[sidr] RIPE NCC RPKI Repository issue – Sat 2 Feb
Alex Band <alexb@ripe.net> Tue, 05 February 2013 11:14 UTC
Return-Path: <alexb@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id B9FDE21F8635 for <sidr@ietfa.amsl.com>;
Tue, 5 Feb 2013 03:14:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.809
X-Spam-Level:
X-Spam-Status: No,
score=-0.809 tagged_above=-999 required=5 tests=[BAYES_05=-1.11,
HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BAUHLe0DicBa for
<sidr@ietfa.amsl.com>; Tue, 5 Feb 2013 03:14:38 -0800 (PST)
Received: from postgirl.ripe.net (postgirl.ipv6.ripe.net
[IPv6:2001:67c:2e8:11::c100:1342]) by ietfa.amsl.com (Postfix) with ESMTP id
E2BCE21F8619 for <sidr@ietf.org>; Tue, 5 Feb 2013 03:14:37 -0800 (PST)
Received: from dodo.ripe.net ([193.0.23.4]) by postgirl.ripe.net with esmtps
(TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <alexb@ripe.net>) id
1U2gTz-0002jZ-DS for sidr@ietf.org; Tue, 05 Feb 2013 12:14:36 +0100
Received: from s258-sslvpn-1.ripe.net ([193.0.20.231] helo=vpn-135.ripe.net)
by dodo.ripe.net with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72)
(envelope-from <alexb@ripe.net>) id 1U2gTz-0002qg-9K for sidr@ietf.org;
Tue, 05 Feb 2013 12:14:35 +0100
From: Alex Band <alexb@ripe.net>
Content-Type: multipart/alternative;
boundary="Apple-Mail=_53FEF3E2-542B-421C-A867-F08577389BAD"
Message-Id: <A2F373A1-0500-4412-BAF2-EAAD9B13709C@ripe.net>
Date: Tue, 5 Feb 2013 12:14:34 +0100
To: sidr@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.48/RELEASE,
bases: 20120425 #7816575, check: 20130205 clean
X-RIPE-Spam-Level: --
X-RIPE-Spam-Report: Spam Total Points: -2.9 points pts rule name description
---- ---------------------- ------------------------------------ -1.0
ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 RP_MATCHES_RCVD
Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY:
Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML
included in message
X-RIPE-Signature: ddd0bbf11d1e21354000f5f053f5ae69abc1efb1c5c9528665aa7b43891b96df
Subject: [sidr] =?windows-1252?q?RIPE_NCC_RPKI_Repository_issue_=96_Sat_2_?=
=?windows-1252?q?Feb?=
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>,
<mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>,
<mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2013 11:14:38 -0000
The RIPE NCC RPKI repository became inconsistent and outdated starting on Saturday, 2 Feb 2013 that lasted for several hours. This was caused by a problem in our RPKI system that degraded performance to a point where the publication for all 1300+ Member CAs combined took more than 24 hours. This meant the CRLs and manifests for some CAs expired before they republished. The bug that caused the problem has been fixed and we are making sure the robustness and monitoring of the system is further improved. We are also taking steps to ensure that the scaling of the system keeps pace with the adoption by our members. In case you notice a problem with one of our services, please check our web page with known service and security announcements: http://www.ripe.net/lir-services/service-announcements If you suspect a serious incident or outage with a critical RIPE NCC service that is not shown here, please contact the RIPE NCC Technical Emergencies Hotline: http://www.ripe.net/contact/technical-emergency-hotline If you have any questions, please let us know. Cheers, Alex