-
Notifications
You must be signed in to change notification settings - Fork 27
Recurring issue for APNIC RPKI Root and RIPE NCC RPKI Root #241
Comments
Hi, These issues are indeed recurrent and they both are related to the hosting authorities, in this case Chinese NIR (it can be very slow or unavailable sometimes) and the CA created by mckay.com (it has broken SSL certificate from time to time). We don't have control over these repositories, we only can poke mckay.com to renew their certificates more regularly. The consequence for you, as a validator user, is that sometimes BGP announcements originating from China and mckay network will change their RPKI status to UNKNOWN, but nothing will become INVALID, so from the routing viewpoint there shouldn't be any impact. |
Also, the validator caches the objects, so unless these problems persist for too long, the impact should be exactly zero. |
Thank you for the clarification. |
I believe the difference can be explained by Also, if you click on APNIC RPKI Root, you'll see the list of repositories and their statuses at the bottom of the page, so you can see if https://rpki.cnnic.cn/rrdp/notify.xml was successfully updated (for us it seems to be ok at the moment, https://rpki-validator.ripe.net/trust-anchors/monitor/2). There's also one thing that needs to be mentioned: in the future release(s) we are going to change the default to |
We're getting recurring issues for APNIC RPKI Root and RIPE NCC RPKI Root.
APNIC RPKI ROOT:
RIPE NCC RPKI Root
What seems to be causing these issues and how do we resolve them?
The text was updated successfully, but these errors were encountered: