Re-evaluate the RPKI state when new routing advertisements come in

[racompton]

Have Artemis re-evaluate the RPKI state when new routing advertisements come in and potentially clear the RPKI INVALID status in the alerts. Similar to how Artemis can change the status of an alert from Ongoing to Withdrawn.

One example of this is where we had the prefix 76.178.98.0/23 advertised but Artemis had the config to monitor for 76.178.64.0/18. This generated an alert and was RPKI invalid. A ROA was then created and 76.178.98.0/23 was added to the Artemis config. It would have been nice if the alert would have cleared and shown RPKI valid

[vkotronis]

Will work on it this week, we should probably remove the redis caching logic

artemis/backend-services/detection/core/detection.py

Line 915 in 5b12a9d

redis_rpki_asn_prefix_key = "rpki_as{}_p{}".format(

so that it always gets the most recent info from the validator itself.

[vkotronis]

hmmm currently we clear the cache every one hour. We cannot state events as innocent based on RPKI only, we clear them when the configuration which is the SoT does not consider them hijacks any more. We can remove the caching logic for RPKI statuses, but this will probably have a performance impact on detection. Will need to think on this before implementing sth related.
@racompton in the event you mention, after the RPKI cache is expired (1 hour by default) you will see a VD state. Have you checked that this holds? If the configuration is also correctly updated the alert will become deprecated. Note that we do not act on RPKI information to declare sth as hijack or non-hijack, we simply augment the available hijack info. Thus, the configuration should also be updated after you get the ROA in place. I can elaborate more on this if needed.