Reliable IRR mirroring with NRTMv4

Near Real Time Mirroring (NRTM) v3 has been the standard for IRR database mirroring for decades, but it has significant problems: no integrity verification, poor scalability, no formal specification, and reliability issues that are hard to diagnose. It can break in fascinating yet invisible ways, allowing mirrors to silently run out of sync.

NRTMv4 is its replacement. It uses HTTPS transport, detects and recovers from synchronization issues, uses cryptographic signing to guarantee integrity, and is designed to scale where needed. The RIPE side of this work took place under NWI-12. The draft is currently in IETF Last Call and already implemented in both the RIPE Database and IRRD.

As co-author of the protocol and the author of IRRD's NRTM implementations, I'll discuss protocol design, trade-offs, how to migrate, and what you should know.