[DBWG] AFRINIC RPKI RRDP connectivity issues?

Michel ODOU michel.odou at afrinic.net
Mon May 29 14:46:40 UTC 2023 

Hi Job,

Thanks for your email.

Regarding the issue of the slow download speed on the v4, please note 
that we have a bandwidth constraint on a router, which affects the RRDP.

We have first tried to optimize the server but, because of the high 
traffic there, it did not help for long.

Currently, we are working around 3 aspects:

1. As short-term fix, disabling the RRDP is something we have considered 
(actually we tried serving HTTP 204 instead of 404) but we need to 
schedule a window where RRDP will fall back to rsync - this must be 
announced on our status page. We will do this tomorrow and based on the 
traffic, we shall decide on the way forward.

2. The second step is scaling. We are working on a mirror to balance the 
load and scale with the resources we have. This is not something we want 
to rush though, so it takes time.

3. Finally, we have considered moving the service to a CDN and we have 
started discussing with another RIR and got precious feedback. This is a 
more long term solution, it is not to be implemented now.

I hope this clarifies the situation.

Regards,
Michel


On 29/05/2023 14:50, Job Snijders wrote:
> Another day comes and goes, and the issue is still ongoing:
> 
> IPv6 works well enough:
> 
>      $ wget -6 -O /dev/zero https://rrdp.afrinic.net/11218e02-4ae9-4c95-a8fa-49df27f15272/74251/snapshot.xml
>      2023-05-29 10:11:18 (745 KB/s) - ‘/dev/zero’ saved [38757407/38757407]
> 
> IPv4 is too slow for normal operations:
> 
>      $ wget -4 -O /dev/zero https://rrdp.afrinic.net/11218e02-4ae9-4c95-a8fa-49df27f15272/74251/snapshot.xml
>      2023-05-29 10:34:05 (28.2 KB/s) - ‘/dev/zero’ saved [38757407/38757407]
> 
> I've suggested the AfriNIC NOC to disable RRDP (serving HTTP 404
> responses instead of the RRDP XML), disabling RRDP in such a way will
> cause all RPKI validators to switch to rsync - a protocol more suited to
> bandwidth-constrained environments, but I've not heard any response or
> seen any such change.
> 
> I am at a loss why an issue like this persists for multiple weeks.
> 
> Kind regards,
> 
> Job

-- 
Michel ODOU
Head of IT & Security
African Network Information Centre (AFRINIC) Ltd.
t: +230 403 51 00 | f: +230 466 6758 | w: https://www.afrinic.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20230529/c761a2b9/attachment.sig>

More information about the DBWG mailing list