nanog mailing list archives
Re: RPKI publication
From: Alex Band <alex () nlnetlabs nl>
Date: Fri, 23 Nov 2018 20:30:50 +0100
Hi Jeff, While I can’t offer you a solution today, I’m happy to tell you we’ve recognised this particular use case and are working on a free, open source solution. We're building a toolset that allows you to run a CA as a child of one or multiple RIRs transparently and publish using your own or a third party publication server. In addition, we’ll provide validation software. https://www.nlnetlabs.nl/projects/rpki/project-plan/ For the validation software we have running code that is already used in production in various places: https://github.com/NLnetLabs/routinator With development ongoing, we’re still in the process of getting this fully funded as we’re a small non-profit. So far the RIPE NCC Community Projects Fund and Brazilian registry NIC.br are contributing to financing this project. Our goal to to provide something that is on par with our other projects, such as NSD and Unbound. Happy to keep you updated on the progress. Cheers, Alex Band NLnet Labs
On 23 Nov 2018, at 18:51, Jeff McAdams <jeffm () iglou com> wrote: OK, I'm trying to do the responsible thing and further the progress and deployment of RPKI. I feel like I have a pretty good handle on a path forward for doing validation and routing-policy based on ROA validation. However, I also feel like I'm really banging my head against a wall trying to set up publication of ROAs. $employer has IP space from several RIRs, and enough space that there is a pretty strong desire to have our own publication system for this, but I'm really struggling to find extant software to do this. Are there people doing their own publication? Or is everyone just using Hosted ARIN/RIPE/APNIC/etc. systems? My colleagues and I feel like trying to manage and automate processes against multiple RIRs is not ideal, so setting up a publication system that can use the Up-Down protocol, or perhaps publish our own publication points, or whatever is the best way to handle this would be desired. Can anyone point me to some facilitating resources on this? Software packages that are reasonably current and maintained and not a total pain to deploy? -- Jeff
Current thread:
- RPKI publication Jeff McAdams (Nov 23)
- Re: RPKI publication Alex Band (Nov 23)
- Re: RPKI publication Christopher Morrow (Nov 23)
- Re: RPKI publication Jeff McAdams (Nov 23)
- Re: RPKI publication Christopher Morrow (Nov 23)
- Re: RPKI publication Jeff McAdams (Nov 23)
- Re: RPKI publication Michael Gehrmann (Nov 26)
- Re: RPKI publication Jeff McAdams (Nov 25)
- Re: RPKI publication Christopher Morrow (Nov 23)
- Re: RPKI publication Alex Band (Nov 23)