Skip to content

Escondidinho de Lagosta

Compare
Choose a tag to compare
@timbru timbru released this 24 Jun 15:30

This release brings significant improvements aimed at maintaining your ROAs. For now, Krill will download aggregated BGP dumps from the RIPE NCC Routing Information Service and analyse how your ROAs affect announcements seen for your resources. In future we will extend this system, so that it can use near-real-time data, or even a local feed with your own BGP information instead.

For these changes to work well we needed to do some work on cleaning up existing ROAs. Until now Krill has allowed the creation of essentially duplicate, or nonsensical ROAs, such as:

  • ROAs for an ASN and prefix with and without an explicit max length matching the prefix
  • ROAs for a prefix and ASN which were already permitted by another ROA.

On upgrade Krill will clean up such redundant authorizations for ROAs. For example if the following authorizations would exist:

 192.168.0.0/16      => 64496
 192.168.0.0/24      => 64496
 192.168.0.0/16-24   => 64496

Then only this last authorization needs to be kept, the first two are also covered by it.

Before this release it was also possible to have the same authorization with, and without, using an explicit max length. For example:

 192.168.0.0/16      => 64496
 192.168.0.0/16-16   => 64496

Now Krill will always use an explicit max length in the definitions. Note however, that it is still best practice to use the same max length as the announced prefix length, so Krill will just set this by default if it is not specified.