[RPKI] Strange errors
Tim Bruijnzeels
tim at nlnetlabs.nl
Tue May 14 13:58:29 UTC 2019
Hi Mats,
This is caused by an issue at CNNIC regarding updating their CRL and Manifest files (and quite possibly they aren't publishing any new ROAs either). I heard that they have already been contacted about this. If they do not fix the issue, then eventually all of CNNIC's objects will become invalid, meaning that announcements for CNNIC space will become RPKI unknown. Note that if you have an 'rpki invalid == reject' policy, this means these announcements will still be accepted, albeit unprotected by RPKI.
There is nothing you are supposed to with these errors, unless you want to reach out to them as well. However, if you should see many connection failures and stale messages like this across the board, then they could indicate that there is a local connectivity issue with your routinator.
Tim
> On 14 May 2019, at 15:21, mats at exmandato.se wrote:
>
> Hi
>
> What to do with the following errors (lots of them i loggfile)
>
>
> rsync://rpki.cnnic.cn/rpki/A9162E3D0000/434/vKNmUQM0s3Q9LdxCYyt5dBbI3oU.crl: stale CRL.
> rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2100/vhT5zP4zduEf4yGQGFeaI0-cvlI.mft: stale manifest
>
> All of them refers to rpki.cnnic.cn
>
>
> /mm
> --
> RPKI mailing list
> RPKI at nlnetlabs.nl
> https://www.nlnetlabs.nl/mailman/listinfo/rpki
More information about the RPKI
mailing list