Hello, Ten months ago we needed to integrate prefixes validation service in our IXP and network infrastructure. So we tested nearly all rpki validator softwares we found. Of course RIPE rpki validator was first, unfortunately I can clearly say, it is not and will never be reliable validator server. It is heavy, slow, resource hungry, easy to crash software, and it will become worse with time, when number of ROA signed networks grow. The problem is in the design - JAVA is not the right language for such software. Putting more money will not make it better, maybe RIPE rpki validator could be used for educational and demonstrational use, but for production I'm doubt. If we want to see more ROA signed networks and more bgp servers to run rpki validation, network administrators and engeneers needs better softwares. More than 7 months we are using in production FORT validator (I think its lacnic rpki server open source implementation in C ) and I can clearly say it is much better, runs much more stable and uses a lot less resources than RIPE rpki validator. From practical point it will be better if that budget is use to help FORT development process, creating and maintaining rpki validator packages for all major linux/bsd distributions, creating complete howtos install, use, maintain, connect bgp , best bgp rpki filtering practices, RIPE staff to push harder LIRs to ROA sign their globaly bgp announced networks (periodicaly phone calls , email reminders, etc). Ivaylo Josifov Varteh LTD Varna, Bulgaria On Mon, 28 Sep 2020, Sander Steffann wrote:
Hi,
On 28-09-2020 09:47, Cynthia Revstr?m via members-discuss wrote:
Hi,
I fully agree that while the budget on RPKI deployment should not be reduced currently, it should be used in other ways.
+1
I think 2021-01-01 is a bit too early as last I looked there was still a considerable number of RIPE NCC validators running. 2022-01-01 is probably more reasonable.
Though feature updates could stop on 2020-01-01, fixes need to be done for at least a year more I would say.
Sounds reasonable.
Potential other ways to use the budget includes setting up a way for resource holders to use delegated RPKI published to repositories hosted by the RIPE NCC. Such as I believe NIC.BR <http://NIC.BR> is doing.
That does indeed sound like a much more constructive way to send the money.
Cheers, Sander
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/ivaylo%40bglans.net