[SANOG] RKPI database
Nishal Goburdhan
nishal at controlfreak.co.za
Mon Jun 15 10:18:16 UTC 2020
On 12 Jun 2020, at 9:34, Ashish Bhatnagar wrote:
> Hi Team
>
> We have deployed RPKI with “rpki-validator-app-2.23” 2 years back
> now we are looking to upgrade this to version 3.1 , Just want to check
> the feedback of the latest validator and the way forward to upgrade.
>
> As per available documentation we need to do fresh installation
> https://labs.ripe.net/Members/tashi_phuntsho_3/how-to-install-an-rpki-validator
>
> So any specific way to directly upgrade without stopping the older
> version to newer we are using CentOS 7.
hi,
if your routers are already setup to use two validators, then you can,
quite trivially, upgrade these one at a time, without causing a total
outage. as long as your routers are communicating with *at least one
working validator* your network will not notice the difference.
if your routers are *not* setup to use two validators, then i suggest
you fix that first. and maybe even use three! there’s a lot more
useful information here: https://rpki.readthedocs.io. my current
favourite is routinator3000, but consensus is that all the validators
work :-)
while you’re taking the time to upgrade this, make sure that you also
assess the way that your routers speak to the validators, eg.
# are they all inside your network?
# are the paths between your routers and your validators secure, and
protected?
# if you’re running two validators, are you sure they are not VMs on
the same server/cluster/..?
etc.
hth,
-n.
More information about the sanog
mailing list