[RPKI-Discuss] AFRINIC now supports RFC 8182 (RPKI Repository Delta Protocol)

Amreesh Phokeer amreesh at afrinic.net
Wed Apr 1 12:03:44 UTC 2020

Hi Ben,

> On 1 Apr 2020, at 15:35, Ben Maddison <benm at workonline.africa> wrote:


> That's an interesting choice. Why not something more atomic, like

> writing to a staging directory, testing, and then flipping a symlink?

> The additional sync seems to me to be another opportunity to introduce

> inconsistency.

To be investigated.
Our previous experience with managing hundreds of symlinks on our repo was a bit terrible.


>>> I'd like to know what this type of activity *should* look like

>>> going

>>> forward, so that we can distinguish intentional operational actions

>>> from outages.


>> Any similar future activity will be communicated to the members

>> beforehand.


> Thanks, that's appreciated by everyone, I'm sure.

> But my question was more about understanding what externally observable

> state (or lack of state) should be expected during a maintenance like

> this, so that we can all ensure our RPs behave sensibly in that state.

In normal circumstances (like this deployment), there would have been no change of state
as we were essentially replacing the same certificates by updated ones. But that might not
be the case for a keyrollover operation (we still need to figure out how to do one!).
Should RPs behave in specific ways during a maintenance window…that’s an interesting problem


More information about the RPKI-Discuss mailing list