• Pavel Tvrdík's avatar
    RPKI protocol with one cache server per protocol · 65d2a88d
    Pavel Tvrdík authored
    The RPKI protocol (RFC 6810) using the RTRLib
    (http://rpki.realmv6.org/) that is integrated inside
    the BIRD's code.
    
    Implemeted transports are:
     - unprotected transport over TCP
     - secure transport over SSHv2
    
    Example configuration of bird.conf:
      ...
      roa4 table r4;
      roa6 table r6;
    
      protocol rpki {
        debug all;
    
        # Import both IPv4 and IPv6 ROAs
        roa4 { table r4; };
        roa6 { table r6; };
    
        # Set cache server (validator) address,
        # overwrite default port 323
        remote "rpki-validator.realmv6.org" port 8282;
    
        # Overwrite default time intervals
        retry   10;         # Default 600 seconds
        refresh 60;         # Default 3600 seconds
        expire 600;         # Default 7200 seconds
      }
    
      protocol rpki {
        debug all;
    
        # Import only IPv4 routes
        roa4 { table r4; };
    
        # Set cache server address to localhost,
        # use default ports tcp => 323 or ssh => 22
        remote 127.0.0.1;
    
        # Use SSH transport instead of unprotected transport over TCP
        ssh encryption {
          bird private key "/home/birdgeek/.ssh/id_rsa";
          remote public key "/home/birdgeek/.ssh/known_hosts";
          user "birdgeek";
        };
      }
      ...
    65d2a88d