nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NANOG Digest, Vol 193, Issue 1

From: "Jakob Heitz \(jheitz\) via NANOG" <nanog () nanog org>
Date: Thu, 1 Feb 2024 21:17:13 +0000
Wow!
The reason it’s called generative AI is because it totally made that up.

Kind Regards,
Jakob


Date: Wed, 31 Jan 2024 18:27:24 +0000
From: "Compton, Rich" <RICH_COMPTON () comcast com>
To: Mohammad Khalil <eng.mssk () gmail com>, NANOG list <nanog () nanog org>
Subject: Re: SOVC - BGp RPKI
Message-ID:
        <SN7PR11MB6900EC6CF08C1CA9D8D4ABA8FA7C2 () SN7PR11MB6900 namprd11 prod outlook com>

Content-Type: text/plain; charset="utf-8"

ChatGPT says:
SOVC in the context of RPKI (Resource Public Key Infrastructure) on a Cisco router stands for "Stale Origin Validation 
Cache". RPKI is a security framework designed to secure the Internet's routing infrastructure, primarily through route 
origin validation. It ensures that the Internet number resources (like IP addresses and AS numbers) are used by the 
legitimate owners or authorized AS (Autonomous System).
In RPKI, Route Origin Authorizations (ROAs) are used to define which AS is authorized to announce a specific IP address 
block. Network devices, like Cisco routers, use these ROAs to validate the authenticity of BGP (Border Gateway 
Protocol) route announcements.
The term "stale" in SOVC refers to a situation where the router's RPKI-to-Router protocol client has lost its 
connection to the RPKI server, or when the RPKI cache data is outdated and not refreshed for some reason. This can 
happen due to network issues, configuration errors, or problems with the RPKI server itself. When the RPKI cache is 
stale, the router cannot reliably validate BGP route announcements against the latest ROA data, potentially affecting 
routing decisions.
In a network security context, maintaining an up-to-date RPKI cache is crucial for ensuring that the network only 
accepts legitimate routing announcements, thereby reducing the risk of routing hijacks or misconfigurations. As a 
network security engineer, managing and monitoring the RPKI status on routers is an important aspect of ensuring 
network security and integrity.
Previous By Date Next
Previous By Thread Next

Current thread: