Dear colleagues, Over the past months, we have been working on the RIPE NCC RPKI repositories. We have an update to the RRDP repository that we plan to deploy on 9 November. This will create a regular RRDP event (a session change) but will have no other externally visible impact. We want to share some of the improvements this change has to offer and highlight two areas in particular.
First, we have improved the publication server software [0]. The current publication server uses an embedded NoSQL/schemaless database. We have changed the project to use PostgreSQL instead, which allows us to move several integrity checks to the publication server’s database. Second, we have changed how the publication server is deployed, which is part of our work to move components of our infrastructure on-premise. Initially, we will run two independent instances, with separate database servers and data centres, with each instance receiving all objects in the repository. We aim to keep this simple at an initial stage, closely monitor how the environment behaves, and expand later if we need to. Because the RRDP session differs between the instances, one instance is (and can be) active at each moment in time. This allows us to swap them out during an upgrade and allows us to fall back to the second one if any issue is being detected. Both instances are behind a load-balancer, which is the origin for the Content Delivery Network (CDN) that we use. By using a CDN, we (a) reduce the latency from various geographical locations, (b) protect ourselves from network glitches, and (c) reduce the bandwidth peak after a session change that would interfere with other services on the RIPE NCC network (for example during a deployment). This change is an intermediate step in our work on the resiliency of our publication infrastructure. We have extensively looked at possible architectures that can solve the issues we are facing now and considered numerous failure modes, and we think this design strikes a good balance between resilience and simplicity. We will discuss our architectural changes with the community at RIPE 83 and look forward to hearing your feedback. If you have any questions, please get in touch with us. Kind regards, Ties de Kock [0]: https://github.com/RIPE-NCC/rpki-publication-server
