[RPKI] routinator server not updating?
Havard Eidnes
he at uninett.no
Thu Jul 9 11:34:14 UTC 2020
Hi,
I run a couple of instances of routinator to feed our routers
with RTR, and pull down mostly "the default" set of ROA archives,
including ARIN's.
The documentation for routinator states:
The server will periodically update the local repository, every ten
minutes by default, notify any clients of changes, and let them fetch
validated data. It will not, however, reread the trust anchor
locators. Thus, if you update them, you will have to restart
Routinator.
First off, doing rsync with all the remote repositories every 10
minutes sounds quite expensive in terms on the load on those
servers(?), if that was indeed what would happen.
Secondly, the config file documentation says:
refresh
An integer value specifying the number of seconds Routinator
should wait between consecutive validation runs in server mode.
The next validation run will happen earlier, if objects expire
earlier. The default is 600 seconds.
Does it only do re-validation and no actual refresh of the data
from the upstream repositories in this period? The corresponding
program option has slightly different wording:
--refresh=seconds
The amount of seconds the server should wait after having
finished updating and validating the local repository before
starting to update again. The next update will earlier if
objects in the repository expire earlier. The default value is
600 seconds.
I am guessing the difference in wording is not intentional, and
that it is the intention that the local copy of the remote
repositories are kept in sync by periodically refreshing them,
and that no additional manual intervention should be required to
keep the local copy up to date?
However, I have configured the built-in http server to make it
possible to do some monitoring, and it now says (among other
things):
version: routinator/0.7.1
serial: 10
last-update-start-at: 2020-06-16 13:00:06.611424671 UTC
last-update-start-ago: P22DT77524.959437S
last-update-done-at: 2020-06-16 12:50:06.337468507 UTC
last-update-done-ago: P22DT78125.233393164S
last-update-duration: PT129.500793946S
valid-roas: 38027
So ... last updated ... 22 days ago?!? That timing mark
coincides with when the routinator server was last re-started.
My routinator is configured with
repository-dir = "/var/db/rpki-cache/repository"
tal-dir = "/var/db/rpki-cache/tal"
validation-threads = 6
rtr-listen = [ "a.b.c.d:3323" ]
http-listen = [ "a.b.c.d:9556" ]
log = "syslog"
pid-file = "/var/run/routinator.pid"
working-dir = "/var/db/rpki-cache"
user = "daemon"
group = "daemon"
and all files and directories under /var/db/rpki-cache are owned
by "daemon". Looking at the contents there, the last update time
for the newest files appears to be shortly after routinator was
last restarted.
I start routinator as
routinator -c <config-file> server --detach
Any ideas why it appears that routinator is not updating the
local copy of the remote repositories after the initial update
after (re)start?
...and while nitpicking (these might be relevant to the above
main question, "why isn't routinator updating?"):
disable-rsync
A boolean value that, if present and true, turns off the use of
rsync.
Default value?
rsync-command
A string specifying the command to use for running rsync. The
default is simply rsync.
Searched for in $PATH?
disable-rrdp
A boolean value that, if present and true, turns off the use of
RRDP.
Default value?
(There are lots of other missing default value specifications in
the man page.)
Regards,
- Håvard
More information about the RPKI
mailing list