Hi, I've been working on a BGPSEC implementation using BIRD. A requirement of the BGPSEC protocol is the availability of origin authentication using the RPKI. I understand that BIRD has implemented roa_tables that will allow a user to filter routes based on asn/prefix information pulled from the RPKI. It looks like it would be pretty straight forward to have a separate tool that uses one of the available RPKI pulling packages and then populates the roa_tables using BIRD's CLI or configuration interface. But for the sake of not duplicating effort and to make sure that I'm not missing anything, is this the expected method for someone supporting origin authentication in BIRD? or are there (currently) future plans for support that is more integral to BIRD? Thanks, Mike -- Michael Baer PARSONS baerm@tislabs.com
On Thu, Sep 05, 2013 at 10:01:48PM -0700, Michael Baer wrote:
Hi,
But for the sake of not duplicating effort and to make sure that I'm not missing anything, is this the expected method for someone supporting origin authentication in BIRD? or are there (currently) future plans for support that is more integral to BIRD?
There are no official shell scripts or other tool to fill roa tables, Future plan is to have 'rpki' protocol that connects to RPKI cache using RFC 6810 protocol and fills roa tables. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Michael Baer -
Ondrej Zajicek