mirrors/bird
mirrors/bird
0
0
Fork 0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-18 00:58:42 +00:00
Code Releases Activity
4,254 Commits 142 Branches 57 Tags 30 MiB
b4196b70c4
Commit Graph

8 Commits

Author SHA1 Message Date
Job Snijders
8dc2a36ae5 RPKI: Add TCP-MD5 authentication option 
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.

Minor changes by committer.
 2024-10-03 16:25:29 +02:00
Job Snijders
e2728c8078 RPKI: Add 'local address' configuration option 
Allow to explicitly configure the source IP address for RPKI-To-Router
sessions. Predictable source addresses are useful for minimizing the
holes to be poked in ACLs.

Changed from 'source address' to 'local address' by committer.
 2024-02-22 14:58:29 +01:00
Ondrej Zajicek
116285f2b0 RPKI: Fix conflict in config grammar 2023-08-25 04:32:01 +02:00
Ondrej Zajicek (work)
fc1e3211b1 RPKI: Add 'ignore max length' option 
Add 'ignore max length' option to RPKI protocol, which ignores received
max length in ROA records and instead uses max value (32 or 128). This
may be useful for implementing loose RPKI check for blackholes.
 2020-10-11 01:00:54 +02:00
Maria Matejka
027a3e66f7 RPKI: Allow build without libSSH 2020-02-04 10:15:35 +01:00
Vincent Bernat
3b62417c35 RPKI: Fix allocation of hostname when using an IPv6 address 2019-07-29 15:42:30 +02:00
Jan Maria Matejka
f851f0d7e3 Config: Dropping CF_ADDTO. 2018-06-26 14:29:03 +02:00
Pavel Tvrdík
65d2a88dd2 RPKI protocol with one cache server per protocol 
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...
 2016-12-07 09:35:24 +01:00