Re: [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
Hi, as a LIR I do *totally* agree with Gert's position to not "give away control on critical services". RIPE is in the position to guarantee a service with a relevant uptime, like it did for tens of years, and should think to "outsourced resources" just as backup in case of unavailability of internal resources. Regards, Giuliano Peritore -- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice (AS20912) Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it ----- Messaggio originale ----- Da: "Gert Doering" <gert@space.net> A: "Alun Davies" <adavies@ripe.net> Cc: ncc-services-wg@ripe.net Inviato: Mercoledì, 12 maggio 2021 9:19:11 Oggetto: Re: [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud Hi, On Mon, May 10, 2021 at 01:40:07PM +0200, Alun Davies wrote:
The mission critical services the RIPE NCC provides to the Internet community require a solid technical foundation. In this new article on RIPE Labs, Felipe Silveira looks at plans to use cloud infrastructure as a means to that end. The full article is available here:
As a member, I do not want the RIPE NCC to spend our money on "give away control on critical services". Use of cloud services (or any other "outsourced infrastructure") is something I consider acceptable as a *backup* in case of something catastrophic happening to the RIPE NCC operated machines, to restore services to members and community quicker. Using cloud services generally implies - loss of control --> so the NCC *must* be primary authority on all data, and the cloud can only be a cache - loss of contact and responsibility --> if a NCC provided service does not work, I do not want to talk to a cloud provider hotline, or hear from the NCC "well, there is nothing we can do, something in the cloud is broken" All this cloudstuff is really great if you need "elastic services" (like, when the big run on the last IPv4 space starts, scale up the LIR portal to 200 instances - oh, wait, this opportunity got missed), or "low latency for high bandwidth content delivery" (so, yeah, ... no?). But for the services the NCC provides, "cloud" sounds like "yeah, someone else to blaim if it explodes", and this is not why we give the NCC money. (And no, there is not much trust from my side, since the ticket system is *still* a major annoyance in our day to day dealing with the NCC - despite promises, two years ago, to make this more usable) Gert Doering -- voting LIR contact -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Gert, Giuliano, all, Many thanks for your input. This is an important topic and we appreciate the community's feedback. I would like to clarify a couple of points: 1. The RIPE NCC will remain in full control of both our data and services. For RPKI, the HSMs, publication server, certificates and keys will remain on-premise. What we are planning to deploy to AWS are the repositories, which will subscribe to the publication server and fetch any updates. In the event of a catastrophic failure, the RIPE NCC will failover to another infrastructure (secondary cloud provider or on-premises). 2. Under no circumstances will the membership or anyone in the community be expected to contact AWS or any other cloud provider in the event of unavailability. The RIPE NCC will remain solely responsible for our services and the central point of contact (including our existing 24/7 support). We will troubleshoot and fix any problems ourselves. Finally, I have to acknowledge that the remaining issues with the ticketing system have been in our roadmap for longer than I would like. I am working with our engineering team to see how we can prioritise these improvements and hope have them delivered soon. My sincere apologies for the delay here. Kind regards, Felipe
On 12 May 2021, at 09:35, Giuliano C. Peritore - Panservice <registry@panservice.it> wrote:
Hi,
as a LIR I do *totally* agree with Gert's position to not "give away control on critical services". RIPE is in the position to guarantee a service with a relevant uptime, like it did for tens of years, and should think to "outsourced resources" just as backup in case of unavailability of internal resources.
Regards, Giuliano Peritore
-- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice (AS20912) Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it
----- Messaggio originale ----- Da: "Gert Doering" <gert@space.net> A: "Alun Davies" <adavies@ripe.net> Cc: ncc-services-wg@ripe.net Inviato: Mercoledì, 12 maggio 2021 9:19:11 Oggetto: Re: [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud
Hi,
On Mon, May 10, 2021 at 01:40:07PM +0200, Alun Davies wrote:
The mission critical services the RIPE NCC provides to the Internet community require a solid technical foundation. In this new article on RIPE Labs, Felipe Silveira looks at plans to use cloud infrastructure as a means to that end. The full article is available here:
As a member, I do not want the RIPE NCC to spend our money on "give away control on critical services".
Use of cloud services (or any other "outsourced infrastructure") is something I consider acceptable as a *backup* in case of something catastrophic happening to the RIPE NCC operated machines, to restore services to members and community quicker.
Using cloud services generally implies
- loss of control --> so the NCC *must* be primary authority on all data, and the cloud can only be a cache
- loss of contact and responsibility --> if a NCC provided service does not work, I do not want to talk to a cloud provider hotline, or hear from the NCC "well, there is nothing we can do, something in the cloud is broken"
All this cloudstuff is really great if you need "elastic services" (like, when the big run on the last IPv4 space starts, scale up the LIR portal to 200 instances - oh, wait, this opportunity got missed), or "low latency for high bandwidth content delivery" (so, yeah, ... no?).
But for the services the NCC provides, "cloud" sounds like "yeah, someone else to blaim if it explodes", and this is not why we give the NCC money.
(And no, there is not much trust from my side, since the ticket system is *still* a major annoyance in our day to day dealing with the NCC - despite promises, two years ago, to make this more usable)
Gert Doering -- voting LIR contact -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
hi filipe, i suspect that gert and others understand the business relationships and day to day control issues when contracting out to cloud providers. this contributes strongly to why ops folk in the community are concerned. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
Indeed. We're also very concerned about the security && scalability of the RIRs IT and security operations and broader programs given the clear operational implications of the RPKI _that we're all inherently captive to, and which are now part of all of our operational robustness / attack surfaces. I'm anxious to see the RIRs step up here, and I suspect it's not going to be easy, or cheap. -danny On 2021-05-12 13:39, Randy Bush wrote:
hi filipe,
i suspect that gert and others understand the business relationships and day to day control issues when contracting out to cloud providers. this contributes strongly to why ops folk in the community are concerned.
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
participants (4)
-
Danny McPherson -
Felipe Victolla Silveira -
Giuliano C. Peritore - Panservice -
Randy Bush