RPKI publication

• Previous message (by thread): RPKI publication
• Next message (by thread): RPKI publication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 23, 2018 at 2:31 PM Alex Band <alex at nlnetlabs.nl> wrote:

> Hi Jeff,
>
> While I can’t offer you a solution today, I’m happy to tell you we’ve
> recognised this particular use case and are working on a free, open source
> solution.
>
> We're building a toolset that allows you to run a CA as a child of one or
> multiple RIRs transparently and publish using your own or a third party
> publication server. In addition, we’ll provide validation software.
>
> https://www.nlnetlabs.nl/projects/rpki/project-plan/
>
> For the validation software we have running code that is already used in
> production in various places:
>
> https://github.com/NLnetLabs/routinator
>
> With development ongoing, we’re still in the process of getting this fully
> funded as we’re a small non-profit. So far the RIPE NCC Community Projects
> Fund and Brazilian registry NIC.br are contributing to financing this
> project. Our goal to to provide something that is on par with our other
> projects, such as NSD and Unbound.
>
> Happy to keep you updated on the progress.
>
> Cheers,
>
> Alex Band
> NLnet Labs
>
> > On 23 Nov 2018, at 18:51, Jeff McAdams <jeffm at iglou.com> wrote:
> >
> > OK, I'm trying to do the responsible thing and further the progress and
> > deployment of RPKI.  I feel like I have a pretty good handle on a path
> > forward for doing validation and routing-policy based on ROA validation.
>

hey thanks! :)


> > However, I also feel like I'm really banging my head against a wall
> trying
> > to set up publication of ROAs.  $employer has IP space from several RIRs,
> > and enough space that there is a pretty strong desire to have our own
> > publication system for this, but I'm really struggling to find extant
> > software to do this.
>

I think there are 3 options:
  ripe validator v2 (potentially v3?) -
https://github.com/RIPE-NCC/rpki-validator

https://github.com/RIPE-NCC/rpki-validator-3
  rpki.net validator - https://github.com/dragonresearch/rpki.net
  bbn rpstir - https://github.com/bgpsecurity/rpstir

> Are there people doing their own publication?  Or is everyone just using
> > Hosted ARIN/RIPE/APNIC/etc. systems?  My colleagues and I feel like
> trying
> > to manage and automate processes against multiple RIRs is not ideal, so
> > setting up a publication system that can use the Up-Down protocol, or
> > perhaps publish our own publication points, or whatever is the best way
> to
> > handle this would be desired.
> >
> > Can anyone point me to some facilitating resources on this?  Software
> > packages that are reasonably current and maintained and not a total pain
> > to deploy?
> >
> > --
> > Jeff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181123/31a20f17/attachment.html>

• Previous message (by thread): RPKI publication
• Next message (by thread): RPKI publication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]