FORT monitoring/visibility

Mark Tinka mark at tinka.africa
Wed Oct 27 06:47:40 UTC 2021



On 10/27/21 01:58, Randy Bush wrote:
> i run a FORT RPKI relying party instance.  i am looking for some
> visibility into its operation.
>
>    is it up: both ways, fetching and serving routers?
>
>    from what CAs has it pulled, how recently and frequently with
>    what success?
>
>    what routers is it serving with rpki-rtr 323?
>
>    blah blah blah
>
> my old DRL RP instances produce MRTG graphs etc of the CA
> fetching side, though nothing on the rpki-rtr side.

Randy, I actually have an ongoing discussion with the Fort developers 
about this after a BGPSec bug left me with stale VRP's for several days, 
with no clear indication that Fort had "kind of" crashed and "not fully" 
crashed (fair point, I need to work on better internal monitoring of 
Fort, as well).

Will feedback once I have better info.

For now, if you haven't yet done so, recommend upgrading to 1.5.2 to 
avoid this specific issue.

The good news is this issue made the case for running different 
validation RP code, so your NLRI does not share fate, given it's the 
basis of the Internet.

Mark.


More information about the NANOG mailing list