How to use ROA/RPKI ?
Arnaud Fenioux
afenioux at gmail.com
Wed Apr 10 16:22:11 CEST 2013
Hello all,
I would like to use ROA filtering on my bird setup to reject invalid
prefixes announced by my peers.
I know there is currently no easy way to bind bird to an RPKI validator,
right?
I have to create a table in my conf file with
"roa table roa_table_name"
I have read (
https://ripe65.ripe.net/presentations/191-BIRD-20120926-OF-RIPE-EIX.pdf) there
is a way to populate dynamically this table.
How can I do that? "roa add" in cli?
Is there a way to flush the table?
I have also read (https://github.com/BIRD/bird/blob/master/filter/test.conf)
I can use roa_check().
Can I do a filter like this?
protocol bgp my_peer {
local as 65000;
neighbor 192.0.2.1 as 65001;
import filter peer_in;
}
filter peer_in {
if roa_check(roa_table_name, net, bgp_path.last) = ROA_INVALID then reject;
accept;
}
Cheers!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20130410/e16877b4/attachment.html>
More information about the Bird-users
mailing list