-
Notifications
You must be signed in to change notification settings - Fork 27
Differences in processed items from trust anchors from one validator to the other #128
Comments
So my procedure for fixing this is: I'd like to put in a feature request for issues like this to be resolved in a more automated way in comparison to having to manually determine that there is an issue and then manually perform this procedure. |
Could you please clarify: did the validator without connectivity started to connect after you removed the database and restarted it? Do you use proxy? |
The reason for this behaviour is, I believe, that downloading the repository snapshot () from APNIC takes 15 minutes: $ wget https://rrdp.apnic.net/4ea5d894-c6fc-4892-8494-cfd580a414e3/128129/snapshot.xml We will have a look what can we do about it in the validator. |
Yes, it started to connect after I removed the database and restarted it. No, I don't use a proxy. |
FYI, I created a script to fix the validator when it gets out of wack.(https://github.com/racompton/restart-validator/blob/master/restart-validator.sh) which will stop the validator, delete all the database files, start the validator and then load in the ARIN TAL. |
I know this all depends on how you have the software deployed, but I think you just put a copy of the ARIN (or any other tal) in the preconfigured-tals directory. Then when the service starts up and creates a new database, it will just load it along with the other included tal. At least that has worked for me the many times I have deleted the DB in the past. |
Hello, I have two RPKI validators set up on the same subnet with the same access to the Internet. They have the same OS/software/config. The only difference between them is the IPs (both servers are dual stacked). One of my validators looks very similar to what is showing on https://rpki-validator.ripe.net/trust-anchors but the other shows a status of "Failed" when trying to connect to https://rrdp.apnic.net/notification.xml. On the server that is showing "Failed", I am able to manually do "wget https://rrdp.apnic.net/notification.xml" so it doesn't seem to be a connectivity issue. Is there a way to manually force an update or anything else I can try?
I'm also getting warning showing "Manifest next update time is in the past, local clock may be off" on both boxes but they are both set to UTC. I see these errors on https://rpki-validator.ripe.net so I'm assuming that it's an issue with the dates on the RIR's manifest and not the validators.
The text was updated successfully, but these errors were encountered: