Refresh Parents and Repository manually

[patrickavi]

Hello, I don't know if anyone has experienced the following problem: Krill is becoming outdated. I need to restart the "systemctl..." service, update Parents and Update Repository to get it back to normal.

I enabled log_level with "error" but it doesn't generate any information.

This behavior is strange, because I need to restart the Krill service via terminal and then refresh Parents and Repository via graphical interface. Just restarting Krill doesn't validate the routes.

I'm currently on version 0.14.5~rc1-1

[partim]

Thank you for your report!

Log level “error” is pretty strict – the level “debug” should provide you with much more information. Perhaps you can try and see if that produces anything suspicious?

How do you publish your data – via your own repository or via a third-party repository (such as RIPE’s)?

[patrickavi]

We publish for third parties, in our case for nic br

We left the log as debug until the 5th, but it did not return an error or any type of timeout.

[partim]

Clarification question: When you say “Krill doesn't validate the routes” do you mean it doesn’t show the ROAs as validated agains the BGP announcements in the UI?

[patrickavi]

Exactly.

But another curious thing, today it has been exactly 7 days that the service has been working without manual intervention.

Do you have any idea about this? Because last week, he lost validation for a few hours.

[partim]

What validation does is compare your configured ROAs with the route announcements seen in a RIS dump. In order to do that, Krill has to download such a dump from RIPE. This sometimes goes wrong – and we should make it more clear that that’s the case and why.

But crucially, this is affecting the part where Krill tries to help you determine if your ROAs are correct. The ROAs themselves and all the other public information of your CA is still being kept current and re-published if necessary. You can double check that by looking at the output of a validator. For instance, you can check the ROAs for your prefixes here: https://rpki-validator.ripe.net/ui/

[patrickavi]

Today I checked Krill again and it had not been updated for about 6 days. I noticed that the same day it stopped and did not update anymore, I received the following message in the log:

[ERROR] Failed to update BGP announcements: BGP RIS update error: Cannot get uri: request or response body error: error reading a body from connection: end of file before message length reached

[patrickavi]

From what I tested, communication with www.ris.ripe.net via IPv6 fails, then generates a timeout, only for this address I adjusted the preference to IPv4 and it seems to have solved my problem