As the global RPKI data set and system load grows, we want to ensure that the system is performing well. This is why we have added measurement functionality to the RIPE NCC RPKI Validator toolset:
https://www.ripe.net/certification/rpki-validator-metrics
When enabled, it will gather the following data and send it to the RIPE NCC for analysis:
- Connection success rate to the configured repositories
- Whether IPv4 or IPv6 is used to connect
- Repository inconsistencies
- Time taken to validate all retrieved objects
There is a detailed post on the sidr mailing list with more information:
http://www.ietf.org/mail-archive/web/sidr/current/msg04595.html
We would really appreciate it if as many people from across the globe send us performance data.
If you would like to participate, please install the latest RPKI Validator and leave it running as a service permanently:
https://www.ripe.net/certification/tools-and-resources
All you need is a system with Java 1.6, rsync and 1GB of available memory. Simply unzip the file, run ./bin/rpki-validator from the base directory and browse to http://localhost:8080. Then enable the performance metrics by clicking "Yes" to the prompt.
If you have any questions or feedback, please let me know.
Many thanks,
Alex Band
RIPE NCC
As the global RPKI data set and system load grows, we want to ensure
that the system is performing well. This is why we have added
measurement functionality to the RIPE NCC RPKI Validator toolset:
https://www.ripe.net/certification/rpki-validator-metrics
When enabled, it will gather the following data and send it to the
RIPE NCC for analysis:
good stuff. though you know how much i like centralization 
of course you have seen the centralized rpki.net measurements presented
by rob at iepg
http://iepg.org/2012-03-ietf83/a-few-months-in-the-life-of-an-rpki-validator.pdf
and the measurements of an experiment using bit torrent instead of rsync
http://iepg.org/2012-03-ietf83/rpki-bittorrent-experiment.pdf
and sidr/paris. oops, good luck finding it, and he was cut short anyway
due to the meeting's tech fiasco.
but that is centralized. and, if you would care to publish your
collection protocol, we would look at having the rpki.net relying party
software shove data down it. but no promises.
but we're more focused on giving the *user* the tools to measure and
see. so you may want to look at the tables and graphs (graphs more
germane to this discussion) from the rpki.net relying party software at,
for example,
rcynic summary 2023-12-19T21:15:26Z
suggestions for improvement solicited, of course.
randy
but we're more focused on giving the *user* the tools to measure and
see. so you may want to look at the tables and graphs (graphs more
germane to this discussion) from the rpki.net relying party software at,
for example,
rcynic summary 2023-12-19T21:15:26Z
oh, and the docco for install and config of the relying party software
is at
GitHub - dragonresearch/rpki.net: Dragon Research Labs rpki.net RPKI toolkit
randy
the text talks about rpki.net
the link is for 'not rpki.net'
how does this work? <insert clownposse here>
rpki.net redirects to https://trac.rpki.net and poops out an ssl error 
security is 'hard'...
Could someone make:
1) rpki.net function as http redirecting to https with the right
cert (or put a SAN in the current cert?)
2) put the graphs at 'not rpki.net' on rpki.net (too)
3) indicate whether or not the graphs are of ongoing data or past-tense?
-chris
Could someone make:
2) put the graphs at 'not rpki.net' on rpki.net (too)
no. that is the exact point. the graph to which i pointed is on rob's
site. these are data each relying party can collect and see for
themselves and their point of view in the universe, not some central
authority. ripe/ncc thinks it is the center of the universe. we do
not. we know it is in freemont [0], a neighborhood of seattle.
so that url is very intentionally rob's relying party instance. i have
one at
http://rgnet.rpki.net/
but it has not been running as long as you can see.
and sorry that our certs did not pay godzilla or gobble for the
privilege of being in their bowsers. refund below [1]
randy
[0] - Fremont, Seattle - Wikipedia
http://www.stonerforums.com/lounge/members/guiness-albums-stuff-picture19971-center-known-universe-freemont.jpg
Welcome to Fremont
there was no [1]...
startssl.com - free certs. (that work)
Could someone make:
2) put the graphs at 'not rpki.net' on rpki.net (too)
no. that is the exact point. the graph to which i pointed is on rob's
site. these are data each relying party can collect and see for
themselves and their point of view in the universe,
Which I think it is a very valuable thing as a RP operator. I haven't used the lastest versions of RIPE NCC validator for myself but that would be a nice feature to have there as well. I will update my rcynic installation, I liked the graphs.
not some central
authority.
ripe/ncc thinks it is the center of the universe. we do
not. we know it is in freemont [0], a neighborhood of seattle.
I do not think that is the intention from RIPE NCC.
The intention as I understood is to get the data that each RP is getting and to send it to central repository for further analysis. Which it is a centralized approach but for simplicity, not for thinking that they are the center of the universe.
In my view there are 2 problems. One is to see as an RP operator how healthy are the repositories where you retrieve data (which for the url that you sent is done very nicely with rcynic), and two it is that as repository operator and protocol designers you'd like to see how good or bad your repository/protocols are doing to provide data to RPs in different locations of the world (which I think it is the aim of RIPE NCC effort).
so that url is very intentionally rob's relying party instance. i have
one at
http://rgnet.rpki.net/
but it has not been running as long as you can see.
and sorry that our certs did not pay godzilla or gobble for the
privilege of being in their bowsers. refund below [1]
randy
[0] - Fremont, Seattle - Wikipedia
http://www.stonerforums.com/lounge/members/guiness-albums-stuff-picture19971-center-known-universe-freemont.jpg
Welcome to Fremont
If anybody else is willing to share its data and URLs about their RP performance, I would be nice. I have an old rsync installation that I will try to update this weekend. Now it is here but does not show too much:
http://www.labs.lacnic.net/~rpki/rpki-monitor/rpki-ta-status.xml
Regards,
as
Kudos to the RIPE NCC for graciously offering to collect and analyze
repository performance data. And I'm sure that if we ask nicely they
will provide data dumps we can analyze ourselves, just like they do with
RIS and other projects.
Cheers!
Carlos
