[RPKI] [EXTERNAL] routinator 0.10.2 vs. 0.11.2

Havard Eidnes he at uninett.no
Wed Sep 7 09:29:03 UTC 2022


> It seems quite some things are in flux at the moment. If you
> want to compare some numbers, here's the status page of a
> public Routinator instance we run:
>
> https://routinator.do.nlnetlabs.nl/status

That's useful!

I spun up this routinator instance Friday Sep 2, so it's been
running for a few days already.

I see you have

final-vrps-per-tal: afrinic=4814 apnic=97142 arin=74734 lacnic=26164 ripe=175778

whereas I locally still have

final-vrps-per-tal: afrinic=4814 apnic=97142 arin=5229 lacnic=26164 ripe=175777 

I do also notice, though, that in the rest of my output it has

rsync-durations:
...
  rsync://rpki.arin.net/repository/: status=-1, duration=300.045s
...

Hmm.  Looking a bit with tcpdump reveals

1) a single rsync session of
   rsync://rpki.arin.net/repository/arin-rpki-ta.cer
   succeeds
2) there's what looks like lots of other rsync traffic (from
   routinator) to rpki.arin.net, and there appears to be quite a
   bit of packet loss and associated TCP retransmissions.  Is
   300s some sort of "if you're not done transferring in 5
   minutes, your're killed" kind of timer?  In routinator?

The tcpdump session appears to indicate that it's my end
(routinator) which is expiring the session, as my end is sending
the first FIN and subsequently sending TCP RST segments in
response to subsequent incoming segments.

Looking at the log I see lots of "resources marked as unsafe"
messages related to the
rsync://rpki.arin.net/repository/rin-rpki-ta/..... entries, but
that is perhaps "normal"?

I'm having a bear of a time getting a handle on what's normal and
what's abnormal with routinator...

Regards,

- Håvard


More information about the RPKI mailing list