[RPKI] transcient differences between rpki-client and routinator
job at ntt.net
Tue Dec 10 16:21:52 UTC 2019
On Tue, Dec 10, 2019 at 10:07:28AM -0500, Jay Borkenhagen wrote:
> Tim Bruijnzeels writes:
> > > I thought Martin said "Change Routinator first, start SIDROPS
> > > discussion later." I was just arguing for "Start SIDROPS discussion,
> > > hope for speedy consensus, and then depending on the outcome possibly
> > > change Routinator."
> > Oh right, I misunderstood then.
> > But I do not have high hopes of quick consensus, and even if then
> > it would take time for RP software to be updated.
> > Updating routinator first is probably the quickest path to
> > consistency.
> I want consistency, too, but among Routinator, rpki-validator-3, and
> rpki-client at least, and possibly other currently-supported RP
> implementations, too. Maybe there will be an impasse in SIDROPS and
> that consistency will not be achievable, but I think we should see
It might be worthwhile to provide SIDROPS with a summary of our
observations on transient issues, and a summary of how we resolved
things in the validator space - ultimately the very phenomenon we are
observing is due to a synchronicity issue on the RIR level - and I do
believe that the validators don't need to be 'forgiving' to such issues.
The issues appears to resolve themselves in a matter of hours, so
applying 'stricter' validation doesn't ultimately impact the
implications to production networks, because eventually the ROAs do
become valid for transformation into VRPs anyhow.
I think we've now exposing a bug or inefficiency on the RIR publication
side of the house, and I believe the root cause must be addressed there.
More information about the RPKI