Hi, I'm reviewing some of the timers associated with the workings of the end-to-end propagation from ROA to VRP. I think suggesting to run rpki-client only once a day can make for needless brittleness.
Running rpki-client just once a day also results in only making a rsync fetch attempt once a day. If the connection can't be established because of a transient network issue, the RP can easily end up going without contact with the CA Publication Point for close to 48 hours. A lot of CRLs appear to have expiration dates in the range of '24 hours'. I think attempting to contact a CA PP at least once an hour is more appropriate for the various 24-48h sliding windows that are in play. Thoughts? OK? Kind regards, Job Index: crontab =================================================================== RCS file: /cvs/src/etc/crontab,v retrieving revision 1.25 diff -u -p -r1.25 crontab --- crontab 4 Dec 2019 15:07:51 -0000 1.25 +++ crontab 13 Apr 2020 14:34:45 -0000 @@ -19,4 +19,4 @@ HOME=/var/log 30 5 1 * * /bin/sh /etc/monthly #0 * * * * sleep $((RANDOM \% 2048)) && /usr/libexec/spamd-setup -#0 9 * * * -n sleep $((RANDOM \% 4096)) && rpki-client -v && bgpctl reload +#0 * * * * -n sleep $((RANDOM \% 4096)) && rpki-client -v && bgpctl reload
