[RPKI] [EXTERNAL] validation scalability considerations

[Compton, Rich A]

Hi Shawn, we have 4 instances of routinator.  I think having two different validators is a good idea buy I couldn’t convince my Ops guys to do this.   Two instances are in one data center in the west of the US and two in east.   We have RTR sessions from over 1000 routers to each one.  If any one of the sessions goes down, we have 3 others.  Ops did modify “/etc/security/limits.conf” and added:

* soft nofile 524820
* hard nofile 524820

because we were getting an error about too many open files from the OS.  The throughput on the instances is less than 15 Mbps with an RTR refresh time of 10 mins configured on our routers.

-Rich

From: RPKI <rpki-bounces at lists.nlnetlabs.nl> on behalf of Shawn Kleinart via RPKI <rpki at lists.nlnetlabs.nl>
Reply-To: Shawn Kleinart <skleinart at llnw.com>
Date: Thursday, November 11, 2021 at 2:34 PM
To: "rpki at lists.nlnetlabs.nl" <rpki at lists.nlnetlabs.nl>
Subject: [EXTERNAL] [RPKI] validation scalability considerations

CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.
Moving into production validation and testing Routinator and RTRTR (and other vendors in lab), about how many router sessions can be maintained on each install?
And what other considerations should be made around a global network and general scalability?
Aside from the obvious resiliency considerations, including platform (two validators) -- Routinator/RTRTR: reasonable to support sessions with 250 routers?  500 sessions?

Any good (ROV) lessons to share on things NOT to do?

Many thanks,
 Shawn Kleinart, Limelight Networks, Inc, AS22822 (+ 9 others)

E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20211111/37bbf33b/attachment.htm>