On 2022-07-31, Tobias Fiebig <tobias@reads-this-mailinglist.com> wrote:
> I am running a small setup, where recently the boarder router VMs of a user caused prolonged and consistent low bandwidth (2-3mb/s) yet high utilization (many IOPS) disk utilization on the virtualization nodes (more writeup at [1]).
fwiw using a VM for a border router seems a strange choice.
Also, having many routers in many networks fetch and validate all these
certs, from many origin networks across the world, results in much
duplicated work and bandwidth. The RPKI design is that fetch/validation
is done by route servers or caches rather than on every individual
router. The intention is to use RTR to feed routers but until that
is fully handled you could e.g. run a central rpki-client box to
generate the prefix list for bgpd and make it available to your
own routers over sftp/http/rsync rather than fetching from origins
on each router.
> I ultimately resorted to giving an mfs on /var/cache/rpki-client a try. This worked surprisingly well, (naturally) removed all disk i/o usage, and improved the rpki-client runtime from ~30min to ~16min (CPUs aren't the freshest, so this is fine, I guess). Of course the trade-off here is a full sync after every reboot.
You could periodically rsync it to permanent storage and use mount_mfs'
-P option to populate at boot.
BTW rpki-client is one of the (relatively few) cases where softdep is
likely to give a significant improvement in performance.
--
Please keep replies on the mailing list.
No comments:
Post a Comment