RPKI RRDP Service Degradation
Posted: Thursday, 11 August 2022
Incident window : 11:20 AM - 12:50 PM ET on 11 August 2022
This morning, ARIN renewed SSL certificates within our infrastructure that caused suboptimal performance of the RPKI RRDP services run by ARIN.
- At 11:20 AM ET, a configuration management change installed a new certificate and keys on nodes that serve the RPKI RRDP repository. A subset of these nodes received a mismatched CA certificate and key. This triggered the degraded performance of the RPKI RRDP services.
- At 11:45 AM, repository generation was paused during the process of diagnosing the issue.
- At 12:05 PM, the misconfigured nodes were identified and removed from DNS rotation.
- At 12:40 PM, new CA certificates and keys had been pushed to the impacted systems and they were returned to DNS rotation.
- At 12:50 PM, after confirmation that the systems were running normally, the repository generation was restarted and full functionality of the RPKI RRDP services was restored
RPKI rsync services were fully functional throughout the incident.
The publication of 6 ROAs were delayed during the incident.
Please note that ARIN has a Services Status page which can be found at https://arin.statuspage.io/ or via the link in the footer of ARIN’s website. This link is also visible when logged in to your ARIN Online account. We encourage our customers to subscribe to the Services Status page to receive notifications on service-impacting issues.
Senior Product Owner, Routing Security
American Registry for Internet Numbers
- Consultation on Expanding 2FA Options for ARIN Online
- Final Reminder to Enable 2FA On Your ARIN Online Account Before 1 February
- Results of ARIN’s Prioritization Survey
- ARIN 51 Registration Now Open
- Reminder — Set Up 2FA On Your ARIN Online Account Before 1 February
- New Features Added to ARIN Online
- An Update on ARIN’s Two-Factor Authentication
- Meet the 2023 Fellowship Selection Committee
- IPv4 Waiting List Distribution
- Now Posted on the ARIN Blog – 2021 ARIN Community Grant Program Final Reports
- » View Archive