On 2022-07-31, Tobias Fiebig <[email protected]> wrote: > I am running a small setup, where recently the boarder router VMs of a user > caused prolonged and consistent low bandwidth (2-3mb/s) yet high utilization > (many IOPS) disk utilization on the virtualization nodes (more writeup at > [1]).
fwiw using a VM for a border router seems a strange choice. Also, having many routers in many networks fetch and validate all these certs, from many origin networks across the world, results in much duplicated work and bandwidth. The RPKI design is that fetch/validation is done by route servers or caches rather than on every individual router. The intention is to use RTR to feed routers but until that is fully handled you could e.g. run a central rpki-client box to generate the prefix list for bgpd and make it available to your own routers over sftp/http/rsync rather than fetching from origins on each router. > I ultimately resorted to giving an mfs on /var/cache/rpki-client a try. This > worked surprisingly well, (naturally) removed all disk i/o usage, and > improved the rpki-client runtime from ~30min to ~16min (CPUs aren't the > freshest, so this is fine, I guess). Of course the trade-off here is a full > sync after every reboot. You could periodically rsync it to permanent storage and use mount_mfs' -P option to populate at boot. BTW rpki-client is one of the (relatively few) cases where softdep is likely to give a significant improvement in performance. -- Please keep replies on the mailing list.
