Re: [Sidrops] nlnet rp and rsync
Martin Hoffmann <martin@opennetlabs.com> Tue, 12 May 2020 09:45 UTC
Return-Path: <martin@opennetlabs.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E11E33A0D37 for <sidrops@ietfa.amsl.com>; Tue, 12 May 2020 02:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 33l6IVL64eBr for <sidrops@ietfa.amsl.com>; Tue, 12 May 2020 02:45:26 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 132353A0D31 for <sidrops@ietf.org>; Tue, 12 May 2020 02:45:25 -0700 (PDT)
Received: from glaurung.nlnetlabs.nl (82-197-214-124.dsl.cambrium.nl [82.197.214.124]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id D138D33EFF; Tue, 12 May 2020 11:45:22 +0200 (CEST)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none (p=none dis=none) header.from=opennetlabs.com
Authentication-Results: dicht.nlnetlabs.nl; spf=none smtp.mailfrom=martin@opennetlabs.com
Date: Tue, 12 May 2020 11:45:21 +0200
From: Martin Hoffmann <martin@opennetlabs.com>
To: Russ Housley <housley@vigilsec.com>
Cc: SIDR Operations WG <sidrops@ietf.org>
Message-ID: <20200512114521.5787a957@glaurung.nlnetlabs.nl>
In-Reply-To: <FA1358BC-54C0-476B-A8A0-238D2F4EFE74@vigilsec.com>
References: <m2mu6f42ji.wl-randy@psg.com> <B23AED42-5983-4E14-897A-03A51FCDDC42@nlnetlabs.nl> <m2zhae3hrh.wl-randy@psg.com> <20200511123331.5c2d604a@glaurung.nlnetlabs.nl> <73D1F29B-7F54-4022-975C-477B3A9E7CC5@psg.com> <20200511125957.09b5f5e5@glaurung.nlnetlabs.nl> <m2y2py3emb.wl-randy@psg.com> <FA1358BC-54C0-476B-A8A0-238D2F4EFE74@vigilsec.com>
Organization: Open Netlabs
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/XE0lYCXGRa-Nq22KSA87q5mmwmc>
Subject: Re: [Sidrops] nlnet rp and rsync
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 09:45:28 -0000
Russ Housley wrote: > > A client can use any of the protocols that it wants, but it seems > like unnecessary fragility to pick an alternate and then refuse to > consider rsync. This seem counter to a graceful transition, > especially if there is a transition from RRDP to RRDP2 in the distant > future. The decision to not fall back to rsync if RRDP succeeded once was actually made with publication point operators in mind. With most relying party software now supporting RRDP and preferring it over rsync, an operator will see most traffic via RRDP and only very small amounts on rsync. Given that unlike with HTTP where lots of tooling and services for reliable, scalable operation exist, you are basically on your own with rsync, they are likely to only provide a minimum service. Now, if the RRDP service becomes unavailable for whatever reason, all relying parties hitting the rsync service is not going to end well. Since the absolute majority of these RRDP failures are of a transient nature and will be resolved by the next validation run, just skipping the publication point this time seems a reasonable choice. This could probably be improved by remember how many times it failed and switching back to rsync after, say, five failures, but I am not sure this is worth the effort. As an aside, switching between rsync and RRDP isn’t free. Because an RRDP server can essentially publish objects for any rsync URI it wants, you have to keep separate trees for rsync and each and every RRDP server. So falling back to rsync actually means either downloading the full copy or updating a severely outdated copy. It’s not that big a deal in the grand scheme of things but worth noting. Kind regards, Martin
- Re: [Sidrops] nlnet rp and rsync Randy Bush
- Re: [Sidrops] nlnet rp and rsync Russ Housley
- Re: [Sidrops] nlnet rp and rsync Randy Bush
- Re: [Sidrops] nlnet rp and rsync George Michaelson
- Re: [Sidrops] nlnet rp and rsync Martin Hoffmann
- Re: [Sidrops] nlnet rp and rsync Martin Hoffmann
- Re: [Sidrops] nlnet rp and rsync Stephen Kent
- Re: [Sidrops] nlnet rp and rsync Russ Housley
- Re: [Sidrops] nlnet rp and rsync Rob Austein
- Re: [Sidrops] nlnet rp and rsync Martin Hoffmann