i run a FORT RPKI relying party instance. i am looking for some
visibility into its operation.
is it up: both ways, fetching and serving routers?
from what CAs has it pulled, how recently and frequently with
what success?
what routers is it serving with rpki-rtr 323?
blah blah blah
my old DRL RP instances produce MRTG graphs etc of the CA
fetching side, though nothing on the rpki-rtr side.
randy
Randy, I actually have an ongoing discussion with the Fort developers about this after a BGPSec bug left me with stale VRP's for several days, with no clear indication that Fort had "kind of" crashed and "not fully" crashed (fair point, I need to work on better internal monitoring of Fort, as well).
Will feedback once I have better info.
For now, if you haven't yet done so, recommend upgrading to 1.5.2 to avoid this specific issue.
The good news is this issue made the case for running different validation RP code, so your NLRI does not share fate, given it's the basis of the Internet.
Mark.
That's the reason I preached about stale RTR servers before:
(the latter is a check against IOS XR devices via NETCONF which makes
some sanity checks, absolute and relative)
However judging by the absolute zero feedback and support requests
from anyone (other than likes/thumbs up), I'm pretty sure no one
actually does this - other than where I set it up directly.
Fort is also working on a prometheus endpoint, which probably would
allow easier monitoring/integration:
Lukas
Lukas, thanks for these, will align my own checks with the details you check for.
Do tag your repo's with a "RPKI" tag and similar so that it is easier to find these kind of tools!
Tooling is severely lacking in the RPKI space, in numbers and quality, thus any tool like this helps.
Greets,
Jeroen
Have you taken a look at 'rtrmon' (RPKI-To-Router Monitor)
Kind regards,
Job