• Pavel Tvrdík's avatar
    RPKI protocol with one cache server per protocol · 65d2a88d
    Pavel Tvrdík authored
    The RPKI protocol (RFC 6810) using the RTRLib
    (http://rpki.realmv6.org/) that is integrated inside
    the BIRD's code.
    
    Implemeted transports are:
     - unprotected transport over TCP
     - secure transport over SSHv2
    
    Example configuration of bird.conf:
      ...
      roa4 table r4;
      roa6 table r6;
    
      protocol rpki {
        debug all;
    
        # Import both IPv4 and IPv6 ROAs
        roa4 { table r4; };
        roa6 { table r6; };
    
        # Set cache server (validator) address,
        # overwrite default port 323
        remote "rpki-validator.realmv6.org" port 8282;
    
        # Overwrite default time intervals
        retry   10;         # Default 600 seconds
        refresh 60;         # Default 3600 seconds
        expire 600;         # Default 7200 seconds
      }
    
      protocol rpki {
        debug all;
    
        # Import only IPv4 routes
        roa4 { table r4; };
    
        # Set cache server address to localhost,
        # use default ports tcp => 323 or ssh => 22
        remote 127.0.0.1;
    
        # Use SSH transport instead of unprotected transport over TCP
        ssh encryption {
          bird private key "/home/birdgeek/.ssh/id_rsa";
          remote public key "/home/birdgeek/.ssh/known_hosts";
          user "birdgeek";
        };
      }
      ...
    65d2a88d
Name
Last commit
Last update
client Loading commit data...
conf Loading commit data...
doc Loading commit data...
filter Loading commit data...
lib Loading commit data...
misc Loading commit data...
nest Loading commit data...
proto Loading commit data...
sysdep Loading commit data...
tools Loading commit data...
.cvsignore Loading commit data...
Doc Loading commit data...
INSTALL Loading commit data...
Makefile.in Loading commit data...
NEWS Loading commit data...
README Loading commit data...
TODO Loading commit data...
aclocal.m4 Loading commit data...
bird.conf Loading commit data...
configure.in Loading commit data...