[RPKI-Deployers] Run your validator on your router!
Chris Morrow
morrowc at google.com
Fri Jul 10 11:50:06 EDT 2020
On Fri, Jul 10, 2020 at 11:40 AM Job Snijders <job at ntt.net> wrote:
>
> On Thu, Jul 09, 2020 at 10:28:28PM -0400, Chris Morrow via RPKI-Deployers wrote:
> > There's probably enough ram/storage on your average NCS to do this,
> > but wow, that'd be A TON more load on the overall global system to do
> > things in this manner ;)
>
> I maintain that for some type of (small) deployments it is a valid
> strategy. If you run just 2 or 4 routers in total (like IETF meeting),
> why not run separate validation processes, each tied to the router they
> are serving?
>
> There are plenty of organisations where spinning up a vm or physical
> server is a path of torture to get it done and assign responsbilities.
>
> On OpenBSD routers you can enable rpki validation by enabling the
> crontab entry in root's crontab. (doas crontab -e; uncomment 1 line)
>
> If the two IXP route servers each run their own validation process on
> their own system, why not? :-)
>
you don't have a redundant validation process / path for each device?
is that important? maybe? :) do you want to do hitless software
upgrades of the validation code?
I suppose there are a million flowers we can permit to bloom... and
each gardener (flower-er) can decide what works for them.
I'm a long term non-proponant of putting lots of extra functions on my
router... I get that this is 'hard' for some folk (small deployments),
I think it cuts out some flexibility though :(
> Kind regards,
>
> Job
More information about the RPKI-Deployers
mailing list