rtr.rpki.cloudflare.com public server: "transport error"

cloudflare / gortr

The RPKI-to-Router server used at Cloudflare

https://rpki.cloudflare.com

BSD 3-Clause "New" or "Revised" License

309 stars 39 forks source link

rtr.rpki.cloudflare.com public server: "transport error" #89

Open jranma opened 3 years ago

jranma commented 3 years ago

Hello,

I have configured my BIRD 2.0.7 router to use rtr.rpki.cloudflare.com public server on port 8282.

Here is the config of bird:

ROA

roa6 table r6; protocol rpki validator { roa6 { table r6; }; remote "rtr.rpki.cloudflare.com" port 8282; retry keep 90; refresh keep 900; expire keep 172800;

}

It works for some time but after a while (a few hours or days) the connection is lost, with this error message in bird:

Name Proto Table State Since Info validator RPKI --- start 10:06:02.441 Transport-Error

have you ever had this problem?

lukastribus commented 3 years ago

Cloudflare is a public validator on anycast servers. I assume Cloudflare will keep updating server software and when that happens, you will see the TCP connection drop.

BIRD should just reconnect.

However what you should do instead is use two different, geographically diverse validator instances on your own, as opposed to a single, public anycast server.

jranma commented 3 years ago

Cloudflare is a public validator on anycast servers. I assume Cloudflare will keep updating server software and when that happens, you will see the TCP connection drop.

BIRD should just reconnect.

However what you should do instead is use two different, geographically diverse validator instances on your own, as opposed to a single, public anycast server.

yes, for some reason bird doesnt reconnect, but it's more a bird-related problem I guess. You're right about installing my own validators. I am familiarising myself with this technology before that.

lspgn commented 3 years ago

@jranma I can look into the logs for TCP failures but it might be a Bird issue. rtr.rpki.cloudflare.com is load-balanced, like Lukas said, if we redeploy or do operations on a machine, connection will break.

jranma commented 3 years ago

@jranma I can look into the logs for TCP failures but it might be a Bird issue. rtr.rpki.cloudflare.com is load-balanced, like Lukas said, if we redeploy or do operations on a machine, connection will break.

It's not a big deal, but if you can look in the logs, that's fine. My IP: 91.134.140.163 and 2a0c:b641:270::1

lspgn commented 3 years ago

it seems to be preferring ipv4

2020-11-27 13:19:19 ipv4 up
2020-12-06 12:19:42 ipv4 down
2020-12-17 11:04:28 ipv6 up
2020-12-17 11:04:30 ipv6 down
2020-12-17 11:08:43 ipv4 up
2020-12-17 12:32:42 ipv4 down
2020-12-18 09:26:35 ipv4 up
2020-12-18 10:56:08 ipv4 down

last event match a crash of a GoRTR instance but system is still available.

jranma commented 3 years ago

thanks @lspgn my concern is not the disconnection but the fact that bird doesn't reconnect automatically. But this is not the right place to discuss it I think :)