« Previous | Next » 

Revision 65d2a88d

ID65d2a88dd2aaef7344cfa62918e3ddf4c72ca50a
Parent 2706747f
Child f6e8e141

Added by Pavel TvrdĂ­k almost 4 years ago

RPKI protocol with one cache server per protocol

The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2

Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;

protocol rpki {
debug all;
  1. Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };
  1. Set cache server (validator) address,
  2. overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;
  1. Overwrite default time intervals
    retry 10; # Default 600 seconds
    refresh 60; # Default 3600 seconds
    expire 600; # Default 7200 seconds
    }
protocol rpki {
debug all;
  1. Import only IPv4 routes
    roa4 { table r4; };
  1. Set cache server address to localhost,
  2. use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;
  1. Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
    bird private key "/home/birdgeek/.ssh/id_rsa";
    remote public key "/home/birdgeek/.ssh/known_hosts";
    user "birdgeek";
    };
    }
    ...

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences