mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2025-03-22 06:17:04 +00:00
RPKI: Add a documentation
This commit is contained in:
Pavel Tvrdík
parent
4cf229a0b5
commit
ffda86a34d
@ -3485,6 +3485,97 @@ protocol rip {
|
|||||||
}
|
}
|
||||||
</code>
|
</code>
|
||||||
|
|
||||||
|
<sect>RPKI
|
||||||
|
|
||||||
|
<p>The Resource Public Key Infrastructure (RPKI) to Router Protocol (RFC 6810)
|
||||||
|
is a simple but reliable mechanism to receive Resource Public Key
|
||||||
|
Infrastructure (RFC 6480) prefix origin data from a trusted cache.
|
||||||
|
|
||||||
|
It is possible to configure only one cache server per protocol yet.
|
||||||
|
|
||||||
|
<code>
|
||||||
|
protocol rpki [<name>] {
|
||||||
|
roa table <name>;
|
||||||
|
cache <ip> | "<domain>" {
|
||||||
|
port <num>;
|
||||||
|
ssh encryption {
|
||||||
|
bird private key "</path/to/id_rsa>";
|
||||||
|
cache public key "</path/to/known_host>";
|
||||||
|
user "<name>";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
</code>
|
||||||
|
|
||||||
|
<sect1>RPKI protocol options
|
||||||
|
<descrip>
|
||||||
|
<tag>roa table <m/name/</tag>
|
||||||
|
Specifies the roa table into which will import the routes from cache.
|
||||||
|
This option is required.
|
||||||
|
|
||||||
|
<tag>cache <m/ip/ | "<m/domain/" [ { <m/cache options.../ } ]</tag>
|
||||||
|
Specifies a destination address of the cache server.
|
||||||
|
Can be specified by an IP address or by full domain name.
|
||||||
|
By default there is no encryption in transport.
|
||||||
|
Only one cache can be specified per protocol.
|
||||||
|
</descrip>
|
||||||
|
|
||||||
|
<sect1>Cache options
|
||||||
|
<descrip>
|
||||||
|
<tag>port <m/num/</tag>
|
||||||
|
Specifies the port number.
|
||||||
|
The default port number is 8282 for transpoert without any encryption
|
||||||
|
and 22 for transport with SSH encryption.
|
||||||
|
|
||||||
|
<tag>ssh encryption { <m/ssh encryption options.../ }</tag>
|
||||||
|
This enables a SSH encryption.
|
||||||
|
</descrip>
|
||||||
|
|
||||||
|
<sect1>SSH encryption options
|
||||||
|
<descrip>
|
||||||
|
<tag>bird private key "<m///path/to/id_rsa"</tag>
|
||||||
|
A path to the BIRD's private SSH key for authentication.
|
||||||
|
It can be a <cf/id_rsa/ file.
|
||||||
|
|
||||||
|
<tag>cache public key "<m///path/to/known_host"</tag>
|
||||||
|
A path to the cache's public SSH key for verification identity
|
||||||
|
of the cache server. It could be a <cf/known_host/ file.
|
||||||
|
|
||||||
|
<tag>user "<m/name/"</tag>
|
||||||
|
A SSH user name for authentication. This option is a required.
|
||||||
|
</descrip>
|
||||||
|
|
||||||
|
<sect1>Examples
|
||||||
|
<p>A simple configuration without transport encryption:
|
||||||
|
<code>
|
||||||
|
roa table my_roa_table;
|
||||||
|
protocol rpki {
|
||||||
|
debug all;
|
||||||
|
roa table my_roa_table;
|
||||||
|
|
||||||
|
cache "rpki-validator.realmv6.org";
|
||||||
|
}
|
||||||
|
</code>
|
||||||
|
|
||||||
|
<p>A configuration using SSHv2 transport encryption:
|
||||||
|
<code>
|
||||||
|
roa table my_roa_table;
|
||||||
|
protocol rpki {
|
||||||
|
debug all;
|
||||||
|
roa table my_roa_table;
|
||||||
|
|
||||||
|
cache 127.0.0.1 {
|
||||||
|
port 2345;
|
||||||
|
ssh encryption {
|
||||||
|
bird private key "/home/birdgeek/.ssh/id_rsa";
|
||||||
|
cache public key "/home/birdgeek/.ssh/known_hosts";
|
||||||
|
user "birdgeek";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
</code>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<sect>Static
|
<sect>Static
|
||||||
|
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
C rpki.c
|
S rpki.c
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user