On Mon, Nov 29, 2021 at 8:14 AM Job Snijders via NANOG <nanog@nanog.org> wrote:
> Hi Anurag, > > Circular dependencies definitely are a thing to keep in mind when > designing IRR and RPKI pipelines! > > In the case of IRR: It is quite rare to query the RIR IRR services > directly. Instead, the common practise is that utilities such as bgpq3, > peval, and bgpq4 query “IRRd” (https://IRRd.net) instances at for example > whois.radb.net and rr.ntt.net. You can verify this with tcpdump. These > IRRd instances serve as intermediate caches, and will continue to serve old > cached data in case the origin is down. This phenomenon in the global IRR > deployment avoids a lot of potential for circular dependencies. > > Also, some organisations use threshold checks before deploying new > IRR-based filters to reduce risk of “misfiring”. > > beyond just 'did the filter deployed change by +/- X%' you probably don't want to deploy content if you can't actually talk to the source... which was anurag's proposed problem. I suppose there are a myriad of actual failure modes though ;) and we'll always find more as deployments progress... hurray?