rpki rsync download delay modeling
play

RPKI rsync Download Delay Modeling Steve Kent and Kotikalapudi - PowerPoint PPT Presentation

Dec 18, 2022 •242 likes •549 views

RPKI rsync Download Delay Modeling Steve Kent and Kotikalapudi Sriram Email: kent@bbn.com ; ksriram@nist.gov March 11, 2013 IETF-86 SIDR WG Meeting, Orlando, FL The authors wish to thank David Mandelberg, Andrew Chi, and Rob Austein for

  1. RPKI rsync Download Delay Modeling Steve Kent and Kotikalapudi Sriram Email: kent@bbn.com ; ksriram@nist.gov March 11, 2013 IETF-86 SIDR WG Meeting, Orlando, FL The authors wish to thank David Mandelberg, Andrew Chi, and Rob Austein for sharing RPKI rsync measurement data. Thanks are also due to Chris Morrow, Doug Montgomery, Sandy Murphy, and Randy Bush for comments and suggestions. 1

  2. Executive Summary • New measured values of rsync speed (ms/object) for the hierarchic-structured rpki.ripe.net are much lower:  12 ms/object (BBN) and 17 ms/object (Austein) (see [1][2][3])  These basic per unit measurements are 52X and 35X lower, respectively, than what was measured in the past (avg. 628 ms/object) (see [4] for the previous measurement data; [5] reported an analysis using the data in [4]). • In the model presented here, the rsync download delays have been estimated for realistic ranges of # repositories, #RPKI objects, and ms/object measure. • We have also included parallel fetching by each relying party (RP) from multiple repositories.  Parallel fetching lowers the total (system wide) delay to perform rsync. This is a realistic assumption, and has been implemented and tested (by BBN). • The effects of session setup overheads have also been included explicitly in the model. • Based on the results of this modeling, we project global rsync delays, as seen by each RP doing an incremental fetch, to be in the range of single digit minutes to tens of minutes.  Even lower values are possible with additional optimizations to current prototype and production RPKI systems. 2

  3. How Many Publication Points Publication Points # RIRs 5 5 # ASes 43,000 % of ASes with a single allocation source 90% % of ASes with multiple (2) allocation sources 10% Avg. # of sources from which an AS has allocations 1.1 % Stub AS 84% % non-stub AS 16% # Stub Ases 36,120 39,732 # Non-stub ASes 6,880 7568 Total # Publication Points 47305 Citation for the (84%,16%) stub, non-stub AS data (measurements by Randy Bush): See slide 15 in [7]. 3

  4. Estimation of # RPKI Objects Grand Total # Objects per Pub Point non-Stub Stub AS AS RIR Object type * Note 1 1 7 1515 CA cert CRL 1 1 1 Manifest 1 1 1 Ghostbuster Record 1 1 1 ROA 1 1 1 Router certs 2 10 0 ** Note 2 Totals (per AS or RIR) 7 21 1,519 Totals (multiply line above by corresponding # Pub Points): Without router certs 198,660 83,248 7,593 289,501 With router certs 278,124 158,928 7,593 444,645 * Note 1: Each non-stub AS pub point carries 6 CA certs (on average) of stub ASes, and each RIR carries 1514 CA certs (on average) of non-stub ASes, see slide 3. ** Note 2: Router certs: One pair (current + next) per stub AS; 5 pairs per non-stub AS (non-stubs have 5 zones of trust on average in their AS). Path validation (i.e., with router certs) Origin validation only (i.e., no router certs) 4

  5. Frequency of Changes in RPKI Objects Change frequency non-Stub Stub AS AS RIR Object type CA cert annually annually annually CRL daily daily daily Manifest daily daily daily Ghostbuster Record annually annually annually ROA annually annually annually daily or daily or annually annually n/a Router certs If periodic key rollover is used for replay protection then router certs change every 24 hours or so. 5

  6. Rate of Changes in RPKI Objects when Router Certs Rollover Annually Grand Total Changes Changes per day at each (per Day) Pub Point non-Stub Object type Stub AS AS RIR CA cert 0.0027 0.0192 4.1496 CRL 1.0000 1.0000 1.0000 Manifest 1.0000 1.0000 1.0000 These numbers do not Ghostbuster Record 0.0027 0.0027 0.0027 include newly added ROA 0.0027 0.0027 0.0027 pub points, just changes Router certs 0.0055 0.0274 0.0000 to existing pub points. Totals (per AS or RIR) 2.0137 2.0521 6.1551 Totals (multiply line 365 days per year above by corresponding # Pub Points): Without router certs 79,791 15,323 31 95,144 With router certs 80,008 15,530 31 95,569 Path validation (router certs rollover annually) Origin validation only 6

  7. Rate of Changes in RPKI Objects when Router Certs Rollover Daily Grand Total Changes Changes per day at each (per Day) Pub Point non-Stub Stub AS AS RIR Object type CA cert 0.0027 0.0192 4.1496 These numbers do CRL 1.0000 1.0000 1.0000 not include newly Manifest 1.0000 1.0000 1.0000 added pub points, Ghostbuster Record 0.0027 0.0027 0.0027 ROA 0.0027 0.0027 0.0027 just changes to Router certs 2.0000 10.0000 0.0000 existing pub points. Totals (per AS or RIR) 4.0082 12.0247 6.1551 365 days per year Totals (multiply line above by corresponding # Pub Points): 159,255 91,003 31 250,288 Path validation (router certs rollover daily) 7

  8. # RPKI Objects Downloaded in Each of Five Scenarios #Objects downloade d per Scenarios instance All objects rsync download (w/o Rtr certs) 289,501 All objects rsync download (with Rtr certs) 444,645 Download changes only at 24-hr polling intervals (w/o router certs) 95,144 Download changes only at 24-hr polling intervals (with router certs - rollover annually) 95,569 Download changes only at 24-hr polling intervals (with router certs - rollover daily) 250,288 8

  9. Rsync Delay Measurements Measurements for rpki.ripe.net with hierarchic repository structure Measurement (RIPE Heirarchical) BBN's Rob Austein's R # RPKI Objects 4,898 4,690 X Total time to sync (sec) 59.04 80.78 sec S = X*1000/R sync time per object (ms/obj) 12.05 17.22 ms rsync session setup/teardown C overhead (sec per session) 1.22 0.5 sec # rsync sessions per visit to a TA repository 3 3 # rsync sessions per visit to a non-TA repository 1 1 • X includes all components of delay: (1) rsync session setup/teardown overheads (negligible because only 3 sessions are involved), (2) rsync processing plus network delays (propagation, TCP flow control, etc.). • The 17.22 ms ms/object measurement is 36X lower than the average 628 ms/object number used in [5], where it was derived from measurement data with flat repository structure from [4]. Citations: 1. Austein’s measurements: see slide 24 in [1]; also see slides 6, 10 in [2].; also see slides 10, 11 here. 2. BBN’s measurements: Private communication [3]. 9

  10. # rsync Sessions to Repository rpki.ripe.net # rsync Sessions to Repository per Visit Flat Repository Structure ~ 1200 Hierarchic Repository Structure 3 RIPE transitions from Flat to Hierarchic Repository Structure Citation: Austein’s measurements – see slides 6 in [2]. 10

  11. Seconds/Object rpki.ripe.net Flat Repository Seconds to transfer per Object Structure (average per session) ~ 800 ms Hierarchic Repository Structure ~ 17 ms RIPE transitions from Flat to Hierarchic Repository Structure Citation: Austein’s measurements – see slides 10 in [2]. 11

  12. Measurements with Synthesized RPKI Objects: ms/Object (w/o Network Delays) 0.5 0.4 Rsync ms/object 0.3 0.2 0.1 0 100,000 150,000 200,000 250,000 300,000 50,000 0 Total Number of Objects • Client and repository running on two virtual machines on the same computer (Intel Core i7 CPU at 2.2 GHz) • So no network delays are involved Source: Measurement data from D. Mandelberg BBN [4]. 12

  13. Measurements with Synthesized RPKI Objects: Measured rsync Delay (with Network Delays) 2000 0% of Objects Changed 1800 20% of Objects Changed 40% of Objects Changed 1600 Total time to sync (seconds) 60% of Objects Changed 1400 80% of Objects Changed 1200 100% of Objects Changed 1000 800 600 TCP receive 400 window scaling enabled by default 200 in Linux kernels 0 100000 200000 300000 400000 500000 600000 700000 Number of Objects • Client: VM in Boston, MA with two 2.4GHz, 2GB RAM • Server: Amazon EC2 m1.large instance in Tokyo (two cores, 7.4GB ram) Source: Measurement data from D. Mandelberg BBN [4]. 13

  14. Measurements with Synthesized RPKI Objects: ms/Object (with Network Delays) 6 20% of Objects Changed 40% of Objects Changed 60% of Objects Changed 5 rsync time per object (ms/object) 80% of Objects Changed 100% of Objects Changed 4 Avg. ms/obj 3 = 2.15 ms 2 TCP receive window scaling 1 enabled by default in Linux kernels 0 100000 200000 300000 400000 500000 600000 700000 Number of Objects • Client: VM in Boston, MA with two 2.4GHz, 2GB RAM • Server: Amazon EC2 m1.large instance in Tokyo (two cores, 7.4GB ram) Source: Measurement data from D. Mandelberg BBN [4]. 14

  15. Other Modeling Parameters • All stub ASes are expected to outsource CA/repository operation Repostories: • Some of the non-stub ASes will R = # repositories (range considered) 500 - 7,000 also outsource • A fraction of non-stub ASes will operate CAs/repositories • Total # non-sub ASes = 6880 • This study varies the # repositories from 500 to 7000 Parallel fetching: F = # parallel fetches (RP simultaneously • RP can run even 20 to 30 rsync fetching from different repositories) 5 fetch threads simultaneously to different repositories • We conservatively assume 5X speedup due to parallel fetches 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net 1 RPKI uses rsync RPKI uses rsync as its data publica>on protocol for wider

681 views • 47 slides
A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay) Chung (https://tijay.github.io) Assistant Professor Rochester Institute of Technology 1 Outlines RPKI deployment and invalid route origins

583 views • 43 slides
Connectivity modeling with Circuitscape download page on Circuitscape.org Kim Hall, The Nature

Connectivity modeling with Circuitscape download page on Circuitscape.org Kim Hall, The Nature

Download Circuitscape 5.0 from Connectivity modeling with Circuitscape download page on Circuitscape.org Kim Hall, The Nature Conservancy & Download test data if you like... Ranjan Anantharaman, MIT & formerly Julia Computing Visit

499 views • 32 slides
Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing RPKI Statistics challenges IRR Status Do we have a Research solution? Opportunities Using ARINs RPKI components @

889 views • 51 slides
Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1 Thursday, August 1, 13 RPKI Tools The authors believe the information already contained in the RPKI has value in itself, even for operators not

305 views • 11 slides
AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

SECURING THE INTERNET VALIDATING ROUTING WITH RPKI AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot 2020 RPKI Feb 20 ABOUT REANNZ New Zealands NREN Engineering team of 7

662 views • 54 slides
From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny Cooper Leonid Reyzin Sharon Goldberg Boston University Aug 2014 Overview Motivation: The RPKI* (2011 to present) secures interdomain routing,

660 views • 27 slides
On Delay-Storage Trade-o ff s in Content Download from Coded Distributed Storage Systems Gauri

On Delay-Storage Trade-o ff s in Content Download from Coded Distributed Storage Systems Gauri

On Delay-Storage Trade-o ff s in Content Download from Coded Distributed Storage Systems Gauri Joshi (MIT) joint work with Yanpei Liu (UW-Madison) Emina Soljanin (Bell Labs) DIMACS Workshop on Algorithms for Green Data Storage Gauri Joshi

477 views • 24 slides
Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania December 10, 2019 Research supported by NSF EAGER Award #1748362 Global RPKI Deployment ASes Validating Routes 5%, 5 3%, 3 9%, 8 12%, 11 71%, 65

216 views • 8 slides
RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing Security 2 Routing Registry route objects RPKI (Resource Public Key Infrastructure) ROAs (Route Origin Authorisation) RPKI and Routing

422 views • 31 slides
RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI Overview Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 2 Simply put 3 parts - Create certificates - Install/run validator -

562 views • 17 slides
Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer

Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer

Applied Networking Research Workshop 2020 acm sigcomm Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer SIT Motivation - Resource Public Key Infrastructure (RPKI) secures the interdomain routing

586 views • 39 slides
Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0 Project: New RPKI system DNSSEC v2.0 Project: New DNSSEC signer IETF activities: Identity and join key WGs and RGs African Internet Resources

308 views • 13 slides
Interconnect Gate delay Wire delay The delay in VLSI circuits have two components Gate delay (

Interconnect Gate delay Wire delay The delay in VLSI circuits have two components Gate delay (

Advanced Digital IC-Design Propagation Delay Lumped C p Distributed model C model Interconnect Gate delay Wire delay The delay in VLSI circuits have two components Gate delay ( t pHL / t pLH ) Wire (interconnect) delay ( t w ) The Wire

492 views • 20 slides
A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Validator http://rpki.net/ A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts Connection Counts Objects/Connection Seconds/Object Rob Austein

663 views • 32 slides
Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study. IETF 89 LONDRES MARCH 2014 Fabin Meja Why and who? BGP origin validation based on RPKI is in early stages of deployment. It is necessary to

314 views • 13 slides
A/B Testing in the Wild Disclaimer: This talk represents my own views, not those of Etsy Ov

A/B Testing in the Wild Disclaimer: This talk represents my own views, not those of Etsy Ov

Emily Robinson @robinson_es A/B Testing in the Wild Disclaimer: This talk represents my own views, not those of Etsy Ov Overview INTRODUCTION CHALLENGES & LESSONS A/B Testing Etsy Business Statistical Et Etsy Etsy is a global

886 views • 55 slides
7 Step Framework Training Step 1: Define the problem Why does it matter? In this training

7 Step Framework Training Step 1: Define the problem Why does it matter? In this training

Global Consulting Team 7 Step Framework Training Step 1: Define the problem Why does it matter? In this training section, we will explore how to best define the problem when starting a consulting assignment. The follow slide has 2 case

650 views • 64 slides
$ Lesson Eight Saving and Investing 04/09 pay yourself first (a little can add up) example 1:

$ Lesson Eight Saving and Investing 04/09 pay yourself first (a little can add up) example 1:

Presentation Slides $ Lesson Eight Saving and Investing 04/09 pay yourself first (a little can add up) example 1: Save this each week At % Interest In 10 years youll have $7.00 5% $4,720 $14.00 5% $9,441 $21.00 5% $14,161 $28.00

438 views • 17 slides
Mechanisms and Algorithms Shuai Yuan, MediaGamma Ltd Weinan Zhang, UCL Jun Wang, UCL

Mechanisms and Algorithms Shuai Yuan, MediaGamma Ltd Weinan Zhang, UCL Jun Wang, UCL

ECIR16 Tutorial Real-Time Bidding based Display Advertising: Mechanisms and Algorithms Shuai Yuan, MediaGamma Ltd Weinan Zhang, UCL Jun Wang, UCL Shuai.yuan@mediagamma.com {w.zhang, j.wang}@cs.ucl.ac.uk Table of contents RTB system

1.31k views • 101 slides
Working Group on Sterling Risk-Free Rates Detailed Loans Conventions September 2020 Not for

Working Group on Sterling Risk-Free Rates Detailed Loans Conventions September 2020 Not for

Working Group on Sterling Risk-Free Rates Detailed Loans Conventions September 2020 Not for wider circulation Contents # Agenda Page No. 1 SONIA Market Conventions Overview 3-4 Recommended Convention - Lookback without Observation Shift 1

508 views • 22 slides
Welcome to 4th Grade Curriculum Night Pittsfield Elementary School -Ms. VanRiper Curriculum

Welcome to 4th Grade Curriculum Night Pittsfield Elementary School -Ms. VanRiper Curriculum

Welcome to 4th Grade Curriculum Night Pittsfield Elementary School -Ms. VanRiper Curriculum Night Agenda Teacher Introductions Learning Targets Classroom Management & Online Learning Daily Schedule Grade Level Curriculum & Standards

455 views • 29 slides
Healthcare + Economic Development Jolynn Suko, Chief Innovation Officer GETTING BACK TO

Healthcare + Economic Development Jolynn Suko, Chief Innovation Officer GETTING BACK TO

Healthcare + Economic Development Jolynn Suko, Chief Innovation Officer GETTING BACK TO BUSINESS Thanks for doing your part to slow the spread Able to handle the surge Hospitalized COVID-positive cases plateaued Restarting

893 views • 43 slides
Introduction to Boosted Trees Tianqi Chen Oct. 22 2014 Outline Review of key concepts of

Introduction to Boosted Trees Tianqi Chen Oct. 22 2014 Outline Review of key concepts of

Introduction to Boosted Trees Tianqi Chen Oct. 22 2014 Outline Review of key concepts of supervised learning Regression Tree and Ensemble (What are we Learning) Gradient Boosting (How do we Learn) Summary Elements in Supervised

631 views • 41 slides

More recommend