May 22, 2012

On mirrors and why there are so few

Yes, I said few.

Even if in my blog post about Debian's ever-growing mirrors network it seemed like we have a lot of mirrors, truth be told: they are too few. There are many partial or even complete mirrors out there that are not listed.

If you are the administrator of one of those mirrors, please consider submitting your Debian mirror. It helps keep track of them and expose them to more users.

Granted, there are some that due to policies (on remote connections, bandwidth use, etc.) they are kept private. Hidden behind a LAN, hoping that people inside actually use them. As of this time, there's not much that can be done about them. If they were to be listed somewhere, there's no way for somebody to check them from the outside.

Some other mirror networks require that an IP (or a range) be whitelisted, allowing them to access the mirrors from the outside to perform routine checks. For some reason, I thought Fedora's was one of them but, apparently, they use a different approach: they ask private mirrors to run a tool.

I think that each approach has its pros and cons.


  1. Hi,

    I guess the most frequent reason for private mirrors not to be opened to the WAN, is that the mirroring and package distribution infrastructure is done through FTP or HTTP, so basically its "serve the file completely or not at all".

    This causes 2 things... clogs peak wise or evenly the WAN lines of willing administrators which unfortunately have corporate or institutional data to get through first (maybe even their private home network). They solve it by regulating the bandwidth given to the task... which takes us to the second point; The download for the client getting the package wont be that great, since he is bound to only one resource and this resource is bound to be limited or dampend to protect the throughput of the local infrastructure.
    Of course this is not quite accurate if you have your mirror somewhere in a university network or equivalent. But then we are stuck again where we are, with limited mirrors (basically current state of affairs).

    I guess we need decentralization of the package distribution and acquirement system. Basically harness bandwidth's of smaller privates and other sources.

    A nice initiative;
    But seemingly has not pushed through (yet?), at least not for a long time. I do not think using the raw form of the classical concept of torrents would do a good job, agreeing with some contras stated in the wiki. But all in all I do believe that package repositories in general are in dire need of decentralization. And it could not hurt to somehow maintain compatibility with the torrent protocol, to even pool some bandwidth from users.

    Best regards,

    1. The point of listing private (rather, restricted) mirrors would be to allow users within the LAN to find them. Either to be chosen manually (from the installer's mirrors list, for instance) or automatically (using an approach like Fedora's mirrors system, or OpenSUSE's mirrorbrain:, for instance).

      As for debtorrent, it is a nice idea but the wrong approach. apt-p2p solved what I consider are its main shortcomings. I even recommend it. It is dead, however.