[SANOG] RKPI database
nishal at controlfreak.co.za
Mon Jun 15 10:18:16 UTC 2020
On 12 Jun 2020, at 9:34, Ashish Bhatnagar wrote:
> Hi Team
> We have deployed RPKI with “rpki-validator-app-2.23” 2 years back
> now we are looking to upgrade this to version 3.1 , Just want to check
> the feedback of the latest validator and the way forward to upgrade.
> As per available documentation we need to do fresh installation
> So any specific way to directly upgrade without stopping the older
> version to newer we are using CentOS 7.
if your routers are already setup to use two validators, then you can,
quite trivially, upgrade these one at a time, without causing a total
outage. as long as your routers are communicating with *at least one
working validator* your network will not notice the difference.
if your routers are *not* setup to use two validators, then i suggest
you fix that first. and maybe even use three! there’s a lot more
useful information here: https://rpki.readthedocs.io. my current
favourite is routinator3000, but consensus is that all the validators
while you’re taking the time to upgrade this, make sure that you also
assess the way that your routers speak to the validators, eg.
# are they all inside your network?
# are the paths between your routers and your validators secure, and
# if you’re running two validators, are you sure they are not VMs on
the same server/cluster/..?
More information about the sanog