[arin-tech-discuss] ARIN RPKI hiccup on Saturday

Jay Borkenhagen jayb at braeburn.org
Tue Dec 17 19:41:39 EST 2013 

Thanks for providing the explanation, Mark.  There are bound to be
some surprises along the way as we all get comfortable with the RPKI.

You're probably already thinking along these lines, but could ARIN put
up some monitoring of its RPKI output, alerting your operations staff
for things like the number of authenticated RPKI objects dropping
sharply?  And to make sure any such monitoring is not taken offline
during general systems maintenance events?


On 17-Dec-2013, Mark Kosters writes:
 > Hi Jay
 > 
 > Yes - we caught wind of this earlier today. We validate before publishing
 > to the community and this was a new twist. The manifest certificate on the
 > repository was invalid from 8:00AM EST until 2:05PM EST on 12/14. The
 > repository is generated 2x a day each with a 24hr expiry on the manifest
 > certificate. Unfortunately, we missed the evening run on 12/13 as we were
 > shutting non-public services down preparing for the database conversion.
 > It was "refreshed" the afternoon of 12/14 when the database was up and
 > certified to be healthy post-conversion.
 > 
 > As for RPKI, this was an oversight on our part and we are reevaluating
 > having such a limited-duration cert. Other RIR's who have the same
 > characteristics are also looking at changing their manifest certs as well.
 > 
 > Our apologies for any inconvenience that this may have caused.
 > 
 > Regards,
 > Mark
 > 
 > On 12/17/13, 12:56 PM, "Jay Borkenhagen" <jayb at braeburn.org> wrote:
 > 
 > >Hi ARIN,
 > >
 > >I saw ARIN's announcements of scheduled maintenance for this past
 > >Saturday 14-December-2013, including a statement that RPKI Repository
 > >Services would be available during that outage.  I also saw the 'all
 > >clear' message following the maintenance.
 > >
 > >But I have not yet seen any explanation of the hiccup in ARIN's RPKI
 > >that coincided with the maintenance.  Can someone from ARIN please
 > >comment?
 > >
 > >Thank you.
 > >
 > >						Jay B.
 > >
 > >
 > >_______________________________________________
 > >arin-tech-discuss mailing list
 > >arin-tech-discuss at arin.net
 > >http://lists.arin.net/mailman/listinfo/arin-tech-discuss

More information about the arin-tech-discuss mailing list