This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[members-discuss] Draft Activity Plan 2021 - RPKI development
- Previous message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
- Next message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ivaylo
ivaylo at bglans.net
Tue Sep 29 00:06:15 CEST 2020
Hello, Ten months ago we needed to integrate prefixes validation service in our IXP and network infrastructure. So we tested nearly all rpki validator softwares we found. Of course RIPE rpki validator was first, unfortunately I can clearly say, it is not and will never be reliable validator server. It is heavy, slow, resource hungry, easy to crash software, and it will become worse with time, when number of ROA signed networks grow. The problem is in the design - JAVA is not the right language for such software. Putting more money will not make it better, maybe RIPE rpki validator could be used for educational and demonstrational use, but for production I'm doubt. If we want to see more ROA signed networks and more bgp servers to run rpki validation, network administrators and engeneers needs better softwares. More than 7 months we are using in production FORT validator (I think its lacnic rpki server open source implementation in C ) and I can clearly say it is much better, runs much more stable and uses a lot less resources than RIPE rpki validator. From practical point it will be better if that budget is use to help FORT development process, creating and maintaining rpki validator packages for all major linux/bsd distributions, creating complete howtos install, use, maintain, connect bgp , best bgp rpki filtering practices, RIPE staff to push harder LIRs to ROA sign their globaly bgp announced networks (periodicaly phone calls , email reminders, etc). Ivaylo Josifov Varteh LTD Varna, Bulgaria On Mon, 28 Sep 2020, Sander Steffann wrote: > Hi, > > On 28-09-2020 09:47, Cynthia Revstr?m via members-discuss wrote: >> Hi, >> >> I fully agree that while the budget on RPKI deployment should not be >> reduced currently, it should be used in other ways. > > +1 > >> I think 2021-01-01 is a bit too early as last I looked there was still a >> considerable number of RIPE NCC validators running. 2022-01-01 is >> probably more reasonable. >> >> Though feature updates could stop on 2020-01-01, fixes need to be done >> for at least a year more I would say. > > Sounds reasonable. > >> Potential other ways to use the budget includes setting up a way for >> resource holders to use delegated RPKI published to repositories hosted >> by the RIPE NCC. Such as I believe NIC.BR <http://NIC.BR> is doing. > > That does indeed sound like a much more constructive way to send the money. > > Cheers, > Sander > > _______________________________________________ > members-discuss mailing list > members-discuss at ripe.net > https://mailman.ripe.net/ > Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/ivaylo%40bglans.net >
- Previous message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
- Next message (by thread): [members-discuss] Draft Activity Plan 2021 - RPKI development
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]