Re: [Sidrops] Publication Point -> RP synchronization in bandwidth constrained environments (note for RRDP v2)
Tim Bruijnzeels <tim@nlnetlabs.nl> Fri, 09 June 2023 08:52 UTC
Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E73DEC151709 for <sidrops@ietfa.amsl.com>; Fri, 9 Jun 2023 01:52:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDDy4ZH2mKjz for <sidrops@ietfa.amsl.com>; Fri, 9 Jun 2023 01:52:01 -0700 (PDT)
Received: from dane.soverin.net (dane.soverin.net [185.233.34.148]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95C3EC151064 for <sidrops@ietf.org>; Fri, 9 Jun 2023 01:52:01 -0700 (PDT)
Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4Qcvvy4BTtz2xF0; Fri, 9 Jun 2023 08:51:58 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.100]) by soverin.net (Postfix) with ESMTPSA id 4Qcvvy0VNlzBX; Fri, 9 Jun 2023 08:51:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1686300718; bh=D9rilZDibj+8gVkrleqbthSmPI114g/LJefLvOE0e4w=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Hexp9VRh4TR8BFoU2q4Y1ys8SZ/c9lj5orDYK8ROp1WluJGXW6xI1pq/U4ET07kyk hopX4JYuX79nCGxaJR8i2FByFU+AhHg/JpSSqadIaFlu1PYFiqp32cai43UDHfDFcS uYIemkRdBeYFUTaoF5TAmRlxM4npkst9lIt5FoqLzMURiLHzF/MfiMWsrzfbJGqqr2 XZW6s5K8aY05RB00B4c53c0jw+jLeHFGKoh9Uv/MayyJrQzZH50jirtplr9k4ZHBFU KOiPenYthJSxdAOzKM6Eh1BJBg6axjCPaTdqomtQKfPKW/uQkvQguz3BJT7L/wT45N Ag4uC+1BSlCaQ==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
X-Soverin-Authenticated: true
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <7E1EF4EE-AC5C-4E1A-BCF6-48B814EC75CF@ripe.net>
Date: Fri, 09 Jun 2023 10:51:47 +0200
Cc: Job Snijders <job@fastly.com>, Claudio Jeker <cjeker@diehard.n-r-g.com>, Mikhail Puzanov <mpuzanov@ripe.net>, sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <E1B2E888-FB01-42A3-BF27-1FD2FCD1B336@nlnetlabs.nl>
References: <ZHYYt77xdtrkNV1a@snel> <955CFF67-8D19-4B38-8585-3754F3119EDF@ripe.net> <ZIHLBTZJ06/J3bCa@diehard.n-r-g.com> <461BCBA1-19FD-4E6C-83C3-584D1597B2E9@ripe.net> <DCB50ED8-9906-41DE-892E-F76987C4808C@nlnetlabs.nl> <ZIH1pRbTSyp/6vSB@snel> <7E1EF4EE-AC5C-4E1A-BCF6-48B814EC75CF@ripe.net>
To: Ties de Kock <tdekock@ripe.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/gNz4W9ulnHFpe334AUl-hnXCXOE>
Subject: Re: [Sidrops] Publication Point -> RP synchronization in bandwidth constrained environments (note for RRDP v2)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 08:52:06 -0000
> On 9 Jun 2023, at 10:38, Ties de Kock <tdekock@ripe.net> wrote: > > > >> On 8 Jun 2023, at 17:37, Job Snijders <job@fastly.com> wrote: >> >> On Thu, Jun 08, 2023 at 05:13:55PM +0200, Tim Bruijnzeels wrote: >>> As for lessons learned for a future RRDP. There are a number of things >>> that I think could be done. To just name a few: >>> >>> - No new snapshot on every update >>> >>> This is hard for the server. Writing a full snapshot of multiple MBs for >>> every change adds up. I think it would be better to have snapshots every >>> so often and use deltas to get to the current state >>> >>> - Combine deltas >>> >>> Let the server pre-calculate combined deltas from serial X to current. >>> This saves the RPs downloading many files. It saves bandwidth in cases >>> where files are updated multiple times (e.g. a CA published multiple >>> ROAs as separate events). >>> >>> - Binary format >>> >>> We can have a DER encoded structures (since we do DER anyway) that can >>> contain all the data. This saves a lot of XML and base64 overhead. I have >>> not done the analysis but I think that the actual DER objects don't compress >>> well - so we may not need compression if we do this. >>> >>> - Pointers for stragglers? >>> >>> Notification files should be short. This means that RPs that have not >>> synced for a long time will have to do a full re-sync. What may help >>> is that there are pointers included to longer notification files for >>> those that need it. >> >> Another thing that I'd consider to add to the list would be advisory >> timing parameters in the notify file: A publication server in trouble, >> could sorta 'increase' their capacity if the server could request RPs to >> fetch less frequently. > Currently RFC 8182 puts the limit at once per minute. I think it would be good to have flexibility in rate-limiting rather than hard coding this for all. > Do we need to do this in the RRDP protocol? Or could we maybe get close with > HTTP headers? I think headers would allow for quick reconfiguration on the HTTPS server without the need to reconfigure/re-issue/update the back-end. This may also help in cases where there is a need to change the rate limit, but there is no updated content. Tim > > Kind regards, > Ties
- [Sidrops] Publication Point -> RP synchronization… Job Snijders
- Re: [Sidrops] Publication Point -> RP synchroniza… Christopher Morrow
- Re: [Sidrops] Publication Point -> RP synchroniza… Job Snijders
- Re: [Sidrops] Publication Point -> RP synchroniza… Christopher Morrow
- Re: [Sidrops] Publication Point -> RP synchroniza… Di Ma
- Re: [Sidrops] Publication Point -> RP synchroniza… Lukas Tribus
- Re: [Sidrops] Publication Point -> RP synchroniza… Mikhail Puzanov
- Re: [Sidrops] Publication Point -> RP synchroniza… Ties de Kock
- Re: [Sidrops] Publication Point -> RP synchroniza… Claudio Jeker
- Re: [Sidrops] Publication Point -> RP synchroniza… Ties de Kock
- Re: [Sidrops] Publication Point -> RP synchroniza… Tim Bruijnzeels
- Re: [Sidrops] Publication Point -> RP synchroniza… Job Snijders
- Re: [Sidrops] Publication Point -> RP synchroniza… Mikhail Puzanov
- Re: [Sidrops] Publication Point -> RP synchroniza… Ties de Kock
- Re: [Sidrops] Publication Point -> RP synchroniza… Tim Bruijnzeels
- Re: [Sidrops] Publication Point -> RP synchroniza… Job Snijders
- Re: [Sidrops] Publication Point -> RP synchroniza… Ties de Kock