Thanks for providing the explanation, Mark. There are bound to be some surprises along the way as we all get comfortable with the RPKI.
You're probably already thinking along these lines, but could ARIN put up some monitoring of its RPKI output, alerting your operations staff for things like the number of authenticated RPKI objects dropping sharply? And to make sure any such monitoring is not taken offline during general systems maintenance events? On 17-Dec-2013, Mark Kosters writes: > Hi Jay > > Yes - we caught wind of this earlier today. We validate before publishing > to the community and this was a new twist. The manifest certificate on the > repository was invalid from 8:00AM EST until 2:05PM EST on 12/14. The > repository is generated 2x a day each with a 24hr expiry on the manifest > certificate. Unfortunately, we missed the evening run on 12/13 as we were > shutting non-public services down preparing for the database conversion. > It was "refreshed" the afternoon of 12/14 when the database was up and > certified to be healthy post-conversion. > > As for RPKI, this was an oversight on our part and we are reevaluating > having such a limited-duration cert. Other RIR's who have the same > characteristics are also looking at changing their manifest certs as well. > > Our apologies for any inconvenience that this may have caused. > > Regards, > Mark > > On 12/17/13, 12:56 PM, "Jay Borkenhagen" <[email protected]> wrote: > > >Hi ARIN, > > > >I saw ARIN's announcements of scheduled maintenance for this past > >Saturday 14-December-2013, including a statement that RPKI Repository > >Services would be available during that outage. I also saw the 'all > >clear' message following the maintenance. > > > >But I have not yet seen any explanation of the hiccup in ARIN's RPKI > >that coincided with the maintenance. Can someone from ARIN please > >comment? > > > >Thank you. > > > > Jay B. > > > > > >_______________________________________________ > >arin-tech-discuss mailing list > >[email protected] > >http://lists.arin.net/mailman/listinfo/arin-tech-discuss _______________________________________________ arin-tech-discuss mailing list [email protected] http://lists.arin.net/mailman/listinfo/arin-tech-discuss
