[RPKI] [EXTERNAL] routinator 0.10.2 vs. 0.11.2
Martin Hoffmann
martin at nlnetlabs.nl
Wed Sep 7 09:58:27 UTC 2022
Hi Håvard!
Havard Eidnes via RPKI wrote:
>
> rsync-durations:
> ...
> rsync://rpki.arin.net/repository/: status=-1, duration=300.045s
> ...
That looks like rsync took too long -- by default, there is a 300
second timeout for rsync, whihc you can modify via the rrdp-timeout
configuration/command line setting. If your network is rather slow, you
might want to increase this value (or set it to zero to disable the
timeout altogether). It exists as a precaution so that malicious
repositories can’t just hang forever and block data generation.
What’s a bit weird, though, is that it doesn’t use RRDP for ARIN. Can
you check your log if there are any errors? There should be.
> Looking at the log I see lots of "resources marked as unsafe"
> messages related to the
> rsync://rpki.arin.net/repository/rin-rpki-ta/..... entries, but
> that is perhaps "normal"?
Not really. These indicate that publication points (the individual
data directories in a repository) have been rejected because something
was wrong with their data.
This whole unsafe resources business will be silent by default in the
upcoming 0.12, precisely because it is very confusing.
-- Martin
More information about the RPKI
mailing list