IETF Logo Mail Archive

Re: [Sidrops] RRDP / RSYNC / Other?

Tim Bruijnzeels <tbruijnzeels@ripe.net> Fri, 12 January 2024 14:58 UTC

Return-Path: <tbruijnzeels@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82333C14F616; Fri, 12 Jan 2024 06:58:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VP4dW4GB3H2; Fri, 12 Jan 2024 06:58:09 -0800 (PST)
Received: from mail-mx-1.ripe.net (mail-mx-1.ripe.net [IPv6:2001:67c:2e8:11::c100:1311]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 807EFC14F700; Fri, 12 Jan 2024 06:58:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=DTbI3Fa4Jmr0RKj3sj/hJkRvJvsFa6PhiUl/wWohQCY=; b=IZF/4Ab7UH5VLEaH3uQwKaff w/LRTmpZmTyztt8irB7fheqgFYKGurDjmYGC93vhyixtgvRhAGjRzbsLPyA7M8xBzKKaSp9WacBZm AUz16YdIlhSxWxjc303iV3ndvuJ5IiWw2JRkcluWy1/gB+PuuZF7MR608kA42Jv2D5ElonTCgYr4B QghnthxQjZHx94HzXKZbCCYy5+Xb70vOXXsP/Be791+y9aYRtNRDo40C3j5C/5N584OvCYQQLyRUT uGnTU7N0OxhtaqGLq0CBCexKVumrZ3VFlzBphI7Z/tZSJgiQcWyD3woVk6eYv7YYteFH0SN5vHmyW YYFowhte8w==;
Received: from imap-01.ripe.net ([2001:67c:2e8:23::c100:170e]:54694) by mail-mx-1.ripe.net with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <tbruijnzeels@ripe.net>) id 1rOIz0-00FCv8-1t; Fri, 12 Jan 2024 14:58:06 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by imap-01.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <tbruijnzeels@ripe.net>) id 1rOIz0-00DOO6-1Y; Fri, 12 Jan 2024 14:58:06 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\))
From: Tim Bruijnzeels <tbruijnzeels@ripe.net>
In-Reply-To: <ZaEqnGpUZO0R_lLz@snel>
Date: Fri, 12 Jan 2024 15:57:56 +0100
Cc: Christopher Morrow <christopher.morrow@gmail.com>, SIDR Operations WG <sidrops@ietf.org>, sidrops-ads@ietf.org, SIDROps Chairs <sidrops-chairs@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D4B7FA4D-08BB-4541-92EE-1B6148664D8F@ripe.net>
References: <CAL9jLab1xknRY=oCZzyXe7Dtyc8to46rVfE-1BzzuMUkWCNtLg@mail.gmail.com> <ZaEqnGpUZO0R_lLz@snel>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3774.300.61.1.2)
X-RIPE-Signature: 7105a661eeefe5d5c9c241e9d0d5d8906b54223d1c0016ebca661171002ecf11
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/RtmpPwH8Ho3X9VC5DS0iGPFX8nk>
Subject: Re: [Sidrops] RRDP / RSYNC / Other?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2024 14:58:13 -0000

Dear all,

> On Jan 12, 2024, at 13:03, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> 
> Dear all,
> 
> On Thu, Jan 11, 2024 at 10:52:55PM -0500, Christopher Morrow wrote:
>> The 'prefer rrdp' draft has been sitting(expired)  for a while, I had
>> thought when the document started life there was a set of good reasons
>> for this plan. I think I still want to prefer 'not rsync' on my RP
>> deployment :)
> 

Chris, to be clear: the prefer-rrdp draft does not attempt to remove rsync. It
formulated a plan to prefer RRDP. I think it is largely overtaken by reality,
except for a number of  suggestions that it’s making to update various
documents to ensure that RRDP is no longer optional and must get the
same 24/7 attention as rsync.

I think those suggestions are still useful even if deprecating rsync (as the
draft was called in an earlier stage) is a separate discussion.

> =
>> I believe that a longer term goal for rrdp (and the draft in question)
>> was to eventually decommission/deprecate the RSYNC code paths, as
>> well.
> 
> Well, that is not my goal. Before we even consider deprecation of rsync,
> there first needs to be a viable alternative to both RSYNC and RRDP v1.
> 
> As it stands - RRDP has numerous inefficiencies, implementation
> inconsistencies, curious pitfalls, unforeseen operational failure modes,
> and performs extremely poor in low bandwidth situations. But of course,
> rsync is not without its own issues and complications. Fortunately, not
> a lot of the failure modes are shared between the transport protocols,
> meaning that one is a good backup for the other.
> 
> I think some people in this working group underappreciate the benefits
> of rsync as a (backup) transport, especially in the face of instability
> in the RRDP transport. As long as people are stuck in just mindlessly
> repeating "rsync bad" and refuse to see and articulate the benefits that
> rsync offers, it'll be hard to copy those benefits over to a next gen
> transport protocol.

I agree that we also have seen issues with RRDP. There are lessons 
learned on different levels. Just like we have also learned issues with
rsync. With regards to current operational challenges I believe that
draft-timbru-sidrops-publication-server-bcp-01 that I and others have
been working on is a good start - not just for RRDP (bandwidth, load
balancing), but also for rsync (e.g. the symlinking and mtime fixing). We
will renew it soon and ask for working group adoption.

> 
>> In light of the original reasonings for RRDP development:
>>  * standard(ized) transport protocol (http)
>>  * scalability and cacheability of the content
>>  * easier to inspect/debug service(s)
>>  (there may be others,  don't think right now its important that there are)
> 
> I agree HTTP is a standardized protocol and I hope ultimately something
> HTTP-based is where we'll end up. But, the other arguments can be
> challenged: RRDP 'scales so well' that we've seen RPs become an
> unrecoverable denial-of-service against the publication point. In
> practise rsync is easier to debug and inspect with out-of-the-box
> tooling, whereas RRDP requires a quite specialized knowledge and tooling
> to meaningfully debug.

I appreciate the direct access to objects for debugging that rsync offers. I
would prefer some future where we can have direct access over HTTP (and
use a CDN).

> 
>> and the original arguments against RSYNC as the protocol for long term use:
>>  * how could this possibly scale!
>>  * i can ship random bits  to all RPs and they can't NOT accept them
>>  * wow is this a bear to deal with in a programmatic manner!
>>  (there may be others, not important right now what they are)
>> 
>> Is it time that we fresh-slate thought about this problem?
>> I believe we CAN swap in 'anything' that has a URL type naming/pointing form
>>  (perhaps we would need to define new url protocols, but...)
>> I think if we had a solid option, with running code we could talk
>> about removing rsync, preferring rrdp and testing the 'new thing'...
>> or some form of that ordering.
> 
> When you actually remove rsync, RRDP no longer becomes a matter of
> 'preference'. :-)
> 
>> Should we take up a discussion and work to investigate a RRDP
>> replacement?

I still think that first step is to prefer RRDP and make it mandatory. In practice
this is the reality today, but it’s not reflected in standards where RRDP is still
optional and 24/7 commitments are not clearly formulated.

The main design goal of RRDP was to allow the use of CDNs and ensure that
servers can create cacheable data once, rather than having the server needing
to invest memory and CPU on every connection. There are many RPs to
repositories. This is a skewed ratio. Sadly, *recursive* rsync servers with
a lot of data are trivial to DoS because of that.

RRDP makes the tradeoff to use more bandwidth in order to reduce the direct
impact on a back-end server in terms of CPU and memory needs to maintain
sessions. Sadly, this means that if the notification file is too large, and the
bandwidth too low (no, do not use a single 100 Mbit node), this results in
issues.

Where bandwidth is not an issue, and the load-balancing/timing of notification
file updates is addressed, I do believe that RRDP offers a big improvement today.
It’s not perfect, but it allows RPs to be more aggressive in their fetching.

> The timing is not optimal from my perspective, I don't mind the status
> quo. I think we should first finish:
> 
> * ASPA signed object: draft-ietf-sidrops-aspa-profile
> * ASPA-based BGP message verification: draft-ietf-sidrops-aspa-verification
> * ASPA RTR: draft-ietf-sidrops-8210bis
> * draft-ietf-sidrops-signed-tal (has multiple implementations, authors
>  requested WGLC multiple times now...)
> * draft-ietf-sidrops-cms-signing-time
> * draft-ietf-sidrops-rpki-prefixlist
> * And there also is a recent interest to revisit the validation
>  algorithm, this will all take up a fair chunk of working group
>  bandwidth.
> 
> In short - deprecating rsync before having a viable alternative to RRDP
> v1 is horse behind cart. A deprecation of rsync won't solve immediate
> operational issues, but instead will add problems. The community now
> also is aware of various optimizations that can be done to make
> RRDP-to-RSYNC switchovers far less resource intensive, so scalability
> concerns are not as strong as they once were.

Job, as you are saying (I think), I agree the we should only consider deprecating
rsync altogether until we have an improvement over RRDP, or at least ensure
that fallbacks are possible somehow. I believe that a discussion about a next
gen protocol is useful and can occur in parelel to other work. There is no reason
why e.g. the ASPA work should be stalled because of such a discussion. 

For what it's worth, some initial thoughts regarding an RRDP++/bis/replacement:

It would be good if a future iteration can reduce the bandwidth. Other signaling
than HTTP polling of potentially large files may be useful to consider here.

There is no easy direct access to files in RRDP. Furthermore, URIs can be
anything - there is no consistent scoping. Writing a full snapshot on every change
is heavy (I agree with draft-ietf-grow-nrtm-v4 on this one). The encoding is
convoluted. We may want to think about mirroring.

Etc. This is not complete. Let’s first establish if we want to have the discussion
now, then we can talk more details..

Kind regards,
Tim


> 
> Kind regards,
> 
> Job
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
>

v2.23.0 | Report a Bug | By Email