[RPKI] offlist Re: Changing RPKI state

[Ties de Kock]

Hi all,

> On 25 Feb 2021, at 13:00, Mikael Abrahamsson via RPKI <rpki at lists.nlnetlabs.nl> wrote:
> 
> On Thu, 25 Feb 2021, Luuk Hendriks via RPKI wrote:
> 
>> Hi Mikael,
>> 
>> Fair question, and probably something that should be better explained on
>> the page itself: rpki.today gives you a diff between $time_A and
>> $time_B. E.g. by default, when landing on the page, that will be
>> $24h_ago and $now, if you will. If in the mean time something
>> disappeared and appeared again (with the exact same prefixes and ASID),
>> it will not show up in the diff.
>> 
>> So this is indeed expected behavior.
> 
> Sorry, I intended to send this to you offlist but ... I failed.
> 
> Anyhow, my point was about definition of "disappeared". Did something disappear if the server wasn't reachable and thus it's unknown what the state is?
> 
> One way to look at it: If I can't get it (timeout), it's not there.
> 
> Another way to look at it: If I can't get it (timeout), I have no idea, I'll presume last known state is still true and I'll presume anything I fetched previously is still relevant until it expires.
> 
> So basically, should the tool behave like it has a cache or should it behave like if it's cold-starting each time.

My experience is that it depends on both the software you use and on the current
state of the cache.

The RP implementations that I have been using update the state from the
repository if the repository is available. If it is not available, the last
version (if not expired) is used.

I’m not sure if there is an RFC describing this behaviour.

When updating from rrdp or rsync, octorpki, RPKI validator 3, and routinator
delete objects that are no longer present. rpki-client does not delete objects
(—delete with rsync) that still are referenced: it only purges objects that are
not referenced from the object tree.

In the end, the state that you observe can differ between a clean start and when
you have a cache.

Kind regards,
Ties