[RPKI] Use of Refresh/Retry/Expire Timers and RTR Versions
Jacquie Zhang
jac.tech0 at gmail.com
Fri Oct 1 09:35:29 UTC 2021
Hi,
There are three RTR timers defined in RFC8210: Refresh, Retry, and Expire,
and they are configurable in the Routinator config file.
There could also be timers at play on the fetching-ROA-from-Repository
side. I wonder what they are and where they are set.
40c1e6082c94:~$ more .routinator.conf
...
expire = 7200
refresh = 600
retry = 600
...
1. RTR Side
=========
1. In RTRv0, none of the 3 timers has any effect on the RTR side. A router
defines its own Refresh/Retry/Expire time. There is no communication about
them between a validator and a router over RTR.
2. In RTRv1, all 3 timers have effect on the RTR side. A validator dictates
them via EoD PDU and tells the router what to use. Communication is one way
only, from the validator to the router, it's dictation, not negotiation.
Is this understanding correct?
2. Repository Side
==============
There definitely is a refresh timer to tell how often Routinator should
poll the Repository to fetch ROAs. As there are no other config parameters
in the conf file, "refresh" timer must be for this.
Is there a retry timer as well? The Routinator could lose its Internet
connection due to a firewall or routing fault. When that happens, is there
a retry timer at play?
What about the expire timer? In the event a Routinator loses its Internet
connection, does it hold the VRPs for a period of time (Expire Time) then
delete them?
This is what I think:
refresh = 600 [meaningful in RTRv1 only, not meaningful in RTRv0. Also
meaningful on the Repository side]
retry = 600 [meaningful in RTRv1 only, not meaningful in RTRv0. Not
meaningful on the Repository side]
expire = 7200 [meaningful in RTRv1 only, not meaningful in RTRv0. Not
meaningful on the Repository side]
3. Objects in the Repository
=====================
>From Routinator document:
--refresh=*seconds*
The amount of seconds the server should wait after having fin-
ished updating and validating the local repository before start-
ing to update again. The next update will start earlier if ob-
jects in the repository expire earlier. The default value is
600 seconds.
Can someone please explain what "objects in the repository expire
earlier" mean? Which expire timer is this? I see ROAs have expiration
in the RIRs, but that expiration is normally a year and I read ROAs
will be auto-renewed when they expire, so I don't think it is this
one.
[image: image.png]
And it says "objects in the repository", so it's not the VRPs in the
Routinator after ROAs have been processed, so I think this doesn't
indicate there is an expire timer for the VRPs.
4. My Cisco and Juniper Routers Only Support RTRv0
======================================
Because the routers don't support RTRv1, I am thinking whether I should
disable RTRv0 explicitly in the Routinator and set retry and expire time to
0, that is, if my understanding is correct, they do nothing in RTRv0.
Should I do this? Where to disable it, go to the source code? Is setting to
0 allowed?
Is anyone aware of any router vendor or router model that supports RTRv1?
Cisco TAC told me RTRv1, RFC8210, will be revised so they have skipped
RTRv1 altogether. Sounded like they will never support RTRv1.
Thanks for your time reading this post to the end.
Best regards,
Jacquie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20211001/2da23ebe/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 48234 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20211001/2da23ebe/attachment-0001.png>
More information about the RPKI
mailing list