[RPKI] VRP Storage on Routinator
martin at nlnetlabs.nl
Tue Oct 5 11:07:17 UTC 2021
Jacquie Zhang via RPKI wrote:
> I'd like to ask, after processing the ROAs, where are the VRPs
> stored, in files or in the RAM?
> I would say they are stored in the RAM for quick service to the
> routers but my validator admin thinks they are stored in files under
> folder ".rpki-cache". Which one is correct?
The VRPs (i.e., the validated and processed set of RPKI data) is only
stored in RAM. It is also regenerated completely during each validation
run -- and only then a diff is generated to the previous version.
What lives in .rpki-cache is a copy of all the files fetched from the
various repositories during an update, that is, the raw RPKI objects
such as certificates, CRLs, manifests, and ROAs. This is necessary,
since the transport protocols used for fetching these files only
transmit changes rather that a full copy.
> With history size default to 10, it means that all recent 10 sets of
> the VRPs are stored either all in the RAM or in 10 different files. If
> they are in RAM, we should check our memory utilisation more carefully
> so please confirm it is in the RAM.
I wouldn’t worry. Only the current set of VRPs is stored in RAM. The
history only contains changes between that earlier version and the
current version. That is unlikely to be really big.
> In RTR, a client can request to only receive the
> changes that happened since the last version of the data it had
> seen. This option sets how many change sets the server will at
> most keep. If a client requests changes from an older version, it
> will get the current full set.
> Note that routers typically stay connected with their
> RTR server and therefore really only ever need one single change set.
> Addi- tionally, if RTR server or router are restarted, they will have
> a new session with new change sets and need to exchange
> a full data set, too. Thus, increasing the value probably only ever
> in- creases memory consumption.
> From this explanation, I doubt why we would ever need any past set of
> VRPs other than the current. Should we just set to 1, for instance, to
> conserve memory? Technically, is it even possible a router would
> require a past set? Did any RFC say so?
Within RTR, a continuous sequence of updates is identified by a session
ID. If you have an old data set, its session ID and serial number
(i.e., the version you have), you can connect to the same RTR server
and ask for the updates since. The longer you wait with that, the more
versions you get behind.
I have no idea if in practice any routers actually do this kind of
thing, i.e., whether they reconnect after some time and still have
their data. So, in practice you can probably indeed go down with the
history count. But also in practice, these diffs usually contains a few
dozen items at most. So your memory savings will be negligible.
More information about the RPKI