[194496] in North American Network Operators' Group
Re: Financial services BGP hijack last week?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed May 3 13:46:29 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <D52F7114.A854C%rich.compton@charter.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Wed, 3 May 2017 13:46:25 -0400
To: "Compton, Rich A" <Rich.Compton@charter.com>
Cc: North American Network Operators' Group <nanog@nanog.org>,
Job Snijders <job@ntt.net>
Errors-To: nanog-bounces@nanog.org
On Wed, May 3, 2017 at 1:39 PM, Compton, Rich A <Rich.Compton@charter.com>
wrote:
> The servers where the RPKI data is published (the Trust Anchor and the
> CAs) are referred to using a single URI, meaning that any
>
sure, but even with rrdp there's just one URI you'd follow, which
translates to some hostname + path.
> sort of geographic redundancy or failover has to be handled via external
> means (anycast, load balancing, etc.) but rsync isn=E2=80=99t well-suited=
for this
> sort of implementation.
>
why's that? it seems to work fine for many free software repositories, for
instance.
Yes, updates to that repository would have to be 'managed' but that's also
the case for rrdp, or any other 'more than one copy' solutions of publicly
available data, right?
https://github.com/google/rpki-mgmt/
does some of the lifting to sort out the 'how to get my updates to all the
copies of my repository'... it doesn't yet support RRDP, but it's not hard
to see where to stick that in the config/setup.
