Mailing List Archive

ChatGPT says:
SOVC in the context of RPKI (Resource Public Key Infrastructure) on a Cisco router stands for "Stale Origin Validation Cache". RPKI is a security framework designed to secure the Internet's routing infrastructure, primarily through route origin validation. It ensures that the Internet number resources (like IP addresses and AS numbers) are used by the legitimate owners or authorized AS (Autonomous System).
In RPKI, Route Origin Authorizations (ROAs) are used to define which AS is authorized to announce a specific IP address block. Network devices, like Cisco routers, use these ROAs to validate the authenticity of BGP (Border Gateway Protocol) route announcements.
The term "stale" in SOVC refers to a situation where the router's RPKI-to-Router protocol client has lost its connection to the RPKI server, or when the RPKI cache data is outdated and not refreshed for some reason. This can happen due to network issues, configuration errors, or problems with the RPKI server itself. When the RPKI cache is stale, the router cannot reliably validate BGP route announcements against the latest ROA data, potentially affecting routing decisions.
In a network security context, maintaining an up-to-date RPKI cache is crucial for ensuring that the network only accepts legitimate routing announcements, thereby reducing the risk of routing hijacks or misconfigurations. As a network security engineer, managing and monitoring the RPKI status on routers is an important aspect of ensuring network security and integrity.



I see it mentioned in this doc:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf


From: NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on behalf of Mohammad Khalil <eng.mssk@gmail.com>
Date: Wednesday, January 31, 2024 at 10:35 AM
To: NANOG list <nanog@nanog.org>
Subject: SOVC - BGp RPKI
Greetings Am have tried to find out what is the abbreviation for SOVC with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is X.?X.?X.?47/323 connected to port 323 Anyone have encountered this? Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

Greetings
Am have tried to find out what is the abbreviation for SOVC with no luck.

#sh bgp ipv4 unicast rpki servers
BGP SOVC neighbor is X.X.X.47/323 connected to port 323

Anyone have encountered this?

Thanks!

I’m not sure what the acronym is, but I believe it’s an origin validator connection.

(bap rpki server)

Owen


> On Jan 31, 2024, at 05:16, Mohammad Khalil <eng.mssk@gmail.com> wrote:
>
> Greetings
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!

I'd be curious to know why it thinks that the S is "Stale".  I don't
suppose it cites its sources?

Compton, Rich via NANOG wrote:
>
> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> security framework designed to secure the Internet's routing
> infrastructure, primarily through route origin validation. It ensures
> that the Internet number resources (like IP addresses and AS numbers)
> are used by the legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which
> AS is authorized to announce a specific IP address block. Network
> devices, like Cisco routers, use these ROAs to validate the
> authenticity of BGP (Border Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's
> RPKI-to-Router protocol client has lost its connection to the RPKI
> server, or when the RPKI cache data is outdated and not refreshed for
> some reason. This can happen due to network issues, configuration
> errors, or problems with the RPKI server itself. When the RPKI cache
> is stale, the router cannot reliably validate BGP route announcements
> against the latest ROA data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is
> crucial for ensuring that the network only accepts legitimate routing
> announcements, thereby reducing the risk of routing hijacks or
> misconfigurations. As a network security engineer, managing and
> monitoring the RPKI status on routers is an important aspect of
> ensuring network security and integrity.
>
> I see it mentioned in this doc:
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Mohammad Khalil <eng.mssk@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC
> with no luck. #sh bgp ipv4 unicast rpki servers  BGP SOVC neighbor is
> X.?X.?X.?47/323 connected to port 323 Anyone have encountered this?
> Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!
>

I think it hallucinated.
When asked to site its sources:

“I apologize for the confusion, but my response about "SOVC" in the context of RPKI on Cisco routers was based on general knowledge of RPKI and networking principles, not from a specific source. The explanation combined standard practices and concepts in network security and routing, especially as they relate to RPKI and BGP.
Since the acronym "SOVC" is not a standard or widely recognized term in the context of RPKI, it's possible that it might be specific to certain environments or proprietary to certain Cisco router models or software versions. For the most accurate and detailed information, it's always best to consult the official Cisco documentation or support resources, especially for terms that might be specific to their products.”

From: NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on behalf of Justin H. <justindh.ml@gmail.com>
Date: Wednesday, January 31, 2024 at 3:06 PM
To: NANOG list <nanog@nanog.org>
Subject: Re: SOVC - BGp RPKI
I'd be curious to know why it thinks that the S is "Stale". I don't
suppose it cites its sources?

Compton, Rich via NANOG wrote:
>
> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> security framework designed to secure the Internet's routing
> infrastructure, primarily through route origin validation. It ensures
> that the Internet number resources (like IP addresses and AS numbers)
> are used by the legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which
> AS is authorized to announce a specific IP address block. Network
> devices, like Cisco routers, use these ROAs to validate the
> authenticity of BGP (Border Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's
> RPKI-to-Router protocol client has lost its connection to the RPKI
> server, or when the RPKI cache data is outdated and not refreshed for
> some reason. This can happen due to network issues, configuration
> errors, or problems with the RPKI server itself. When the RPKI cache
> is stale, the router cannot reliably validate BGP route announcements
> against the latest ROA data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is
> crucial for ensuring that the network only accepts legitimate routing
> announcements, thereby reducing the risk of routing hijacks or
> misconfigurations. As a network security engineer, managing and
> monitoring the RPKI status on routers is an important aspect of
> ensuring network security and integrity.
>
> I see it mentioned in this doc:
>
> https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$<https://urldefense.com/v3/__https:/www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$>
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Mohammad Khalil <eng.mssk@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC
> with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is
> X.?X.?X.?47/323 connected to port 323 Anyone have encountered this?
> Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!
>

>
> I see it mentioned in this doc:
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf


You see SOVC mentioned, yes. But you don't see the word 'stale'.


Please don't just paste what ChatGPT says. It's not an authoritative
source. I can find no Cisco document stating what the acronym MEANS. But
the context they use it seems to imply the word 'stale' isn't appropriate.


A prefix or prefix range and the origin-AS corresponding to it are
> considered an SOVC record. Overlapping prefix ranges are allowed. An SOVC
> table containing three records might look like this:



> Valid—Indicates the prefix and AS pair are found in the SOVC table.


If more than one RPKI server is configured, the router will connect to all
> configured servers and download prefix information from all of them. The
> SOVC table will be made of the union of all the records received from the
> different servers.




> In the following example, the router is configured to connect to two
> RPKI servers, from which it will receive SOVC records of BGP prefixes and
> AS numbers.


On Wed, Jan 31, 2024 at 3:34?PM Compton, Rich via NANOG <nanog@nanog.org>
wrote:

> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a security
> framework designed to secure the Internet's routing infrastructure,
> primarily through route origin validation. It ensures that the Internet
> number resources (like IP addresses and AS numbers) are used by the
> legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which AS is
> authorized to announce a specific IP address block. Network devices, like
> Cisco routers, use these ROAs to validate the authenticity of BGP (Border
> Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's
> RPKI-to-Router protocol client has lost its connection to the RPKI server,
> or when the RPKI cache data is outdated and not refreshed for some reason.
> This can happen due to network issues, configuration errors, or problems
> with the RPKI server itself. When the RPKI cache is stale, the router
> cannot reliably validate BGP route announcements against the latest ROA
> data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is
> crucial for ensuring that the network only accepts legitimate routing
> announcements, thereby reducing the risk of routing hijacks or
> misconfigurations. As a network security engineer, managing and monitoring
> the RPKI status on routers is an important aspect of ensuring network
> security and integrity.
>
>
>
>
>
>
>
> I see it mentioned in this doc:
>
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf
>
>
>
>
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Mohammad Khalil <eng.mssk@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC with
> no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is X. X. X.
> 47/323 connected to port 323 Anyone have encountered this? Thanks! ? ? ? ?
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
>
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
>
>
> Anyone have encountered this?
>
>
>
> Thanks!
>

SOVC appears to be a Cisco-specific acronym and it’s pretty certain that the OVC stands for Origin Validation Cache. My best intuition based on the research I’ve been able to do is that the S stands for Secure (on the pretense that RPKI and Origin Validation have something to do with security and because X.509 certificate and encryption and marketing buzzwords YAY!)

Juniper refers to their equivalent database simply as “Route Validation (RV) Records in the RV Database.

Hope that helps.

Owen


> On Jan 31, 2024, at 14:32, Tom Beecher <beecher@beecher.cc> wrote:
>
>> I see it mentioned in this doc:
>> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf
>
> You see SOVC mentioned, yes. But you don't see the word 'stale'.
>
>
>
> Please don't just paste what ChatGPT says. It's not an authoritative source. I can find no Cisco document stating what the acronym MEANS. But the context they use it seems to imply the word 'stale' isn't appropriate.
>
>
>
>> A prefix or prefix range and the origin-AS corresponding to it are considered an SOVC record. Overlapping prefix ranges are allowed. An SOVC table containing three records might look like this:
>
>> Valid—Indicates the prefix and AS pair are found in the SOVC table.
>
>> If more than one RPKI server is configured, the router will connect to all configured servers and download prefix information from all of them. The SOVC table will be made of the union of all the records received from the different servers.
>
>
>> In the following example, the router is configured to connect to two RPKI servers, from which it will receive SOVC records of BGP prefixes and AS numbers.
>
> On Wed, Jan 31, 2024 at 3:34?PM Compton, Rich via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
>> ChatGPT says:
>>
>> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a Cisco router stands for "Stale Origin Validation Cache". RPKI is a security framework designed to secure the Internet's routing infrastructure, primarily through route origin validation. It ensures that the Internet number resources (like IP addresses and AS numbers) are used by the legitimate owners or authorized AS (Autonomous System).
>>
>> In RPKI, Route Origin Authorizations (ROAs) are used to define which AS is authorized to announce a specific IP address block. Network devices, like Cisco routers, use these ROAs to validate the authenticity of BGP (Border Gateway Protocol) route announcements.
>>
>> The term "stale" in SOVC refers to a situation where the router's RPKI-to-Router protocol client has lost its connection to the RPKI server, or when the RPKI cache data is outdated and not refreshed for some reason. This can happen due to network issues, configuration errors, or problems with the RPKI server itself. When the RPKI cache is stale, the router cannot reliably validate BGP route announcements against the latest ROA data, potentially affecting routing decisions.
>>
>> In a network security context, maintaining an up-to-date RPKI cache is crucial for ensuring that the network only accepts legitimate routing announcements, thereby reducing the risk of routing hijacks or misconfigurations. As a network security engineer, managing and monitoring the RPKI status on routers is an important aspect of ensuring network security and integrity.
>>
>>
>>
>>
>>
>>
>>
>> I see it mentioned in this doc:
>>
>> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf
>>
>>
>>
>>
>>
>> From: NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org <mailto:comcast.com@nanog.org>> on behalf of Mohammad Khalil <eng.mssk@gmail.com <mailto:eng.mssk@gmail.com>>
>> Date: Wednesday, January 31, 2024 at 10:35 AM
>> To: NANOG list <nanog@nanog.org <mailto:nanog@nanog.org>>
>> Subject: SOVC - BGp RPKI
>>
>> Greetings Am have tried to find out what is the abbreviation for SOVC with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is X.?X.?X.?47/323 connected to port 323 Anyone have encountered this? Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>>
>> Greetings
>>
>> Am have tried to find out what is the abbreviation for SOVC with no luck.
>>
>>
>>
>> #sh bgp ipv4 unicast rpki servers
>>
>> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>>
>>
>>
>> Anyone have encountered this?
>>
>>
>>
>> Thanks!
>>

?How polite of it to apologize!!

I asked Bing’s Copilot and it says SOVC stands for “Signed Object Validation Cache” but I wasn’t able to get a source for that either ?

Oh these AI times…

Warm regards,
Sofía
--
I am sending this email at a time that suits me and the time zone I work in. Please feel free to read, and act on or respond, at a time that suits you.

____________________________________________________________________
Sofía Silva Berenguer
RPKI Program Manager, NRO / Process and Productivity Engineer, APNIC
e: sofia@apnic.net <mailto:sofia@apnic.net>
____________________________________________________________________




From: NANOG <nanog-bounces+sofia=apnic.net@nanog.org> on behalf of Compton, Rich via NANOG <nanog@nanog.org>
Date: Thursday, 1 February 2024 at 9:10 am
To: Justin H. <justindh.ml@gmail.com>, NANOG list <nanog@nanog.org>
Subject: Re: SOVC - BGp RPKI

I think it hallucinated.
When asked to site its sources:

“I apologize for the confusion, but my response about "SOVC" in the context of RPKI on Cisco routers was based on general knowledge of RPKI and networking principles, not from a specific source. The explanation combined standard practices and concepts in network security and routing, especially as they relate to RPKI and BGP.
Since the acronym "SOVC" is not a standard or widely recognized term in the context of RPKI, it's possible that it might be specific to certain environments or proprietary to certain Cisco router models or software versions. For the most accurate and detailed information, it's always best to consult the official Cisco documentation or support resources, especially for terms that might be specific to their products.”

From: NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on behalf of Justin H. <justindh.ml@gmail.com>
Date: Wednesday, January 31, 2024 at 3:06 PM
To: NANOG list <nanog@nanog.org>
Subject: Re: SOVC - BGp RPKI

I'd be curious to know why it thinks that the S is "Stale". I don't
suppose it cites its sources?

Compton, Rich via NANOG wrote:
>
> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> security framework designed to secure the Internet's routing
> infrastructure, primarily through route origin validation. It ensures
> that the Internet number resources (like IP addresses and AS numbers)
> are used by the legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which
> AS is authorized to announce a specific IP address block. Network
> devices, like Cisco routers, use these ROAs to validate the
> authenticity of BGP (Border Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's
> RPKI-to-Router protocol client has lost its connection to the RPKI
> server, or when the RPKI cache data is outdated and not refreshed for
> some reason. This can happen due to network issues, configuration
> errors, or problems with the RPKI server itself. When the RPKI cache
> is stale, the router cannot reliably validate BGP route announcements
> against the latest ROA data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is
> crucial for ensuring that the network only accepts legitimate routing
> announcements, thereby reducing the risk of routing hijacks or
> misconfigurations. As a network security engineer, managing and
> monitoring the RPKI status on routers is an important aspect of
> ensuring network security and integrity.
>
> I see it mentioned in this doc:
>
> https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$ <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fios-xml%2Fios%2Fiproute_bgp%2Fconfiguration%2F15-s%2Firg-15-s-book%2Firg-origin-as.pdf__%3B!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j%24&amp;data=05%7C02%7C%7C3d796a2b66524de1535108dc22b1d251%7C127d8d0d7ccf473dab096e44ad752ded%7C0%7C0%7C638423394350601380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&amp;sdata=ahfazRG906rDju2Rd9Rbnt1rUkPQ0SA9FrGCIujzJGA%3D&amp;reserved=0>
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Mohammad Khalil <eng.mssk@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC
> with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is
> X. X. X. 47/323 connected to port 323 Anyone have encountered this?
> Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!
>

I can confirm that the official abbreviation is: Secured Origin Validate Cache

Kind Regards,
Dominik Dobrowolski

[Cisco White/Blue Both Lines]

Dominik Dobrowolski

Technical Consulting Engineer

Global CX Centers – Enterprise Switching .:|:.:|:.
Customer Experience

dodobrow@cisco.com<mailto:dodobrow@cisco.com>

Tel: +48 12 321 29 03


Cisco Systems Poland Sp. z o. o.

Aleja Powstancow Wielkopolskich 13C

Enterprise Park

Krakow

Krakow

30-707

Poland

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

Update Profile<https://www.cisco.com/c/en/us/about/help/login-account-help.html#~profile> - Privacy<http://www.cisco.com/web/siteassets/legal/privacy.html>

Please click here<http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> for Company Registration



________________________________
From: NANOG on behalf of Sofia Silva Berenguer
Sent: Thursday, February 1, 2024 12:15 AM
To: Compton, Rich; Justin H.; NANOG list
Subject: Re: SOVC - BGp RPKI


How polite of it to apologize!!



I asked Bing’s Copilot and it says SOVC stands for “Signed Object Validation Cache” but I wasn’t able to get a source for that either ?



Oh these AI times…



Warm regards,

Sofía

--

I am sending this email at a time that suits me and the time zone I work in. Please feel free to read, and act on or respond, at a time that suits you.



____________________________________________________________________

Sofía Silva Berenguer

RPKI Program Manager, NRO / Process and Productivity Engineer, APNIC

e: sofia@apnic.net<mailto:sofia@apnic.net>

____________________________________________________________________





From: NANOG <nanog-bounces+sofia=apnic.net@nanog.org> on behalf of Compton, Rich via NANOG <nanog@nanog.org>
Date: Thursday, 1 February 2024 at 9:10?am
To: Justin H. <justindh.ml@gmail.com>, NANOG list <nanog@nanog.org>
Subject: Re: SOVC - BGp RPKI

I think it hallucinated.

When asked to site its sources:



“I apologize for the confusion, but my response about "SOVC" in the context of RPKI on Cisco routers was based on general knowledge of RPKI and networking principles, not from a specific source. The explanation combined standard practices and concepts in network security and routing, especially as they relate to RPKI and BGP.

Since the acronym "SOVC" is not a standard or widely recognized term in the context of RPKI, it's possible that it might be specific to certain environments or proprietary to certain Cisco router models or software versions. For the most accurate and detailed information, it's always best to consult the official Cisco documentation or support resources, especially for terms that might be specific to their products.”



From: NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on behalf of Justin H. <justindh.ml@gmail.com>
Date: Wednesday, January 31, 2024 at 3:06 PM
To: NANOG list <nanog@nanog.org>
Subject: Re: SOVC - BGp RPKI

I'd be curious to know why it thinks that the S is "Stale". I don't
suppose it cites its sources?

Compton, Rich via NANOG wrote:
>
> ChatGPT says:
>
> SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> security framework designed to secure the Internet's routing
> infrastructure, primarily through route origin validation. It ensures
> that the Internet number resources (like IP addresses and AS numbers)
> are used by the legitimate owners or authorized AS (Autonomous System).
>
> In RPKI, Route Origin Authorizations (ROAs) are used to define which
> AS is authorized to announce a specific IP address block. Network
> devices, like Cisco routers, use these ROAs to validate the
> authenticity of BGP (Border Gateway Protocol) route announcements.
>
> The term "stale" in SOVC refers to a situation where the router's
> RPKI-to-Router protocol client has lost its connection to the RPKI
> server, or when the RPKI cache data is outdated and not refreshed for
> some reason. This can happen due to network issues, configuration
> errors, or problems with the RPKI server itself. When the RPKI cache
> is stale, the router cannot reliably validate BGP route announcements
> against the latest ROA data, potentially affecting routing decisions.
>
> In a network security context, maintaining an up-to-date RPKI cache is
> crucial for ensuring that the network only accepts legitimate routing
> announcements, thereby reducing the risk of routing hijacks or
> misconfigurations. As a network security engineer, managing and
> monitoring the RPKI status on routers is an important aspect of
> ensuring network security and integrity.
>
> I see it mentioned in this doc:
>
> https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$<https://urldefense.com/v3/__https:/www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$>
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Mohammad Khalil <eng.mssk@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 10:35 AM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *SOVC - BGp RPKI
>
> Greetings Am have tried to find out what is the abbreviation for SOVC
> with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is
> X.?X.?X.?47/323 connected to port 323 Anyone have encountered this?
> Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>
> Greetings
>
> Am have tried to find out what is the abbreviation for SOVC with no luck.
>
> #sh bgp ipv4 unicast rpki servers
>
> BGP SOVC neighbor is X.X.X.47/323 connected to port 323
>
> Anyone have encountered this?
>
> Thanks!
>

Thanks all for the kind reply and feedback. I guess Sofia listed the needed
: )

On Thu, 1 Feb 2024 at 13:25, Sofia Silva Berenguer <sofia@apnic.net> wrote:

> How polite of it to apologize!!
>
>
>
> I asked Bing’s Copilot and it says SOVC stands for “Signed Object
> Validation Cache” but I wasn’t able to get a source for that either ?
>
>
>
> Oh these AI times…
>
>
>
> Warm regards,
>
> Sofía
>
> --
>
> *I am sending this email at a time that suits me and the time zone I work
> in. Please feel free to read, and act on or respond, at a time that suits
> you.*
>
>
>
> ____________________________________________________________________
>
> Sofía Silva Berenguer
>
> RPKI Program Manager, NRO / Process and Productivity Engineer, APNIC
>
> e: sofia@apnic.net
>
> ____________________________________________________________________
>
>
>
>
>
> *From: *NANOG <nanog-bounces+sofia=apnic.net@nanog.org> on behalf of
> Compton, Rich via NANOG <nanog@nanog.org>
> *Date: *Thursday, 1 February 2024 at 9:10?am
> *To: *Justin H. <justindh.ml@gmail.com>, NANOG list <nanog@nanog.org>
> *Subject: *Re: SOVC - BGp RPKI
>
> I think it hallucinated.
>
> When asked to site its sources:
>
>
>
> “I apologize for the confusion, but my response about "SOVC" in the
> context of RPKI on Cisco routers was based on general knowledge of RPKI and
> networking principles, not from a specific source. The explanation combined
> standard practices and concepts in network security and routing, especially
> as they relate to RPKI and BGP.
>
> Since the acronym "SOVC" is not a standard or widely recognized term in
> the context of RPKI, it's possible that it might be specific to certain
> environments or proprietary to certain Cisco router models or software
> versions. For the most accurate and detailed information, it's always best
> to consult the official Cisco documentation or support resources,
> especially for terms that might be specific to their products.”
>
>
>
> *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> behalf of Justin H. <justindh.ml@gmail.com>
> *Date: *Wednesday, January 31, 2024 at 3:06 PM
> *To: *NANOG list <nanog@nanog.org>
> *Subject: *Re: SOVC - BGp RPKI
>
> I'd be curious to know why it thinks that the S is "Stale". I don't
> suppose it cites its sources?
>
> Compton, Rich via NANOG wrote:
> >
> > ChatGPT says:
> >
> > SOVC in the context of RPKI (Resource Public Key Infrastructure) on a
> > Cisco router stands for "Stale Origin Validation Cache". RPKI is a
> > security framework designed to secure the Internet's routing
> > infrastructure, primarily through route origin validation. It ensures
> > that the Internet number resources (like IP addresses and AS numbers)
> > are used by the legitimate owners or authorized AS (Autonomous System).
> >
> > In RPKI, Route Origin Authorizations (ROAs) are used to define which
> > AS is authorized to announce a specific IP address block. Network
> > devices, like Cisco routers, use these ROAs to validate the
> > authenticity of BGP (Border Gateway Protocol) route announcements.
> >
> > The term "stale" in SOVC refers to a situation where the router's
> > RPKI-to-Router protocol client has lost its connection to the RPKI
> > server, or when the RPKI cache data is outdated and not refreshed for
> > some reason. This can happen due to network issues, configuration
> > errors, or problems with the RPKI server itself. When the RPKI cache
> > is stale, the router cannot reliably validate BGP route announcements
> > against the latest ROA data, potentially affecting routing decisions.
> >
> > In a network security context, maintaining an up-to-date RPKI cache is
> > crucial for ensuring that the network only accepts legitimate routing
> > announcements, thereby reducing the risk of routing hijacks or
> > misconfigurations. As a network security engineer, managing and
> > monitoring the RPKI status on routers is an important aspect of
> > ensuring network security and integrity.
> >
> > I see it mentioned in this doc:
> >
> >
> https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-origin-as.pdf__;!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j$
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fios-xml%2Fios%2Fiproute_bgp%2Fconfiguration%2F15-s%2Firg-15-s-book%2Firg-origin-as.pdf__%3B!!CQl3mcHX2A!EB5iIYDDpnRMSM7Gjvy11sMoEsjEDlXtTpfipi4l735bx04IY-dD73vWGCbiDZvoRR6kTse35whqa8dH1cN_Ya9j%24&data=05%7C02%7C%7C3d796a2b66524de1535108dc22b1d251%7C127d8d0d7ccf473dab096e44ad752ded%7C0%7C0%7C638423394350601380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ahfazRG906rDju2Rd9Rbnt1rUkPQ0SA9FrGCIujzJGA%3D&reserved=0>
> >
> > *From: *NANOG <nanog-bounces+rich_compton=comcast.com@nanog.org> on
> > behalf of Mohammad Khalil <eng.mssk@gmail.com>
> > *Date: *Wednesday, January 31, 2024 at 10:35 AM
> > *To: *NANOG list <nanog@nanog.org>
> > *Subject: *SOVC - BGp RPKI
> >
> > Greetings Am have tried to find out what is the abbreviation for SOVC
> > with no luck. #sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is
> > X. X. X. 47/323 connected to port 323 Anyone have encountered this?
> > Thanks! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> >
> > Greetings
> >
> > Am have tried to find out what is the abbreviation for SOVC with no luck.
> >
> > #sh bgp ipv4 unicast rpki servers
> >
> > BGP SOVC neighbor is X.X.X.47/323 connected to port 323
> >
> > Anyone have encountered this?
> >
> > Thanks!
> >
>

In bgp_sovc.h, at the top, it says:
BGP Secure Origin Validation Code
Further down in the file, it says:
BGP Secured Origin Validate Cache ? SOVC

Basically, the router downloads the VRPs from the RPKI server, using RFC 6810.
Then it uses the downloaded VRPs to validate received routes using RFC 6811.
SOVC refers to the code that does that.

Kind Regards,
Jakob


Date: Wed, 31 Jan 2024 16:16:15 +0300
From: Mohammad Khalil <eng.mssk@gmail.com>
To: NANOG list <nanog@nanog.org>

Greetings
Am have tried to find out what is the abbreviation for SOVC with no luck.

#sh bgp ipv4 unicast rpki servers
BGP SOVC neighbor is X.X.X.47/323 connected to port 323

Anyone have encountered this?

Thanks!