Hi Nick,
On 13 Apr 2021, at 15:33, Nick Hilliard <nick@foobar.org> wrote:
Would it be possible to drill down into these figures a bit more? I.e. is it possible to work out how many are pulling the TAL via rsync, but then using rrdp to synchronise their local instances? Or
that came out badly garbled. I meant how many clients were pulling the trust anchor certs via rsync due to having older TALs installed on the local RP cache, and then downloading the manifest/roas data via rrdp afterwards because the TA contains both rsync and https locator information, and the RP software was able to select rrdp instead of rsync because that was presented as an option.
For RIPE I can give more details on what we see. Because of the structure of our repository, we can split out clients connecting over rsync to retrieve the trust anchor from those connecting to the main repository. We do see a change on the 2nd of April so I'm providing data both for the week before and after this date. The cause for this change is unknown. In the week leading up to the 2nd of April, on average per dag we see: * 192 unique IPs (from 182 /24's/64's) creating 8636 connections to /repository * 911 unique IPs (from 721 /24's/64's) creating 81855 connections to /ta In the week starting on the 2nd of April on average per day we see: * 598 unique IPs (from 582 /24's/64's) creating 17594 connections to /repository * 1301 unique IPs (from 1114 /24's/64's) creating 89675 connections to /ta Traffic also increased from ~34 to ~73GB an hour (for rsync). We see ~1086 unique IPs accessing the TA certificate over HTTPS per day. Kind regards, Ties