys-hurn

RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Sat Nov 04, 2023 10:14 pm

Hi all,
I have two full bgp feeds and have been deploying rpki. I have things working. In an attempt to really see the effects of my RPKI work in the routing table I have set comments on the routes received in the filters as below:
Code: Select all
 
16   chain=RPKI rule="rpki-verify RPKI" 
17   chain=RPKI rule="if (rpki invalid) {set comment  RPKI_Invalid; reject}" 
18   chain=RPKI rule="if (rpki unknown) {set comment  RPKI_Unknown; accept}" 
19   chain=RPKI rule="if (rpki valid) {set comment  RPKI_Valid; accept}" 
20   chain=RPKI rule="if (rpki unverified) {set comment RPKI_Unverified; accept}"
21   chain=RPKI rule="return"
This gives output like this (PS those routes without a comment I have not enabled it on for testing):
Code: Select all
Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; 
H - hw-offloaded; + - ecmp 
 #       DST-ADDRESS        GATEWAY            DISTANCE
   D b   ;;; RPKI_Valid
         1.0.0.0/24         41.79.9.121              20
   DAb   1.0.0.0/24         41.209.9.17              20
   D b   ;;; RPKI_Valid
         1.0.4.0/22         41.79.9.121              20
   DAb   1.0.4.0/22         41.209.9.17              20
   D b   ;;; RPKI_Valid
         1.0.5.0/24         41.79.9.121              20
   DAb   1.0.5.0/24         41.209.9.17              20
   D b   ;;; RPKI_Unknown
         1.0.16.0/24        41.79.9.121              20
   DAb   1.0.16.0/24        41.209.9.17              20
   D b   ;;; RPKI_Unknown
         1.0.32.0/24        41.79.9.121              20
   DAb   1.0.32.0/24        41.209.9.17              20
   D b   ;;; RPKI_Valid
         1.0.64.0/18        41.79.9.121              20
   DAb   1.0.64.0/18        41.209.9.17              20

Hunting for invalids I can then do this:
Code: Select all
ip route print detail where comment=RPKI_Invalid

   DIb   ;;; RPKI_Invalid
         dst-address=5.105.108.0/24 routing-table=main gateway=41.79.9.121 immediate-gw=41.79.9.121%ether3 
         distance=20 scope=40 target-scope=10 suppress-hw-offload=no 

   DIb   ;;; RPKI_Invalid
         dst-address=5.105.130.0/24 routing-table=main gateway=41.79.9.121 immediate-gw=41.79.9.121%ether3 
         distance=20 scope=40 target-scope=10 suppress-hw-offload=no 

   DIb   ;;; RPKI_Invalid
         dst-address=5.105.153.0/24 routing-table=main gateway=41.79.9.121 immediate-gw=41.79.9.121%ether3 
         distance=20 scope=40 target-scope=10 suppress-hw-offload=no

I have found this handy / intriguing but is it a good idea? Can I leave these comments there or is it computationally expensive to the router and or bgp process?

Many thanks,

Alex
Top
 
DarkNate
Forum Guru
Forum Guru
Posts: 1017
Joined: Fri Jun 26, 2020 4:37 pm

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Sun Nov 05, 2023 10:10 am

Yes, it's obviously computationally expensive. Who the hell else even does this?
Top
 
User avatar
irrwitzer
just joined
Posts: 23
Joined: Mon Apr 11, 2022 11:54 pm

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Sun Nov 05, 2023 12:55 pm

Hi,

why don't you just use the existing flags in Router OS to filter those prefixes?
Code: Select all
/routing/route/print where rpki=valid
/routing/route/print where rpki=invalid
/routing/route/print where rpki=unknown
That does it for me to check, whether RPKI is working as expected, or not.

BR,
Irrwitzer
Top
 
alex_rhys-hurn
Member
Member
Topic Author
Posts: 352
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:
Contact alex_rhys-hurn

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Sun Nov 05, 2023 6:13 pm

Hi Irrwitzer,

I didn't know that was possible, is why I wasn't doing that. Thank you so much for pointing me in the right direction.

All the best,

Alex
Hi,

why don't you just use the existing flags in Router OS to filter those prefixes?
Code: Select all
/routing/route/print where rpki=valid
/routing/route/print where rpki=invalid
/routing/route/print where rpki=unknown
That does it for me to check, whether RPKI is working as expected, or not.

BR,
Irrwitzer
Top
 
alex_rhys-hurn
Member
Member
Topic Author
Posts: 352
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:
Contact alex_rhys-hurn

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Sun Nov 05, 2023 6:18 pm

Yes, it's obviously computationally expensive. Who the hell else even does this?
Abrasive much?

Not everybody has the complete and advanced knowledge and skills that you so obviously have.

I was taught that the only stupid question was the one I didn't ask, but I am obviously wrong there.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests
  4. RouterOS
  5. Forwarding Protocols