On Mon, Apr 13, 2020 at 02:43:27PM +0000, Job Snijders wrote: > I'm reviewing some of the timers associated with the workings of the > end-to-end propagation from ROA to VRP. I think suggesting to run > rpki-client only once a day can make for needless brittleness. > > Running rpki-client just once a day also results in only making a rsync > fetch attempt once a day. If the connection can't be established because > of a transient network issue, the RP can easily end up going without > contact with the CA Publication Point for close to 48 hours. A lot of > CRLs appear to have expiration dates in the range of '24 hours'. > > I think attempting to contact a CA PP at least once an hour is more > appropriate for the various 24-48h sliding windows that are in play. > > Thoughts? OK?
Small update: if we go hourly we should jiggle RANDOM accordingly OK? Index: crontab =================================================================== RCS file: /cvs/src/etc/crontab,v retrieving revision 1.25 diff -u -p -r1.25 crontab --- crontab 4 Dec 2019 15:07:51 -0000 1.25 +++ crontab 13 Apr 2020 14:48:06 -0000 @@ -19,4 +19,4 @@ HOME=/var/log 30 5 1 * * /bin/sh /etc/monthly #0 * * * * sleep $((RANDOM \% 2048)) && /usr/libexec/spamd-setup -#0 9 * * * -n sleep $((RANDOM \% 4096)) && rpki-client -v && bgpctl reload +#0 * * * * -n sleep $((RANDOM \% 2048)) && rpki-client -v && bgpctl reload
