CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/24 03:06:20
Modified files:
usr.sbin/rpki-client: extern.h main.c nca.c output-json.c
output-ometric.c output.c repo.c
rpki-client.8
Log message:
Add a backoff retry mechanism for non-functional CAs
Many non-functional CAs never recover once they become non-functional
causing inefficiency in the operation of relying party instances.
The existing detection mechanism for non-functional CAs is changed into
a stateful backoff retry mechanism, eventually settling on retrying
broken CAs only once per day. Backoff helps reduce load on both the
RP and publication point sides of the house, reduces log clutter, and
improves RP run duration.
The sync schedule is reset if a given non-functional CA is discovered to
be in working order again (i.e., backoff is not applied to healthy CAs).
A few new statistics are exposed in the json & metrics outputs.
An interesting side-effect of this mechanism is that it appears to
obviate some of the need for a manually curated (and therefore, easily
outdated) skiplist.
OK claudio@ tb@
