[RPKI] [EXTERNAL] routinator 0.10.2 vs. 0.11.2
Havard Eidnes
he at uninett.no
Wed Sep 7 09:29:03 UTC 2022
> It seems quite some things are in flux at the moment. If you
> want to compare some numbers, here's the status page of a
> public Routinator instance we run:
>
> https://routinator.do.nlnetlabs.nl/status
That's useful!
I spun up this routinator instance Friday Sep 2, so it's been
running for a few days already.
I see you have
final-vrps-per-tal: afrinic=4814 apnic=97142 arin=74734 lacnic=26164 ripe=175778
whereas I locally still have
final-vrps-per-tal: afrinic=4814 apnic=97142 arin=5229 lacnic=26164 ripe=175777
I do also notice, though, that in the rest of my output it has
rsync-durations:
...
rsync://rpki.arin.net/repository/: status=-1, duration=300.045s
...
Hmm. Looking a bit with tcpdump reveals
1) a single rsync session of
rsync://rpki.arin.net/repository/arin-rpki-ta.cer
succeeds
2) there's what looks like lots of other rsync traffic (from
routinator) to rpki.arin.net, and there appears to be quite a
bit of packet loss and associated TCP retransmissions. Is
300s some sort of "if you're not done transferring in 5
minutes, your're killed" kind of timer? In routinator?
The tcpdump session appears to indicate that it's my end
(routinator) which is expiring the session, as my end is sending
the first FIN and subsequently sending TCP RST segments in
response to subsequent incoming segments.
Looking at the log I see lots of "resources marked as unsafe"
messages related to the
rsync://rpki.arin.net/repository/rin-rpki-ta/..... entries, but
that is perhaps "normal"?
I'm having a bear of a time getting a handle on what's normal and
what's abnormal with routinator...
Regards,
- Håvard
More information about the RPKI
mailing list