Re: [Idr] rpki dispersion rate (was Re: draft-ymbk-sidrops-rov-no-rr)

Randy Bush <randy@psg.com> Tue, 16 November 2021 16:22 UTC

Return-Path: <randy@psg.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 484A03A07EF for <idr@ietfa.amsl.com>; Tue, 16 Nov 2021 08:22:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXUN9QUvVUQ4 for <idr@ietfa.amsl.com>; Tue, 16 Nov 2021 08:22:39 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD8E33A07ED for <idr@ietf.org>; Tue, 16 Nov 2021 08:22:39 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1mn1EC-0002xR-1V; Tue, 16 Nov 2021 16:22:36 +0000
Date: Tue, 16 Nov 2021 08:22:35 -0800
Message-ID: <m2v90sqddg.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: heasley <heas@shrubbery.net>
Cc: Interminable Discussion Room <idr@ietf.org>
In-Reply-To: <YZNQM+dtJj1j0xCw@shrubbery.net>
References: <YZNQM+dtJj1j0xCw@shrubbery.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/iEzGxWTk9D5yJxQB0GDO_LhwY7o>
Subject: Re: [Idr] rpki dispersion rate (was Re: draft-ymbk-sidrops-rov-no-rr)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 16:22:42 -0000

>> the pressure on rpki data has been toward being more responsive, not
>> less
> 
> Why?  I do not understand the need for rpki data to be dispersed more
> quickly.  Creation, revocation, or renewal, which is it?

[ more than you wanted to know ]

it started way back pre maastricht, with danny mcpherson objecting to
the potential delay because his ddos mitigation customers only called
once they were being ddosed, he had a very fast contract path, but roa
propagation would seriously delay his scrubber AS from siphoning off the
bad traffic.  point taken, but discussion was less constructive than it
could have been.

i suspect one thing underlying the desire today is that dns managed to
solve what used to be multi-day propagation with NOTIFY (which we stole
for the RPKI-Rtr protocol), yielding very fast results.

we want fast bgp convergence, fast failover, fast cars, fast food
(yucchh), ...

as it stands, rpki propagation is 'interesting' enough that researchers
are getting papers out of it.  draft-ietf-sidrops-rpki-rov-timing was an
attempt to at least make it more predictable; though it provided no
accelerant.  the draft was shot down because there were no data to show
the relative resource and convergence consequences of current chaotic
practice.  point taken; back to measurement.

but, to your question.  my personal take is that creation presents the
most need for propagation as folk want AS 42 to be able to announce P
last week.  as the rpki is not yet being used for attacks, revocation
(deter X from originating my P) is probably not perceived as an
immediate issue.  renewal is properly handled by conservative issuance.
but, as the rpki is a pretty rigid structure (don't get me started), as
far as propagation is concerned, those three birds will tend to get
stoned simulataneously.

randy