solved. We are continuing to investigate and will share more details when we
have them, followed by a post mortem report once everything is resolved.
In the meantime, we recommend that network operators update their RPKI validator
software to the latest version.
Regards,
Ties de Kock
Software Engineer
RI
regards,
Ties de Kock
[0] https://www.ripe.net/ripe/mail/archives/routing-wg/2021-April/004314.html
e expected increased load in the future due
to relying party implementations implementing rsync fallback.
Kind regards,
Ties
> On 20 May 2021, at 13:24, Ties de Kock wrote:
>
> Dear colleagues,
>
> Over the last weeks, as mentioned in a previous email [0], we have been
&
an automated browser, and another scenario will
measure how long it takes for a newly created ROA to be visible in an RP
instance. We plan to add these tests to our 24x7 monitoring.
Kind regards,
Ties de Kock
> On 6 Jul 2021, at 20:45, Max Tulyev wrote:
>
> Hi All,
>
> I'm trying to
Hi Nick,
> On 13 Apr 2021, at 15:33, Nick Hilliard wrote:
>
>> Would it be possible to drill down into these figures a bit more? I.e. is
>> it possible to work out how many are pulling the TAL via rsync, but then
>> using rrdp to synchronise their local instances? Or
>
> that came out
less risk
and is the option we are aiming for at the moment. We plan to release the new
publication infrastructure in Q2/Q3 2021 and hope to migrate earlier.
I’m happy to answer any further questions you may have.
Kind regards,
Ties de Kock
RIPE NCC
> On 12 Apr 2021, at 15:12, Nick Hilli
Hi Job, Randy,
> On 21 Dec 2021, at 23:57, Job Snijders via routing-wg
> wrote:
>
> On Tue, Dec 21, 2021 at 01:23:01PM -0800, Randy Bush wrote:
>>> We hope you will find these reports useful
>>
>> very much so. thank you.
>
> Yes, I'd like to echo what Randy says. Thanks for sharing this.
>
Hi Randy,
> On 27 Oct 2021, at 19:45, Randy Bush wrote:
>
>> We aim to keep this simple at an initial stage, closely monitor how
>> the environment behaves
>
> i am deeplying interested in how a CA and a PP (and RP and routers) are
> measured and monitored. in general, i am scared to death of
u to apply these security updates as soon as possible when they
become available. As a reminder, support for the RIPE NCC RPKI Validator 3 ended
on the first of July; security updates for RPKI Validator 3 will not be
available; please use a supported RP implementation.
Kind regards,
Ties de Kock
changes with the community at RIPE 83 and look
forward to hearing your feedback.
If you have any questions, please get in touch with us.
Kind regards,
Ties de Kock
[0]: https://github.com/RIPE-NCC/rpki-publication-server
Hi Job,
> On 13 Jul 2021, at 12:57, Job Snijders via routing-wg
> wrote:
>
> Hi,
>
> On Mon, Jul 12, 2021 at 10:23:20AM +0200, Daniel Karrenberg wrote:
>> Natanlie pointed us to
>> https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/rpki-planning-and-roadmap
>> a while ago.
Dear colleagues,
This afternoon, between 13:00 UTC and 14:10 UTC rrdp.ripe.net was unavailable.
During this period, a significant fraction of relying party instances attempting
to fall back to rsync://rpki.ripe.net could not retrieve objects due to capacity
constraints.
At approximately 13:00
Hi Job.
> On 16 Feb 2022, at 15:05, Job Snijders via routing-wg
> wrote:
>
> Hi all,
>
> I noticed the RIPE NCC RRDP service (https://rrdp.ripe.net/) became
> unreachable at 2022-02-16 13:34:10 UTC+0 (and still is down).
Ouch. Fallback to rsync due to a DNS misconfiguration (which should
of NFS. We observed improved
performance and scalability compared to our NFS based rsync setup and will
consider this setup when revisiting our rsync infrastructure.
We have concluded this experiment and will decommission this environment.
Kind regards,
Ties de Kock
[0]: https://www.ripe.net
connectivity. Due to this, we
disabled the RPKI CA system. No objects were created or updated during this
period.
We re-enabled the CA system around 09:20 UTC when internal connectivity had
recovered. We will keep monitoring the situation.
Kind regards,
Ties de Kock
--
To unsubscribe from
always contact the team
directly at r...@ripe.net.
Kind regards,
Ties de Kock
Specialist Software Engineer
RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/routing-wg
transition period. We plan to stop creating
the old format after a transition period of at least a month, taking into
account the feedback we receive. We will inform you when this happens.
Ties de Kock
Specialist Software Engineer
RIPE NCC
--
To unsubscribe from this mailing list, get a passwor
investigating the exact impact. Please share any information you
have on this issue with us via r...@ripe.net.
Kind regards,
Ties de Kock
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo
necessary
changes to improve our alerting.
We will continue investigating the root cause and focus on possible race
conditions during the shutdown of the publication server (which could have
happened during patching).
Kind regards,
Ties de Kock
--
To unsubscribe from this mailing list, get
have any comments or questions, we hope you'll discuss with us on the
list or, if you prefer, you can always contact the team directly at
r...@ripe.net.
Kind regards,
Ties de Kock
Senior Software Engineer
RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your
at
r...@ripe.net .
Kind regards,
Ties de Kock
Senior Software Engineer
RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/routing-wg
, you can always contact the team directly at
r...@ripe.net .
Kind regards,
Ties de Kock
Specialist Software Engineer
RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/routing-wg
from being introduced in the
future, we will (1) improve the monitoring that verifies that the resources of
the published certificates match the registry and (2) introduce tests that cover
this scenario.
Kind regards,
Ties de Kock
Specialist Software Engineer
RIPE NCC
[0]: https://www.ripe.net
the RPKI CA system and availability of the
RPKI dashboard and API that are used to create/edit objects. The validity of
RPKI objects under our Trust Anchor will not be affected. Furthermore, the RRDP
and rsync repositories will be available as usual.
Kind regards,
Ties de Kock
--
To unsubscribe from
the team directly at r...@ripe.net.
Kind regards,
Ties de Kock
Specialist Software Engineer
RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/routing-wg
of compressed and uncompressed
files.
As announced earlier, we will stop creating the roa.csv and repo.tar.gz files.
We will do so after the 12th of February. Afterwards, we will clean up the old,
now recompressed files (roas.csv, repo.tar.gz).
Kind regards,
Ties de Kock
RIPE NCC
[0]: https
26 matches
Mail list logo