2018.14: Support RRDP for RPKI Publication


Author: Alex Band   
Submitted On: 20 July 2018

Description: Support the RRDP protocol (RFC8182) for RPKI publication, just like the RIPE NCC and APNIC already do.

Value to Community:

Currently, ARIN only makes the RPKI dataset available over rsync, which has several downsides:

  1. When RPKI relying party software is used on a client system, it has a dependency on rsync. Different versions and different supported options (such as --contimeout) cause unpredictable results. Furthermore calling rsync is inefficient (additional process, and the output can only be verified by scanning the disk).

  2. Scaling becomes more and more problematic as the global RPKI data set grows and more operators download and validate data, as with rsync the server in involved in processing the differences.

To overcome these limitations the RRDP protocol was developed, which relies on HTTPS. RRDP was specifically designed for scaling and allows CDNs to participate in serving the RPKI data set globally, at scale. In addition, HTTPS is well supported in programming languages so development of relying party software becomes easier and more robust.

Timeframe: Not specified

Status: Open   Updated: 10 August 2018

Tracking Information

ARIN Comment

10 August 2018

Thank you for your suggestion, numbered 2018.14 upon confirmed receipt, requesting ARIN support the RRDP protocol (RFC8182) for RPKI publication.

We have reviewed your suggestion and confirm that it is possible for ARIN to support RRDP, as you suggest. Our development schedule for the 2018 year is currently filled by previously-submitted community suggestions and other system improvements. We will consider this suggestion, together with other RPKI-related community suggestions, for inclusion into our 2019 work plan.

Thank you for participating in the ARIN Consultation and Suggestion Process. Your suggestion will remain open until implemented.