FORT monitoring/visibility
Mark Tinka
mark at tinka.africa
Wed Oct 27 06:47:40 UTC 2021
On 10/27/21 01:58, Randy Bush wrote:
> i run a FORT RPKI relying party instance. i am looking for some
> visibility into its operation.
>
> is it up: both ways, fetching and serving routers?
>
> from what CAs has it pulled, how recently and frequently with
> what success?
>
> what routers is it serving with rpki-rtr 323?
>
> blah blah blah
>
> my old DRL RP instances produce MRTG graphs etc of the CA
> fetching side, though nothing on the rpki-rtr side.
Randy, I actually have an ongoing discussion with the Fort developers
about this after a BGPSec bug left me with stale VRP's for several days,
with no clear indication that Fort had "kind of" crashed and "not fully"
crashed (fair point, I need to work on better internal monitoring of
Fort, as well).
Will feedback once I have better info.
For now, if you haven't yet done so, recommend upgrading to 1.5.2 to
avoid this specific issue.
The good news is this issue made the case for running different
validation RP code, so your NLRI does not share fate, given it's the
basis of the Internet.
Mark.
More information about the NANOG
mailing list