> So I suspect one could make the router-generated model work well. One > just has to plan for it (certify router keys from both the live and > hot spare routers) or accept that there will be some cut-over time if > one fails to plan (or if one's plans fail...).
at 2am, they always fail. heck, they fail at 2pm. and one often has to fly one in from depot or vendor. at up to $200k each, it's not like a spare re is sitting next to each chassis. and what spare stash facility would have an on-net chassis to plug in send up a genned key? and for which AS-router-id? would be interestd to hear from other ops if they believe they could get the folk managing spares to pre-key in a useful way. i was not comfortable, so we wrote up both. glad to be wrong. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
