[RPKI] RRDPIT 0.0.3 'Limit Deltas' Released
Tim Bruijnzeels
tim at nlnetlabs.nl
Tue May 30 21:15:57 UTC 2023
Dear list,
We just released RRDPIT 0.0.3 'Limit Deltas'.
For those unfamiliar, RRDPIT is a tool that can be be pointed at a directory on your system, and produce RPKI RRDP (RFC 8182) notification, snapshot, and delta files. It was designed to be a quick way to help non-RRDP capable Publication Servers serve RRDP content based on their rsync repository.
NOTE:
-----
We *recommend* *very* *strongly* that this tool is not used in production, but a proper RRDP capable Publication Server (Krill or otherwise) is used instead. They have better features. E.g. Krill also offers an option to combine publications by CAs and prevent that deltas are produced too often, and it randomizes paths to prevent against CDN poisoning (forcing the CDN to cache 404s).
Still, there are some deployments in the world that need this so we made this update.
Fixes in 0.0.3:
---------------
This new release adds a feature to limit the maximum number of deltas kept in a notification file. Keeping too many deltas will result in large RRDP notification files if the individual deltas are much smaller than the snapshot. This can have a big impact on the server if many RPs request a large notification file. The default limit is set to 25. This value will work well if rrdpit runs every minute as it's more than twice the number of the typical RP fetch interval (10 minutes). If rrdpit runs less frequently then this number can be lowered. Essentially, one should keep enough deltas so that returning RPs never need to load the snapshot. The minimum value of this setting is 1.
We also added a strong warning to the readme that this tool should only be used in between publication runs, not during.
On behalf of the NLnet Labs RPKI Team,
Tim
More information about the RPKI
mailing list