summaryrefslogtreecommitdiff
path: root/proto/rpki/rpki.h
AgeCommit message (Collapse)Author
2024-02-22RPKI: Add 'local address' configuration optionJob Snijders
Allow to explicitly configure the source IP address for RPKI-To-Router sessions. Predictable source addresses are useful for minimizing the holes to be poked in ACLs. Changed from 'source address' to 'local address' by committer.
2020-10-11RPKI: Add 'ignore max length' optionOndrej Zajicek (work)
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
2017-12-07RPKI: Update to new timersOndrej Zajicek (work)
2016-12-13Minor cleanupsOndrej Zajicek (work)
2016-12-07RPKI protocol with one cache server per protocolPavel TvrdĂ­k
The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ...