2018-07-26 16:44:06 +02:00
# :rocket: Routinator 3000.
2018-07-26 16:46:07 +02:00
[](https://travis-ci.com/NLnetLabs/routinator)
2018-07-02 11:00:56 +02:00
2018-07-24 10:53:46 +02:00
Introducing ‘ ’
2018-09-06 19:45:30 +02:00
written in Rust.
We are working towards a full production release over the
2018-09-06 18:20:44 +02:00
next few months. Features on the roadmap are:
* [x] Fetch certificates and ROAs via rsync
* [x] Perform crypotographic validation
* [x] Export validated ROAs in CSV, JSON and RPSL format
* [ ] Exhaustive interoperability and compliance testing
* [ ] Implement the RPKI-RTR protocol for pushing RPKI data to supported routers ([RFC 6810 ](https://tools.ietf.org/html/rfc6810 ))
* [ ] Implement the RRDP protocol for fetching ([RFC 8182 ](https://tools.ietf.org/html/rfc8182 ))
* [ ] Add local exceptions and overrides
* [ ] Implement a basic web-based user interface and Command Line Interface
* [ ] Expose an API
* [ ] Add the ability to process Internet Routing Registry data
* [ ] Integration with alerting and monitoring services so that route hijacks, misconfigurations, connectivity and application problems can be flagged.
2018-07-02 11:00:56 +02:00
2018-07-24 10:53:46 +02:00
## RPKI
The Resource Public Key Infrastructure provides cryptographically signed
statements about the association of Internet routing resources. In
particular, it allows the holder of an IP address prefix to publish which
AS number will be the origin of BGP route announcements for it.
All of these statements are published in a distributed repository. The
Routinator 3000 will collect these statements into a local copy, validate
their signatures, and output a list of associations between IP address
prefixes and AS numbers in a number of useful formats.
## Getting Started
There’
the former because the RPKI repository currently uses rsync as its main
means of distribution. You need the latter because that’
Routinator has been written in. Since this currently is a very early
experimental version, we decided not to distribute binary packages just
yet. But don’
### rsync
Currently, Routinator requires the `rsync` executable to be in your path.
We are not quite sure which particular version you need at the very least,
but whatever is being shipped with current Linux and \*BSD distributions
2018-07-26 22:52:31 +02:00
and macOS should be fine.
2018-07-24 10:53:46 +02:00
If you don’
### Rust
The easiest and canonical way to install Rust on your machine and maintain
that installation is a tool called *rustup.* While some distributions
include Rust packages, we kind of rely on very recent stable releases at
this point, so using rustup is preferred.
If you feel lucky, simply do:
2018-07-02 11:00:56 +02:00
```bash
curl https://sh.rustup.rs -sSf | sh
```
2018-07-24 10:53:46 +02:00
or, alternatively, get the file, have a look and then run it manually.
Follow the instructions to get rustup and cargo, the rust build tool, into
2018-07-02 18:17:14 +02:00
your path.
2018-07-02 11:00:56 +02:00
2018-07-24 10:53:46 +02:00
You can update your Rust installation later by simply running
2018-07-02 18:17:14 +02:00
```bash
rustup update
```
2018-07-24 14:07:53 +02:00
### C Toolchain
Some of the libraries Routinator depends on require a C toolchain to be
present. Your system probably has some easy way to install the minimum
set of packages to build from C sources. If you are unsure, try to run
`cc` on a command line and if there’
files, you are probably good to go.
2018-07-20 14:32:59 +02:00
## Building and Running
2018-07-02 18:17:14 +02:00
In the directory you cloned this repository to, say
2018-07-02 11:00:56 +02:00
```bash
cargo build
```
This will build the whole thing (or fail, of course). If it succeeds, you
can run
```bash
cargo run
```
to run the binary that has been built. At this point, it will rsync all
2018-07-24 15:27:48 +02:00
repository instances into `./rpki-cache/repository` and validate them.
When running, you might get rsync errors, such as from rpki.cnnic.cn.
You can ignore these. Certainly, Routinator will.
2018-07-20 14:32:59 +02:00
To get a better performance, build and run in release mode like so:
```bash
cargo run --release
```
2018-07-02 11:00:56 +02:00
2018-07-26 22:52:31 +02:00
It will then take forever to build but is quick to run, taking less than a
tenth (!) of the time for validation.
2018-07-20 14:32:59 +02:00
There is a number of command line options available. You can have cargo pass
them to the executable after a double hyphen. For instance, if to find out
about them, run
```bash
2018-07-24 15:27:48 +02:00
cargo run --release -- -h
2018-07-20 14:32:59 +02:00
```
2018-07-24 10:53:46 +02:00
2018-07-24 15:27:48 +02:00
When playing with these options, you might find `-n` useful. It will
2018-07-26 22:52:31 +02:00
cause Routinator to skip the rsync-ing of the repository –
be unnecessary if you re-run in quick succession.
2018-07-24 15:27:48 +02:00
2018-07-26 11:12:02 +02:00
## The Local Copy of the RPKI Repository
Routinator keeps a local copy of RPKI repository it collected for
validation. Its location can be specified with the `-c` command line
option. By default, this is the directory `rpki-cache` in the current
directory.
In there, Routinator expects to find the trust anchors in a sub-directory
called `tal` . Each file in that directory should be a Trust Anchor Locator
(TAL) as defined in RFC 7730.
The source repository contains an example of such an `rpki-cache` with the
2018-07-26 22:52:31 +02:00
current TALs of the five RIRs present. If you want to add additional trust
anchors, just drop their associated TAL files into that location.
2018-07-26 11:12:02 +02:00
