Re: [Sidrops] RRDP / RSYNC / Other?
Christopher Morrow <christopher.morrow@gmail.com> Sat, 13 January 2024 17:29 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0185DC14F5E7; Sat, 13 Jan 2024 09:29:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnX-60HK8HrW; Sat, 13 Jan 2024 09:29:53 -0800 (PST)
Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25FFBC14F5E9; Sat, 13 Jan 2024 09:29:53 -0800 (PST)
Received: by mail-ua1-x92f.google.com with SMTP id a1e0cc1a2514c-7cd5ab5d5bbso2399026241.3; Sat, 13 Jan 2024 09:29:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705166992; x=1705771792; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=J7bG4nOkto/M85f79VJUbXfwgyqWvlOxNJeHJgHzxmo=; b=EJ2Mw1NP6H618tVSQTUm0y+iozsjNtn8NjJ6uLsyDuNEYgqZpYTWMycsCxAu36jh5f Tr+T9T0S5UzsmdrNKhP0rJFKY2UryZVadjBa3vp6Kuv45Y6jZM3b8TncNeVjui+YKetu 3QXtwDhMXf99eSdQmuJSjsVyxqT3t8ou4PrQp7VX65sD7sJhbXnye8sNkLZn/AF0Hcrs iiDNoBo2IDORdfwPeZMBMWLaaFjB03ay4ZtDcYLgKMBo8MgcGgwRKLNi2+WwwJe3wYVP 3PLr6doVO3AzL1bampKN2qZ+HYVktGakLaMBR9QgUTnDI8Cia1Nz6C0lZHJaDppEKT6j PVhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705166992; x=1705771792; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J7bG4nOkto/M85f79VJUbXfwgyqWvlOxNJeHJgHzxmo=; b=RFqmndi4Qt9wtO0i5f9INv0wbwvBRYMDmHdjn0hUTr8Ysrm9gA80z579y8btevfXT4 nLeP26g4jQYaH8q7twCew457wDH0/lqR1ykmDSX861nQTxKLH81+jtbTa7ejkmE32Jpf TnmaKfyZvEI4uyfH3ZkI9srjONhSFQftoVn9kzbCRlJ7MQaB2Kk902Jl/pqEhS3kWrCj AqmxOVIJNvxhg+Pi54Xw9MY0ePQgDP9bmA65m4MRHieaIR8cbKBtvXQ0nreII1r/qz7W Ny9d73VniqPFurKLFThP8D7rMHmBEM9l0CHXZ4YRCDLyMrT8VGrXO4somrPjH8/SYCe/ vP7w==
X-Gm-Message-State: AOJu0Yyc5Zfb8K7Y906OAV8HFwToKj2PoNdlrKkQ4NvtzGE3AQXZgGSr AtUgAUL67z7pULOUj/DctYbGZMnGDo9Mk8voMNk68ZLV
X-Google-Smtp-Source: AGHT+IHXdzG+/bEznQVSqdtwxtbfx5GGG+SLRqwN5C0tUt7OZPdCzD7T8D42E7OjV34vcF2HdQfLCXKuZYepn9Dc8C4=
X-Received: by 2002:a67:ef89:0:b0:467:ed18:56e2 with SMTP id r9-20020a67ef89000000b00467ed1856e2mr2620503vsp.7.1705166990449; Sat, 13 Jan 2024 09:29:50 -0800 (PST)
MIME-Version: 1.0
References: <CAL9jLab1xknRY=oCZzyXe7Dtyc8to46rVfE-1BzzuMUkWCNtLg@mail.gmail.com> <ZaEqnGpUZO0R_lLz@snel> <D4B7FA4D-08BB-4541-92EE-1B6148664D8F@ripe.net>
In-Reply-To: <D4B7FA4D-08BB-4541-92EE-1B6148664D8F@ripe.net>
From: Christopher Morrow <christopher.morrow@gmail.com>
Date: Sat, 13 Jan 2024 12:29:39 -0500
Message-ID: <CAL9jLaaO8EHhHPsk4yKVxb-oS0OQLWiqaoiq2t6DEOJLpeMntA@mail.gmail.com>
To: Tim Bruijnzeels <tbruijnzeels@ripe.net>
Cc: Job Snijders <job=40fastly.com@dmarc.ietf.org>, SIDR Operations WG <sidrops@ietf.org>, sidrops-ads@ietf.org, SIDROps Chairs <sidrops-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/cJAVxi_W5cmGudeII4tl5zWTT7c>
Subject: Re: [Sidrops] RRDP / RSYNC / Other?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jan 2024 17:29:57 -0000
(sorry this is a bit of an omnibus reply, to tim/job/ties) On Fri, Jan 12, 2024 at 9:58 AM Tim Bruijnzeels <tbruijnzeels@ripe.net> wrote: > > Dear all, > > > On Jan 12, 2024, at 13:03, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote: > > > > Dear all, > > > > On Thu, Jan 11, 2024 at 10:52:55PM -0500, Christopher Morrow wrote: > >> The 'prefer rrdp' draft has been sitting(expired) for a while, I had > >> thought when the document started life there was a set of good reasons > >> for this plan. I think I still want to prefer 'not rsync' on my RP > >> deployment :) > > > > Chris, to be clear: the prefer-rrdp draft does not attempt to remove rsync. It > formulated a plan to prefer RRDP. I think it is largely overtaken by reality, sure, understood... Maybe I misunderstood that the longer term plan (perhaps not articulated in the draft) was to deprecate rsync. Before deprecation we'd certainly want to prefer 'other' (the draft's point). > except for a number of suggestions that it’s making to update various > documents to ensure that RRDP is no longer optional and must get the > same 24/7 attention as rsync. > > I think those suggestions are still useful even if deprecating rsync (as the > draft was called in an earlier stage) is a separate discussion. fair! > > > = > >> I believe that a longer term goal for rrdp (and the draft in question) > >> was to eventually decommission/deprecate the RSYNC code paths, as > >> well. > > > > Well, that is not my goal. Before we even consider deprecation of rsync, > > there first needs to be a viable alternative to both RSYNC and RRDP v1. > > Sure, I thought I was making a sort of clear point that: "we have a draft that says: 'prefer RRDP'" I was attempting to also make a point that probably if a goal is: "prefer rrdp, and then later deprecate rsync" we should answer a couple other questions: 1) do we want to maintain 2 ways to do this thing (move bits around relative to rpki)? 2) do we want a better answer than rrdp? (are there problems/issues with RRDP that should be addressed? can we do that in the exisitng binaries/protocol?) 3) do we want a better answer than rsync? I don't know the correct answer(s) to the above, but it sure seems to me like: "one way seems simpler to support in code and on the systems" "there have been issues raise with both rsync and rrdp" > > As it stands - RRDP has numerous inefficiencies, implementation > > inconsistencies, curious pitfalls, unforeseen operational failure modes, > > and performs extremely poor in low bandwidth situations. But of course, Some of this could be the implementation(s) in particular and not the underlying transport, by this I mean either the clients or the servers may be behaving poorly in certain enviroments/conditions. > > rsync is not without its own issues and complications. Fortunately, not > > a lot of the failure modes are shared between the transport protocols, > > meaning that one is a good backup for the other. > > > > I think some people in this working group underappreciate the benefits > > of rsync as a (backup) transport, especially in the face of instability > > in the RRDP transport. As long as people are stuck in just mindlessly > > repeating "rsync bad" and refuse to see and articulate the benefits that > > rsync offers, it'll be hard to copy those benefits over to a next gen > > transport protocol. > This could be, again I don't know the answer here i was attempting to raise some questions and ask if the questions were headed in a good direction AND if the WG was interested in pursuing the conversation. > I agree that we also have seen issues with RRDP. There are lessons > learned on different levels. Just like we have also learned issues with > rsync. With regards to current operational challenges I believe that > draft-timbru-sidrops-publication-server-bcp-01 that I and others have > been working on is a good start - not just for RRDP (bandwidth, load > balancing), but also for rsync (e.g. the symlinking and mtime fixing). We > will renew it soon and ask for working group adoption. ok, sounds good. > >> In light of the original reasonings for RRDP development: > >> * standard(ized) transport protocol (http) > >> * scalability and cacheability of the content > >> * easier to inspect/debug service(s) > >> (there may be others, don't think right now its important that there are) > > > > I agree HTTP is a standardized protocol and I hope ultimately something > > HTTP-based is where we'll end up. But, the other arguments can be > > challenged: RRDP 'scales so well' that we've seen RPs become an > > unrecoverable denial-of-service against the publication point. In > > practise rsync is easier to debug and inspect with out-of-the-box > > tooling, whereas RRDP requires a quite specialized knowledge and tooling > > to meaningfully debug. This seems (the last couple sentences really) to be a side conversation about how the tooling (current or future) used by the RP and publication point could use a bunch more thought about their use in normal operations and in debugging scenarios. The tooling built around inspecting the collected repository data has been a boon to debugging of the system at large, I think. More of that work, and assisting that work with better collection protocol(s) would certainly be beneficial to the ops community. > I appreciate the direct access to objects for debugging that rsync offers. I > would prefer some future where we can have direct access over HTTP (and > use a CDN). > > > > >> and the original arguments against RSYNC as the protocol for long term use: > >> * how could this possibly scale! > >> * i can ship random bits to all RPs and they can't NOT accept them > >> * wow is this a bear to deal with in a programmatic manner! > >> (there may be others, not important right now what they are) > >> > >> Is it time that we fresh-slate thought about this problem? > >> I believe we CAN swap in 'anything' that has a URL type naming/pointing form > >> (perhaps we would need to define new url protocols, but...) > >> I think if we had a solid option, with running code we could talk > >> about removing rsync, preferring rrdp and testing the 'new thing'... > >> or some form of that ordering. > > > > When you actually remove rsync, RRDP no longer becomes a matter of > > 'preference'. :-) yes, clearly a plan isn't: "prefer rrdp, kill rsync, now plan on a replacement rrdp!" :) a reasonable plan (it seemed to me) was: "discuss/define some requirements for the system (client/server), and operations of the system." that plan may end up deprecating rsync, or rrdp or both over some time period. > >> Should we take up a discussion and work to investigate a RRDP > >> replacement? > > I still think that first step is to prefer RRDP and make it mandatory. In practice > this is the reality today, but it’s not reflected in standards where RRDP is still > optional and 24/7 commitments are not clearly formulated. > I, for selfish reasons, really want rrdp to be supported across the board, so yes this seems ok to me. it'd still be good to get consensus on this though :) and disregard my selfish reason(s). > The main design goal of RRDP was to allow the use of CDNs and ensure that > servers can create cacheable data once, rather than having the server needing > to invest memory and CPU on every connection. There are many RPs to > repositories. This is a skewed ratio. Sadly, *recursive* rsync servers with > a lot of data are trivial to DoS because of that. this sounds like 2 (at least) requirements for the server and client infra, almost certainly some / one of those was included in the original rrdp docs/requirements/planning. This also highlights a possible reason to deprefer rsync. > RRDP makes the tradeoff to use more bandwidth in order to reduce the direct > impact on a back-end server in terms of CPU and memory needs to maintain > sessions. Sadly, this means that if the notification file is too large, and the > bandwidth too low (no, do not use a single 100 Mbit node), this results in > issues. sure, I would bet this is also addressable in the server config... 'please do not accept enough requests that let you kill yourself' but.. sure, also maybe this is a failure mode we learned and can attempt to address in a replacement protocol suite? > Where bandwidth is not an issue, and the load-balancing/timing of notification > file updates is addressed, I do believe that RRDP offers a big improvement today. > It’s not perfect, but it allows RPs to be more aggressive in their fetching. > > > The timing is not optimal from my perspective, I don't mind the status > > quo. I think we should first finish: > > > > * ASPA signed object: draft-ietf-sidrops-aspa-profile > > * ASPA-based BGP message verification: draft-ietf-sidrops-aspa-verification > > * ASPA RTR: draft-ietf-sidrops-8210bis > > * draft-ietf-sidrops-signed-tal (has multiple implementations, authors > > requested WGLC multiple times now...) > > * draft-ietf-sidrops-cms-signing-time > > * draft-ietf-sidrops-rpki-prefixlist > > * And there also is a recent interest to revisit the validation > > algorithm, this will all take up a fair chunk of working group > > bandwidth. > > > > In short - deprecating rsync before having a viable alternative to RRDP > > v1 is horse behind cart. A deprecation of rsync won't solve immediate don't disagree, my intent was absolutely NOT to 'ok, turn off rsync now'. > > operational issues, but instead will add problems. The community now > > also is aware of various optimizations that can be done to make > > RRDP-to-RSYNC switchovers far less resource intensive, so scalability > > concerns are not as strong as they once were. > > Job, as you are saying (I think), I agree the we should only consider deprecating > rsync altogether until we have an improvement over RRDP, or at least ensure > that fallbacks are possible somehow. I believe that a discussion about a next > gen protocol is useful and can occur in parelel to other work. There is no reason > why e.g. the ASPA work should be stalled because of such a discussion. > > For what it's worth, some initial thoughts regarding an RRDP++/bis/replacement: > > It would be good if a future iteration can reduce the bandwidth. Other signaling > than HTTP polling of potentially large files may be useful to consider here. > > There is no easy direct access to files in RRDP. Furthermore, URIs can be > anything - there is no consistent scoping. Writing a full snapshot on every change > is heavy (I agree with draft-ietf-grow-nrtm-v4 on this one). The encoding is > convoluted. We may want to think about mirroring. > > Etc. This is not complete. Let’s first establish if we want to have the discussion > now, then we can talk more details.. thanks! (ties/job/tim all) for the conversation. I suspect we have another little chat time in email, then maybe we could work out some of the question(s) / answers and do that in a document. -chris > > > > > Kind regards, > > > > Job > > > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > >
- [Sidrops] RRDP / RSYNC / Other? Christopher Morrow
- Re: [Sidrops] RRDP / RSYNC / Other? Ties de Kock
- Re: [Sidrops] RRDP / RSYNC / Other? Job Snijders
- Re: [Sidrops] RRDP / RSYNC / Other? Tim Bruijnzeels
- Re: [Sidrops] RRDP / RSYNC / Other? Christopher Morrow