a5136b7b634b9cdc16dc51b47ecf70eb3889d205
ROA-slash-RPKI.md
... | ... | @@ -0,0 +1,62 @@ |
1 | +[[_TOC_]] |
|
2 | + |
|
3 | + |
|
4 | +## What is ROA? |
|
5 | + |
|
6 | +A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information. |
|
7 | + |
|
8 | +## What is RPKI? |
|
9 | + |
|
10 | +Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure. |
|
11 | +It provides a way to connect number resource information to a trust anchor. |
|
12 | + |
|
13 | +## What is RTR? |
|
14 | + |
|
15 | +The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information. |
|
16 | +It provides the router with validity information regarding prefix origination: |
|
17 | + |
|
18 | +* VALID |
|
19 | + The route announcement is covered by a ROA and the announcing AS is validated |
|
20 | +* INVALID |
|
21 | + The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking) |
|
22 | +* UNKNOWN |
|
23 | + There exists no ROA for the route announcement |
|
24 | + |
|
25 | +## How can I implement ROA on dn42? |
|
26 | + |
|
27 | +On dn42 we generate ROA information from the dn42 registry. |
|
28 | +ROA json/bird files can be generated using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv). |
|
29 | +It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr). |
|
30 | + |
|
31 | +### dn42regsrv |
|
32 | + |
|
33 | +You can find a hosted example of dn42regsrv at https://explorer.burble.com/ |
|
34 | + |
|
35 | +Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.dn42.us/burble/dn42regsrv). |
|
36 | + |
|
37 | +You can also run dn42regsrv via docker (then available at 127.0.0.1:8042): |
|
38 | + |
|
39 | + git checkout https://git.dn42.us/burble/dn42regsrv.git . |
|
40 | + cd contrib/docker |
|
41 | + docker-compose build |
|
42 | + docker-compose up -d |
|
43 | + |
|
44 | +Documentation for the api endpoints can be found here: https://git.dn42.us/burble/dn42regsrv/src/master/API.md |
|
45 | + |
|
46 | +### gortr |
|
47 | + |
|
48 | +burble kindly provides ready-to-use files for gortr here: |
|
49 | + |
|
50 | +https://dn42.burble.com/roa/dn42_roa_46.json |
|
51 | + |
|
52 | +You can use these to simply run gortr via docker: |
|
53 | + |
|
54 | + docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082 |
|
55 | + |
|
56 | +### This is all to complicated, is there an easy all-in-one package for RTR? |
|
57 | + |
|
58 | +TODO: Publish docker-compose-yml to git for gortr+dn42regsrv |
|
59 | + |
|
60 | +### How do I integrate RTR with my BGP implementation |
|
61 | + |
|
62 | +You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages. |
|
... | ... | \ No newline at end of file |