[RPKI] Krill not publishing ROAs for RIPE prefixes
Christopher Munz-Michielin
christopher at ve7alb.ca
Thu Jul 8 19:05:52 UTC 2021
Hi All,
Got a weird issue with Krill and publishing RIPE ROAs. Background: We
have been running Krill with 1 RIPE, 2 ARIN and 1 APNIC parents for the
better part of a year without issue, but yesterday we started receiving
reports that all our RIPE ROAs had been dropped, indeed when I look at
https://jdr.nlnetlabs.nl/#/search/%2Frpki-repo%2Frsync%2Frpki.ripe.net%2Frepository%2FDEFAULT%2F3JsPwPrhyzvSi50Bqvw1Y_2pUdo.cer
<https://jdr.nlnetlabs.nl/#/search/%2Frpki-repo%2Frsync%2Frpki.ripe.net%2Frepository%2FDEFAULT%2F3JsPwPrhyzvSi50Bqvw1Y_2pUdo.cer>
this does appear to be the case.
I have verified all the ROA's exist via the Krill API as well as in the
GUI. So far I have tried restarting Krill, Deleting and re-adding some
ROAs, as well as deleting the delegation from RIPE and re-creating it
all to no avail. I'm at the point where I'm getting ready to blow the
whole setup away and rebuild from scratch, but figured I would reach out
here first to see if anyone has a suggestion to recover from this weird
situation.
Version of krill is 0.8.2 on ubuntu 20.04 installed from the package
manager. No other RIR's seem to be effected by this.
More information about the RPKI
mailing list