• Pavel Tvrdík's avatar
    RPKI protocol with one cache server per protocol · 65d2a88d
    Pavel Tvrdík authored
    The RPKI protocol (RFC 6810) using the RTRLib
    (http://rpki.realmv6.org/) that is integrated inside
    the BIRD's code.
    
    Implemeted transports are:
     - unprotected transport over TCP
     - secure transport over SSHv2
    
    Example configuration of bird.conf:
      ...
      roa4 table r4;
      roa6 table r6;
    
      protocol rpki {
        debug all;
    
        # Import both IPv4 and IPv6 ROAs
        roa4 { table r4; };
        roa6 { table r6; };
    
        # Set cache server (validator) address,
        # overwrite default port 323
        remote "rpki-validator.realmv6.org" port 8282;
    
        # Overwrite default time intervals
        retry   10;         # Default 600 seconds
        refresh 60;         # Default 3600 seconds
        expire 600;         # Default 7200 seconds
      }
    
      protocol rpki {
        debug all;
    
        # Import only IPv4 routes
        roa4 { table r4; };
    
        # Set cache server address to localhost,
        # use default ports tcp => 323 or ssh => 22
        remote 127.0.0.1;
    
        # Use SSH transport instead of unprotected transport over TCP
        ssh encryption {
          bird private key "/home/birdgeek/.ssh/id_rsa";
          remote public key "/home/birdgeek/.ssh/known_hosts";
          user "birdgeek";
        };
      }
      ...
    65d2a88d
Name
Last commit
Last update
..
Doc Loading commit data...
Makefile Loading commit data...
config.Y Loading commit data...
packets.c Loading commit data...
packets.h Loading commit data...
rpki.c Loading commit data...
rpki.h Loading commit data...
ssh_transport.c Loading commit data...
tcp_transport.c Loading commit data...
transport.c Loading commit data...
transport.h Loading commit data...