RPKI process efficiency

Darshan Kowlaser darshan at darshankowlaser.com
Mon Nov 25 08:22:11 UTC 2024


Hello

I'm experiencing high CPU usage on my RPKI process which is very odd. To
elaborate, I have two vyos boxes that have similar configuration for the
edge just handling BGP and OSPF to the core. On one of the routers I have
excessively high CPU usage and when checking the processes RPKI sits very
high compared to the other router.

FRR Version:
`*FRRouting 9.1.1 (za-ct-ter-dc-rt-edge-01) on Linux(6.6.43-amd64-vyos).*


*Copyright 1996-2005 Kunihiro Ishiguro, et al.configured with:
'--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include'
'--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'
'--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking'
'--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu'
'--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
'--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr'
'--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager'
'--libdir=/usr/lib/x86_64-linux-gnu/frr'
'--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules'
'--disable-dependency-tracking' '--enable-rpki' '--enable-scripting'
'--enable-pim6d' '--with-libpam' '--enable-doc' '--enable-doc-html'
'--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq'
'--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256'
'--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty'
'--enable-configfile-mask=0640' '--enable-logfile-mask=0640'
'build_alias=x86_64-linux-gnu' 'PYTHON=python3'*
`

Here is my RPKI configuration on the router experiencing high process CPU
usage :

In Vtysh:
`*rpki*

* rpki cache cpt-rpki-validator-01.example.xyz
<http://cpt-rpki-validator-01.example.xyz> 3323 preference 1 rpki cache
cpt-rpki-validator-02.example.xyz
<http://cpt-rpki-validator-02.example.xyz> 8282 preference 2*
`

In VyOS:
`*set protocols rpki cache cpt-rpki-validator-01.example.xyz
<http://cpt-rpki-validator-01.example.xyz> port '3323'*



* set protocols rpki cache cpt-rpki-validator-01.example.xyz
<http://cpt-rpki-validator-01.example.xyz> preference '1' set protocols
rpki cache cpt-rpki-validator-02.example.xyz
<http://cpt-rpki-validator-02.example.xyz> port '8282' set protocols rpki
cache cpt-rpki-validator-02.example.xyz
<http://cpt-rpki-validator-02.example.xyz> preference '2'*
* set protocols rpki polling-period '3600*
`

The only thing different on the other box is that the server preference is
inverted. RPKI servers are running routinator and stayRTR, the router with
the issue preferences routinator. See below showing that it is the most
intensive process on the CPU :

[image: image.png]

Would be greatly appreciated if anyone could advise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20241125/d05e62a7/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 32278 bytes
Desc: not available
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20241125/d05e62a7/attachment-0001.png>


More information about the frog mailing list