dn42/wiki
1
Fork 0
mirror of https://git.dn42.dev/wiki/wiki.git synced 2024-11-23 07:43:29 +01:00
Code Releases Activity

Updated OpenBGPD (markdown)

Browse Source
This commit is contained in:
DN42 Wiki (BURBLE-MNT) 2021-05-19 12:30:26 +00:00
parent aa978b3a9a
commit 8b11f11009
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
howto/OpenBGPD.md
View File

@ -100,13 +100,19 @@ match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
```
# ROA
OpenBSD ships with [rpki-client(8)](http://man.openbsd.org/rpki-client.8) which nicely integrates with **bgpd**.
Since DN42 emulates an IRR WHOIS service through the registry repository instead of providing an RPKI repository, this tool cannot be used.
Instead, [a shell script](https://t4-2.high5.nl/pub/dn42/generate_roa-set.sh) parses route objects from the registry repository and generates a `roa-set {...}` block that is to be included in the main configuration file.
An roa-set can be generated from the registry directly or you can use the following pre-build tables.
One single `roa-set` may be defined, against which **bgpd** will validate the origin of each prefix; this allows filter rules to use the `ovs` keyword as demonstrated above.
ROA files generated by [dn42regsrv](https://git.dn42.dev/burble/dn42regsrv) are available from burble.dn42:
|URL| IPv4/IPv6 |
|---|---|
|[https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf](https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf)   |  Both  |
|[https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf](https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf)   |  IPv4 Only  |
|[https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf](https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf)   |  IPv6 Only  |
`/etc/dn42.roa-set` is the generated set:
```
roa-set {