[Sidrops] www.rpkiviews.org - geographically diverse vantage points

Job Snijders <job@sobornost.net> Mon, 04 January 2021 19:40 UTC

Return-Path: <job@sobornost.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id AF1D63A0FF3 for <sidrops@ietfa.amsl.com>; Mon, 4 Jan 2021 11:40:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.019
X-Spam-Status: No, score=-0.019 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id P53H9OLykHBi for <sidrops@ietfa.amsl.com>; Mon, 4 Jan 2021 11:40:14 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63A63A0FF2 for <sidrops@ietf.org>; Mon, 4 Jan 2021 11:40:14 -0800 (PST)
Received: from smtp.freedom.nl (unknown []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 2CB5060100 for <sidrops@ietf.org>; Mon, 4 Jan 2021 19:40:12 +0000 (UTC)
Received: from smtp.freedom.nl (smtp.freedom.nl []) by soverin.net
Received: from localhost (bench.sobornost.net [local]) by bench.sobornost.net (OpenSMTPD) with ESMTPA id b6d4f53f; Mon, 4 Jan 2021 19:40:10 +0000 (UTC)
Date: Mon, 04 Jan 2021 19:40:09 +0000
From: Job Snijders <job@sobornost.net>
To: sidrops@ietf.org
Message-ID: <X/NvGe10G95fWbj2@bench.sobornost.net>
References: <20201203224213.gnb2nawujxm7a32q@benm-laptop> <20201204111651.4e865d7d@glaurung.nlnetlabs.nl> <X8oSBlR1pDhX83nH@bench.sobornost.net> <62CCDADA-E2B5-4354-82E5-995837633307@nlnetlabs.nl> <X8on7A4R63HYUnpz@bench.sobornost.net> <d518f9de-850c-ad10-49a5-1eee4c85fa6b@NLnetLabs.nl> <X8pJoTEUDwpE6iIi@bench.sobornost.net> <953B1447-1253-4EA2-A805-5DAB9CD394D6@nlnetlabs.nl> <X/KEY6w5upXoM6Pa@bench.sobornost.net> <CAGQUKcf7H-tEFZuWh+E3UJNxiKF=jAXPcwhRNmuamNKwdMTGmw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAGQUKcf7H-tEFZuWh+E3UJNxiKF=jAXPcwhRNmuamNKwdMTGmw@mail.gmail.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/qqG_jxvwniMDyuP4b8mZMBGKVQI>
Subject: [Sidrops] www.rpkiviews.org - geographically diverse vantage points
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 19:40:18 -0000

On Mon, Jan 04, 2021 at 12:10:54PM -0500, Tony Tauber wrote:
> > At this URL http://rpkiviews.org/ i am trying to re-publish data I
> > collected after having made some attempt with OpenBSD's 'rpki-client' to
> > validate the RPKI data.
> >
> > one view:
> >
> >     http://www.rpkiviews.org/adrian.sobornost.net/rpkidata/2020/12/01/
> >
> > and a bit later I added a second instance with a different view:
> >
> > http://josephine.sobornost.net/josephine.sobornost.net/rpkidata/2021/01/01/
> Nice work.
> When you say "different view", what does that mean?
> The structure of the data is different or the location in the internet
> where the collection was performed from ("vantage point"?) was different?

You are spot on, its just the location that is different. It'll be
important to keep an eye on 'the RPKI' from multiple angles in the
default-free zone.

I imagine we have to include in the risk model how cache instances
Relying Parties might see different objects coming out of publication
servers depending on where they are connected to the Internet. 

Citing RFC 7115 Section 6:

    Like the DNS, the global RPKI presents only a loosely consistent
    view, depending on timing, updating, fetching, etc.  Thus, one cache
    or router may have different data about a particular prefix than
    another cache or router.  There is no 'fix' for this, it is the
    nature of distributed data with distributed caches.

As we can't 'fix' it, at least we can monitor and record it (just like
the weather! :-).

Adrian.sobornost.net is generously hosted by NTT in their Dallas, TX,
USA facility. Josephine.sobornost.net is generously hosted by XS4ALL in
their Amsterdam, NL facility. I've updated the page to provide more

> (The latter perhaps being interesting should reachability of any TALs or
> Publication Points be different.)



If others are willing to set up similarly structured data collection
efforts, I can help in two ways:

    1) add links towards such initiatives from the www.rpkiviews.org
    2) I myself can configure your data collection server through SSH,
       all that is required is a POSIX compliant system with... LOTS of
       disk space.

It would be incredible valuable to have public viewpoints located in the
African, Asian, and South American segments of the Internet. 

Kind regards,