rpki-validator-3
rpki-validator-3 copied to clipboard
Stale Data with RPKI Validator 3
Hello, I have RIPE RPKI Validator 3 deployed on a number of VMs running Ubuntu 18.04 using the debain instructions in Wiki. It seems that we are having a couple of issues with the validator as we have it ran there for a while now:
-
Once in a while, the servers stop getting new data. I can see this by monitoring http://
/api/trust-anchors/statuses and noticing that "lastUpdated" is lagging behind the current time by the matter of days. This situation goes away by restarting the rpki validator ( systemctl restart rpki-validator-3 ). But I was wondering if anybody has had a similar issue and if so, what has been the cause of it? -
Our servers, are also deviating in terms of # errors, warnings, and even successful count in the same "trust-anchors/statuses" when compared to the ripe's public server (https://rpki-validator.ripe.net/). I can see that a log of these are errors in these categories ( as seen in the validation runs API )
- crl.next.update.before.now
- mf.past.next.update
- cert.not.valid.after
- crl.next.update.before.now
- validator.manifest.entry.found
- validator.no.local.manifest.no.manifest.in.repository
- cert.not.revoked
- validator.no.manifest.repository.failed
- validator.rpki.repository.pending
Also almost all of these errors can be tracked to RRDP repositories ( and not the RSYNC ones ). We run 8/20 build for reference. Is there any reason for such deviation? or are there specific things that we have to note in the configuration to avoid this situations?