Dear Guru(s),
We used to run our ‘Gateway Router’ with ROV turned on.
Then, we “upgraded” it to a Cisco NCS-55A1 (5500 Series) running IOS-XR just a few weeks ago.
Consequently, during my rummage through Google for a (the?) best (ROV) configuration template for the new router,
I found a tutorial by Philip Smith
[Reference: https://www.bgp4all.com/pfs/_media/workshops/02-rpki.pdf, Slide #55]
which cautioned me of Cisco IOS-XR essentially “harassing” all peers and upstreams with ‘Route Refresh’ whenever there is a VRP change.
The tutorial advised turning on ‘Soft Reconfiguration’ to help with the problem.
On the one hand, we have a very special relationship with our upstream [they’re kind of community transit provider; we have an in-kind stake in them as well], so we obviously don’t want to cause them grievances [their grievance is our grievance].
On the other hand, we can’t afford to just throw away a newly bought gateway and buy a new one.
So, here goes the question:
Is setting ‘Soft Reconfiguration’ enough for me to keep ROV running?
If not, is there any other solution?
Or am I screwed anyway?
I would very much appreciate clarification and pointer(s) to the solution(s).
Thank you in advance for the help,
Pirawat.
Hi!
In current versions I think enabling “soft-reconfiguration-inbound always” (also described at
https://bgpfilterguide.nlnog.net/guides/reject_invalids/#cisco-ios-xr ) should be enough.
Make sure to enable it on every EBGP peer you apply ROV to, or just all EBGP peers.
This knob slightly increase your own memory consumption, but makes your router more “neighbourly”! 
Kind regards,
Job
Just to add that this is useful on all eBGP speakers based on IOS XR.
It's not required in Junos, because Junos does this implicitly.
A draft RFC we co-authored attempts to offer a solution:
https://www.ietf.org/archive/id/draft-ietf-sidrops-rov-no-rr-01.txt
Mark.
Hi,
If you are running "soft-reconfiguration inbound rpki-droppped-only" on IOS-XR7, please note CSCwb17937. We had a terrible time with this.
Best regards,
takez
Wed, May 11, 2022 at 07:29:04PM +0200, Mark Tinka:
I question how accurate "slightly" is.
My understanding is that soft reconfiguration inbound (whatever the syntax for a given IOS is) causes a full copy of the received prefix list to be retained in memory for each of the peers with soft reconfiguration enabled.
So, to me, the amount of impact to memory will be based on both the number of prefixes advertised and the number of peers that soft reconfiguration is enabled on.
Please enlighten me if I'm wrong / misunderstanding something.
How much memory exactly is consumed, will depend on the architecture of
the application (whether duplicity of information such as path
attributes is avoided as much as possible). Indeed, YMMV.
From experience at a previous employer I recall that
'soft-reconfiguration inbound' on routers (with multiple full routing
tables) was problematic on 32-bit versions of the operating system; but
not an issue on 64-bit.
If unsure, test on a few peers and monitor memory usage! Its also a
valid question to the Technical Assistance Center "hey, will enabling
this soft-reconfiguration feature land me in hot water?"
Kind regards,
Job
True and the amount of memory used per prefix also depends on things
like BGP communities.
When I tested this, on 32 bit XR I had a memory increase of about 400
MB for a full feed 2 years ago.
But with or without soft-reconfig inbound always, your memory usage
increases with more prefixes. I don't see any drastic change in
scaling numbers because of this on today's HW.
Lukas
Wed, May 11, 2022 at 09:36:36PM +0200, Lukas Tribus:
True and the amount of memory used per prefix also depends on things
like BGP communities.
When I tested this, on 32 bit XR I had a memory increase of about 400
MB for a full feed 2 years ago.
it depends on the architechture, the variance in paths and attributes,
and how much your policy alters those, what is being sent vs filtered,
AND the number of peers and add-path, etc etc. eg: if your policy
alters attributes, space for both the old and new attributes is needed.
Whether you need 64bit depends on the total memory usage exceeding,
iirc, 3.2GB.
Is setting 'Soft Reconfiguration' enough for me to keep ROV running?
yes, should be.
If not, is there any other solution?
yes. jakob says he has implemented
draft-ietf-sidrops-rov-no-rr-01 - RPKI-Based Policy Without Route Refresh, though i
do not known in what xr image(s)
randy