Skip to content

0.9.0
Compare
Choose a tag to compare
@lolepezy lolepezy released this 24 Feb 18:35
· 221 commits to master since this release
v0.9.0
a3f6c33
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This is a release with features aimed at reducing latency of delivering VRPs to the end-user (a router using RTR or an API user) while saving system resources. It also adds initial support for recently introduced RPKI objects and contains some bug fixes.

  • Add incremental validation algorithm. This algorithm does full validation only for newly downloaded objects that were not seen before and simplified validation (only validity time and revocation checks) for objects that are already cached. Current implementation reduces CPU usage for validation by 8-9 times, which allows to run validation much more frequently than before. This feature is enabled by default and can be switched off by the --no-incremental-validation CLI parameter.

  • Add adaptive timeouts for repository fetches, i.e. every next fetch timeout is based on how much time it actually took to fetch the repository last time(s). It allows to reduce the chance of a suddenly broken or slow repository blocking all other fetches. This feature is enabled by default and can be switched off by the --no-adaptive-timeouts CLI parameter.

  • Add adaptive fetch intervals for RRDP repositories based on how many deltas are fetched. Intervals can be adjusted between 1 and 10 minutes so that on average one delta is fetched every time, i.e. the validator doesn't do pointless requests but also downloads deltas approximately as often as they appear. Measurements show that most of RRDP repositories tend to publish new deltas less often than every 10 minutes, which allows to save about 30% of CPU used by fetching processes and issue about 40% less http(s) requests. This feature is a trade-off between latency and resource usage -- enabling it increases latency for rarely updated repositories. It is enabled by default and can be switched off by the --no-adaptive-fetch-intervals CLI parameter.

  • Improve logic for asynchronous fetches introduced in the previous release. Now for a repository to stay in the category of "synchronously fetched" the repository needs to fetch successfully, quickly and do not require RRDP -> rsync fall back. Still almost all RRDP repositories fall into this category but the time for absolute majority of validation gets down to about 10-15 seconds.

  • Support ASPA profile 16 (version without AFI field).

  • Support RRDP desynchronization detection.

  • Support signed prefix lists, i.e. parse, validate, store in cache. Added /api/spls API end-point.

  • Add /api/vrps.csvext API end-point analogous csvext VRP format in Routinator.

  • Add version parameter to most API end-points, so it's possible to get VRPs, ASPAs, GBRs, BGP certificates, etc. for previous validations and not only the last one.

  • Fix an issue when unsupported or unparseable objects would make a manifest pointing at them invalid, since unparseable objects would not end up in the cache. Now an object that can't be parsed (a new profile of an object, for instance) is stored in its original ASN.1 form to avoid invalidating manifests.

  • Fix long-standing performance bug when some CPU was consumed by the waiting validation process due to so-called idle garbage collection of the Haskell runtime.

  • Use configured timeouts when downloading TA certificates instead of default ones.

  • Switch to GHC 9.6 for both Docker images and static binaries, it reduces CPU and memory usage by 5-10% compared to previously used 8.10.

Assets 3
Loading