[RPKI] [EXTERNAL] routinator 0.10.2 vs. 0.11.2

[Havard Eidnes]

>> rsync-durations:
>> ...
>>   rsync://rpki.arin.net/repository/: status=-1, duration=300.045s
>> ...
>
> That looks like rsync took too long -- by default, there is a 300
> second timeout for rsync, whihc you can modify via the rrdp-timeout
> configuration/command line setting. If your network is rather slow, you
> might want to increase this value (or set it to zero to disable the
> timeout altogether). It exists as a precaution so that malicious
> repositories can't just hang forever and block data generation.

OK.  I didn't think I had any overload situations or "slow
network" locally, but it's obviously not easy to tell where the
packet loss happened.  Cursory traceroute testing doesn't point
to a particular problem.  For now I've added

rsync-timeout = 600

to my routinator.conf (parameter not in example config, and
there's no routinator.conf(5) man page, so this is patterned
after what routinator(1) lists as options).

> What's a bit weird, though, is that it doesn't use RRDP for ARIN.

I wonder if that's because the arin.tal lists rsync first, while
all the others list https (rrdp) first?

> Can you check your log if there are any errors? There should
> be.

I can't find an rsync error related to ARIN.  I found a couple
others:

Sep 07 09:19:34 rov-host routinator[710]: rsync://invalid.rov.koenvanhove.nl/repo/: rsync error: timeout waiting for daemon connection (code 35) at socket.c(278) [Receiver=3.2.4]
Sep 07 09:21:09 rov-host routinator[710]: rsync://nostromo.heficed.net/repo/: rsync error: timeout waiting for daemon connection (code 35) at socket.c(278) [Receiver=3.2.4]
Sep 07 09:22:36 rov-host routinator[710]: rsync://rpki.caramelfox.net/repo/: rsync error: timeout waiting for daemon connection (code 35) at socket.c(278) [Receiver=3.2.4]
Sep 07 09:43:22 rov-host routinator[710]: rsync://rpki.apnic.net/repository/: rsync: [receiver] read error: Connection reset by peer (54)
Sep 07 09:43:22 rov-host routinator[710]: rsync://rpki.apnic.net/repository/: rsync error: error in socket IO (code 10) at io.c(796) [receiver=3.2.4]
Sep 07 09:43:22 rov-host routinator[710]: rsync://rpki.apnic.net/repository/: rsync: connection unexpectedly closed (235892 bytes received so far) [generator]
Sep 07 09:43:22 rov-host routinator[710]: rsync://rpki.apnic.net/repository/: rsync error: error in rsync protocol data stream (code 12) at io.c(228) [generator=3.2.4]

However, no rsync error messages related to ARIN that I can find,
all I find are messages of this type:

Sep 07 09:47:40 rov-host routinator[710]: rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/63e0b1ac-9cd7-4998-bda5-556194e8519d/63e0b1ac-9cd7-4998-bda5-556194e8519d.mft: not found in local repository
Sep 07 09:47:40 rov-host routinator[710]: rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/63e0b1ac-9cd7-4998-bda5-556194e8519d/63e0b1ac-9cd7-4998-bda5-556194e8519d.mft: No valid manifest found.
Sep 07 09:47:40 rov-host routinator[710]: CA for rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/63e0b1ac-9cd7-4998-bda5-556194e8519d/ rejected, resources marked as unsafe:
Sep 07 09:47:40 rov-host routinator[710]:   24.237.0.0/16
Sep 07 09:47:40 rov-host routinator[710]:   65.74.0.0/17
Sep 07 09:47:40 rov-host routinator[710]:   66.58.128.0/17
Sep 07 09:47:40 rov-host routinator[710]:   66.223.128.0/17
Sep 07 09:47:40 rov-host routinator[710]:   67.58.0.0/19
Sep 07 09:47:40 rov-host routinator[710]:   69.178.0.0/17
Sep 07 09:47:40 rov-host routinator[710]:   72.42.128.0/18
Sep 07 09:47:40 rov-host routinator[710]:   206.174.0.0/17
Sep 07 09:47:40 rov-host routinator[710]:   209.165.128.0/18
Sep 07 09:47:40 rov-host routinator[710]:   2610:100::/32
Sep 07 09:47:40 rov-host routinator[710]:   AS8047

Regards,

- Håvard