Hi, On Mon, Jul 12, 2021 at 10:23:20AM +0200, Daniel Karrenberg wrote: > Natanlie pointed us to > https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/rpki-planning-and-roadmap > a while ago. Among other things this says: > > “In preparation for the improved RPKI repository architecture, the > distributed nature of the RRDP repository is going to be implemented using > containers and krill-sync that pulls data from the centralised on-premise > repository. This greatly simplifies smooth transitioning between publication > servers without any downtime. > > NOTE: We are not referring to cloud technologies here, just to our internal > deployment technologies.” > > The silence here worries me.
What silence?! Over the last few months there have been quite some mail threads in this working group about RPKI and RPKI outage incidents, and NCC staff have provided updates during the virtual RIPE meetings in the Routing WG slot. To me the roadmap seems to reflect the sentiment that reliability is the key objective at this moment in time. > I would like to see some feedback from this group whether this is what > you want to see happening. The RIPE Routing WG is the forum for giving > guidance to the RIPE NCC about RPKI. I know other channels exist too > and that is fine. I also know that individuals here seem to be happy > with what is happening. However private channels and conversations are > not the way RIPE does this. This group is where the RIPE NCC looks > for guidance and where that guidance gets properly archived and > responded to. To be honest I am not sure what the purpose of krill-sync is. In May 2021 [1] extensive testing was conducted with the help of the NLNOG RING to see if krill-sync could be used to power the RSYNC service, but it turned out there were multiple issues with krill-sync making it a suboptimal choice. I believe RIPE NCC ended up deploying a different solution to serve RSYNC - and my hope is that the recently-achieved stability is here to stay, because the current setup seems to work quite nicely. As for 'hidden RRDP' master, I fail to see what the benefits of krill-sync are compared to say Varnish [2] (or Squid [3]). Or what already is achieved by using a CDN to deliver the RRDP deltas. Maybe the krill-sync reference is an outdated comment? Kind regards, Job [1]: https://www.ripe.net/ripe/mail/archives/routing-wg/2021-May/004345.html [2]: https://varnish-cache.org/ [3]: http://www.squid-cache.org/
