Hi all,
I noticed the RIPE NCC RRDP service (https://rrdp.ripe.net/) became
unreachable at 2022-02-16 13:34:10 UTC+0 (and still is down).
This RRDP outage event should not pose an issue for most RPKI
validators, because most RPKI cache implementations (which follow best
practises) will attempt to try to synchronize via RSYNC, in case RRDP is
unavailable.
However, it seems RIPE NCC adjusted the default rsyncd settings and
lowered the concurrent connection count from 200 (which already is too
low for RPKI Repository Servers) to 150?
$ rsync --no-motd -rt rsync://rpki.ripe.net/repository/
@ERROR: max connections (150) reached -- try again later
rsync error: error starting client-server protocol (code 5) at
main.c(1666)
[Receiver=3.1.2]
I'm not familiar with the RIPE RPKI RSYNC service architecture, so the
above error could be misleading: perhaps there is a loadbalancer
distributing TCP sessions across multiple backends, each backend
configured to serve up to 150 clients? Or perhaps there is a single
rsyncd instance (in which case 150 definitely is too low).
Is the RIPE NCC RPKI RSYNC service underprovisioned? If yes, why?
Kind regards,
Job
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/routing-wg
