gortr icon indicating copy to clipboard operation
gortr copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

rtr.rpki.cloudflare.com public server: "transport error"

Open jranma opened this issue 4 years ago • 6 comments

Hello,

I have configured my BIRD 2.0.7 router to use rtr.rpki.cloudflare.com public server on port 8282.

Here is the config of bird:

ROA

roa6 table r6; protocol rpki validator { roa6 { table r6; }; remote "rtr.rpki.cloudflare.com" port 8282; retry keep 90; refresh keep 900; expire keep 172800;

}

It works for some time but after a while (a few hours or days) the connection is lost, with this error message in bird:

Name Proto Table State Since Info validator RPKI --- start 10:06:02.441 Transport-Error

have you ever had this problem?

jranma avatar Dec 18 '20 09:12 jranma

Cloudflare is a public validator on anycast servers. I assume Cloudflare will keep updating server software and when that happens, you will see the TCP connection drop.

BIRD should just reconnect.

However what you should do instead is use two different, geographically diverse validator instances on your own, as opposed to a single, public anycast server.

lukastribus avatar Dec 18 '20 10:12 lukastribus

Cloudflare is a public validator on anycast servers. I assume Cloudflare will keep updating server software and when that happens, you will see the TCP connection drop.

BIRD should just reconnect.

However what you should do instead is use two different, geographically diverse validator instances on your own, as opposed to a single, public anycast server.

yes, for some reason bird doesnt reconnect, but it's more a bird-related problem I guess. You're right about installing my own validators. I am familiarising myself with this technology before that.

jranma avatar Dec 18 '20 10:12 jranma

@jranma I can look into the logs for TCP failures but it might be a Bird issue. rtr.rpki.cloudflare.com is load-balanced, like Lukas said, if we redeploy or do operations on a machine, connection will break.

lspgn avatar Dec 18 '20 12:12 lspgn

@jranma I can look into the logs for TCP failures but it might be a Bird issue. rtr.rpki.cloudflare.com is load-balanced, like Lukas said, if we redeploy or do operations on a machine, connection will break.

It's not a big deal, but if you can look in the logs, that's fine. My IP: 91.134.140.163 and 2a0c:b641:270::1

jranma avatar Dec 18 '20 12:12 jranma

it seems to be preferring ipv4

2020-11-27 13:19:19 ipv4 up
2020-12-06 12:19:42 ipv4 down
2020-12-17 11:04:28 ipv6 up
2020-12-17 11:04:30 ipv6 down
2020-12-17 11:08:43 ipv4 up
2020-12-17 12:32:42 ipv4 down
2020-12-18 09:26:35 ipv4 up
2020-12-18 10:56:08 ipv4 down

last event match a crash of a GoRTR instance but system is still available.

lspgn avatar Dec 18 '20 12:12 lspgn

thanks @lspgn my concern is not the disconnection but the fact that bird doesn't reconnect automatically. But this is not the right place to discuss it I think :)

jranma avatar Dec 18 '20 12:12 jranma