nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Financial services BGP hijack last week?

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Wed, 3 May 2017 13:46:25 -0400
On Wed, May 3, 2017 at 1:39 PM, Compton, Rich A <Rich.Compton () charter com>
wrote:


The servers where the RPKI data is published (the Trust Anchor and the
CAs) are referred to using a single URI, meaning that any



sure, but even with rrdp there's just  one URI you'd follow, which
translates to some hostname + path.



sort of geographic redundancy or failover has to be handled via external
means (anycast, load balancing, etc.) but rsync isn’t well-suited for this
sort of implementation.



why's that? it seems to work fine for many free software repositories, for
instance.
Yes, updates to that repository would have to be 'managed' but that's also
the case for rrdp, or any other 'more than one copy' solutions of publicly
available data, right?

https://github.com/google/rpki-mgmt/

does some of the lifting to sort out the 'how to get my updates to all the
copies of my repository'... it doesn't yet support RRDP, but it's not hard
to see where to stick that in the config/setup.
Previous By Date Next
Previous By Thread Next

Current thread: