adding bgpsec to bird
Matthias Waehlisch
waehlisch at ieee.org
Tue Mar 20 22:15:52 CET 2012
Hi Ondrej,
On Tue, 20 Mar 2012, Ondrej Zajicek wrote:
> > do you also intend to implement prefix origin validation according
> > to IETF/SIDR specs?
> >
> > Maybe as a side note: We implemented the RTR protocol as a
> > lightweight and very efficient C library, which allows to exchange
> > validated ROAs between cache and router and to perform origin
> > validation.
>
> We have beta ROA checking in GIT code and will be a part of the next
> release, which will be in a few days. Currently, it is just a local
> part (ROA data structure and filters with possibility to statically
> configure ROAs or add/remove them dynamically using birdc),
> integration with RPKI / RTR exchange protocol is planned to be added
> later, i will probably embed or reuse your library.
>
great! If you need any insights into to lib or if you have suggestions
for improvements, please let me know! We are defintely open for
collaboration.
> BTW, if i remember correctly, connection between router and RPKI cache
> is required to be SSH protected, how do you handle that in your
> library? Reuse external SSH tool, library or integrate all the
> cryptography?
>
SSH is not mandatory. We support SSH based on the libssh.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehlisch at ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
More information about the Bird-users
mailing list