Re: [Sidrops] www.rpkiviews.org - geographically diverse vantage points
Tim Bruijnzeels <tim@nlnetlabs.nl> Tue, 05 January 2021 08:54 UTC
Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E422C3A0F74 for <sidrops@ietfa.amsl.com>; Tue, 5 Jan 2021 00:54:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5VK5XKqECPt for <sidrops@ietfa.amsl.com>; Tue, 5 Jan 2021 00:54:01 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::215]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A560C3A0F4A for <sidrops@ietf.org>; Tue, 5 Jan 2021 00:54:01 -0800 (PST)
Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 8243F6087E for <sidrops@ietf.org>; Tue, 5 Jan 2021 08:53:59 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1609836839; bh=nHqq9R0kC9wzLkJ2AOHp4t4oSaqaWC7qkHto/deuJ6w=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=mUTmFzf8Qk5pkEvvOqY5EqYCVStkr15qb1/hos5ep5pbww4tW+PN8sbGL/nIJjkGS YyKwgPejsPbPN8PvMH+4LpoornU28WTDQEI/eCdwmUuFngn3ig9ShX33pH/6goqXO7 7I1qKocWLIKLQAy5zMVDlcN6QC0PhQSn/O1d4O53vyqQQvd2yoeXXNtvX05RtKtReE 1lza/V2OCMlpo9zq8s16PQ7F/r2lajZuRCwoApR8Gwywc3gY9pDa+Hqr7M2sjyOfVn fkOQlxyzFkwx64DWVDZiI1xNXIHHT0a9mcVuAovWOJKr89zXGUd3w95C9LDcm6HYr0 6woazYcF0Obkw==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <X/NvGe10G95fWbj2@bench.sobornost.net>
Date: Tue, 05 Jan 2021 09:53:57 +0100
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <90FE66C4-864C-4CED-87A0-FB9B0744297D@nlnetlabs.nl>
References: <20201203224213.gnb2nawujxm7a32q@benm-laptop> <20201204111651.4e865d7d@glaurung.nlnetlabs.nl> <X8oSBlR1pDhX83nH@bench.sobornost.net> <62CCDADA-E2B5-4354-82E5-995837633307@nlnetlabs.nl> <X8on7A4R63HYUnpz@bench.sobornost.net> <d518f9de-850c-ad10-49a5-1eee4c85fa6b@NLnetLabs.nl> <X8pJoTEUDwpE6iIi@bench.sobornost.net> <953B1447-1253-4EA2-A805-5DAB9CD394D6@nlnetlabs.nl> <X/KEY6w5upXoM6Pa@bench.sobornost.net> <CAGQUKcf7H-tEFZuWh+E3UJNxiKF=jAXPcwhRNmuamNKwdMTGmw@mail.gmail.com> <X/NvGe10G95fWbj2@bench.sobornost.net>
To: Job Snijders <job@sobornost.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/u79XZCAvyM6BojAaOz2VhxVw5R4>
Subject: Re: [Sidrops] www.rpkiviews.org - geographically diverse vantage points
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 08:54:04 -0000
Hi Job, all, > On 4 Jan 2021, at 20:40, Job Snijders <job@sobornost.net> wrote: > > On Mon, Jan 04, 2021 at 12:10:54PM -0500, Tony Tauber wrote: >>> At this URL http://rpkiviews.org/ i am trying to re-publish data I >>> collected after having made some attempt with OpenBSD's 'rpki-client' to >>> validate the RPKI data. >>> >>> one view: >>> >>> http://www.rpkiviews.org/adrian.sobornost.net/rpkidata/2020/12/01/ >>> >>> and a bit later I added a second instance with a different view: >>> >>> http://josephine.sobornost.net/josephine.sobornost.net/rpkidata/2021/01/01/ >> >> Nice work. >> When you say "different view", what does that mean? >> The structure of the data is different or the location in the internet >> where the collection was performed from ("vantage point"?) was different? > > You are spot on, its just the location that is different. It'll be > important to keep an eye on 'the RPKI' from multiple angles in the > default-free zone. > > I imagine we have to include in the risk model how cache instances > Relying Parties might see different objects coming out of publication > servers depending on where they are connected to the Internet. > > Citing RFC 7115 Section 6: > > """ > Like the DNS, the global RPKI presents only a loosely consistent > view, depending on timing, updating, fetching, etc. Thus, one cache > or router may have different data about a particular prefix than > another cache or router. There is no 'fix' for this, it is the > nature of distributed data with distributed caches. > """ > > As we can't 'fix' it, at least we can monitor and record it (just like > the weather! :-). > > Adrian.sobornost.net is generously hosted by NTT in their Dallas, TX, > USA facility. Josephine.sobornost.net is generously hosted by XS4ALL in > their Amsterdam, NL facility. I've updated the page to provide more > detail. > >> (The latter perhaps being interesting should reachability of any TALs or >> Publication Points be different.) > > yup! > > *** REQUEST TO THE GROUP *** > > If others are willing to set up similarly structured data collection > efforts, I can help in two ways: > > 1) add links towards such initiatives from the www.rpkiviews.org > page. > 2) I myself can configure your data collection server through SSH, > all that is required is a POSIX compliant system with... LOTS of > disk space. > > It would be incredible valuable to have public viewpoints located in the > African, Asian, and South American segments of the Internet. I think geographically diverse vantage points are indeed valuable. However, a lot (most) publication points only have a single point of presence, so I suspect that a significant part of the variation in data seen is due to timing differences rather than geography / net topology. Not a criticism.. just saying it would be good to keep this in mind when analysing differences. Tim > > Kind regards, > > Job > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] 6486bis: referenced object validation Ben Maddison
- Re: [Sidrops] 6486bis: referenced object validati… George Michaelson
- Re: [Sidrops] 6486bis: referenced object validati… Martin Hoffmann
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Tim Bruijnzeels
- Re: [Sidrops] 6486bis: referenced object validati… Ties de Kock
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Ties de Kock
- Re: [Sidrops] 6486bis: referenced object validati… Tim Bruijnzeels
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Ties de Kock
- Re: [Sidrops] 6486bis: referenced object validati… Benno Overeinder
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Tim Bruijnzeels
- Re: [Sidrops] 6486bis: referenced object validati… Lukas Tribus
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Tim Bruijnzeels
- Re: [Sidrops] 6486bis: referenced object validati… Job Snijders
- Re: [Sidrops] 6486bis: referenced object validati… Tony Tauber
- [Sidrops] www.rpkiviews.org - geographically dive… Job Snijders
- Re: [Sidrops] www.rpkiviews.org - geographically … Tim Bruijnzeels
- Re: [Sidrops] www.rpkiviews.org - geographically … Job Snijders