[RPKI] transcient differences between rpki-client and routinator
Tim Bruijnzeels
tim at nlnetlabs.nl
Tue Dec 10 14:48:08 UTC 2019
Hi Jay
> On 10 Dec 2019, at 11:32, Jay Borkenhagen <jayb at braeburn.org> wrote:
>
>> But, this indeed is probably a discussion for SIDROPS and, as said I'll
>> fix Routinator for now.
>
> Hi Martin,
> Hi Tim,
>
> Was the VRP inconsistency that Job noticed a transient that's now in
> the past?
>
> If not, I would like to request that Routinator's behavior not be
> changed until some consensus emerges from that SIDROPS discussion.
I believe that Martin said he would.
>
> Routinator's current behavior appears to match that of RIPE's
> rpki-validator-3, and the MIRO RPKI Browser output seems to agree as
> well. (I do not yet have a rpki-client or LACNIC Fort running here.)
The issue itself is transient.
It happens when there is a disagreement between the MFT, CRL and similar issues nay occur if there is a mismatch with the other content of the directory (file missing, wrong hash).
These things can occur when objects are not updated in synchrony, or even if they are.. if published and retrieved through rsync mismatches may happen as a result of a race condition between retrieving things, and them being updated. I am not 100% sure how rsyncd deals with this, but I believe that it does not keep open file handles for all the content, so even writing to a new dir and renaming that may not solve this issue.
I am not saying that RRDP is perfect, but it does at least offer the option of seeing all updates as a single delta. In fact this was one of the (many) reasons for inventing this as an alternative.
Tim
>
> Thanks.
>
> Jay B.
>
More information about the RPKI
mailing list