On Wed, May 3, 2017 at 1:39 PM, Compton, Rich A <Rich.Compton@charter.com> wrote:
The servers where the RPKI data is published (the Trust Anchor and the CAs) are referred to using a single URI, meaning that any
sure, but even with rrdp there's just one URI you'd follow, which translates to some hostname + path.
sort of geographic redundancy or failover has to be handled via external means (anycast, load balancing, etc.) but rsync isn’t well-suited for this sort of implementation.
why's that? it seems to work fine for many free software repositories, for instance. Yes, updates to that repository would have to be 'managed' but that's also the case for rrdp, or any other 'more than one copy' solutions of publicly available data, right? https://github.com/google/rpki-mgmt/ does some of the lifting to sort out the 'how to get my updates to all the copies of my repository'... it doesn't yet support RRDP, but it's not hard to see where to stick that in the config/setup.