1
0
Fork 0
Go to file
netravnen f8d989485a Ensure *.ext is quoted in git add operation 2023-07-30 12:21:30 +00:00
lib fix old dn42 url 2020-07-23 20:03:39 +00:00
.gitignore Update gitignore 2019-01-04 14:40:32 +00:00
README.md fix old dn42 url 2020-07-23 20:03:39 +00:00
rfc8416.php Update roagenerator, check if ASN & prefix is not zero 2023-07-30 12:21:11 +00:00
roagen.php Update roagenerator, check if ASN & prefix is not zero 2023-07-30 12:21:11 +00:00
update.sh Ensure *.ext is quoted in git add operation 2023-07-30 12:21:30 +00:00

README.md

dn42-roagen

This ROA generator honors the following principles:

  • All routes listed with origin AS0 is per RFC 6483 section 4 set with max-length to /128 (v6) or /32 (v4). This is done intentionally to fail ROA validaton and thereby avoid the prefix being routed inside DN42. This is desible if a prefix is e.g. only intended for use with eBGP direct peering.
  • This ROA generator is compliant with max-length value in route(6) objects present in the registry. If no max-length is set for a given route(6) object. The legacy max-length is used. This is /28 (v4) or /64 (v6).

Requirements for running

  1. Verify curl, git, bash, and php is installed.
  2. mkdir -p ~/dn42/.
  3. cd ~/dn42/.
  4. git clone https://git.dn42.dev/as4242420144/roagen.git.
  5. git clone https://git.dn42.dev/dn42/registry.git.
  6. git -C registry/ remote rename origin upstream && git -C registry/ fetch --all
  7. Verify everything work by running cd ~/dn42/roagen/ && ./update.sh.
  8. In $USER crontab file put @daily cd ~/dn42/roagen/ && ./update.sh. Finetune time between runs to your liking.

NB: The roagen.php script is written with the paths to the dn42 registry folder being both git repositories reside in the same parent folder.

$ tree -L 3 ~/dn42/
/home/$USER/dn42/
|-- registry
|   |-- README.md
|   |-- check-my-stuff
|   |-- check-pol
|   |-- check-remote
|   |-- data
|   |   |-- as-block
|   |   |-- as-set
|   |   |-- aut-num
|   |   |-- dns
|   |   |-- filter.txt
|   |   |-- filter6.txt
|   |   |-- inet6num
|   |   |-- inetnum
|   |   |-- key-cert
|   |   |-- mntner
|   |   |-- organisation
|   |   |-- person
|   |   |-- registry
|   |   |-- role
|   |   |-- route
|   |   |-- route-set
|   |   |-- route6
|   |   |-- schema
|   |   |-- tinc-key
|   |   `-- tinc-keyset
|   |-- fmt-my-stuff
|   |-- install-commit-hook
|   `-- utils
|       `-- schema-check
`-- roagen
    |-- README.md
    |-- lib
    |   |-- define.php
    |   `-- functions.php
    |-- rfc8416.php
    |-- roa
    |   |-- README.md
    |   |-- bird4_roa_dn42.conf
    |   |-- bird4_route_dn42.conf
    |   |-- bird6_roa_dn42.conf
    |   |-- bird6_route_dn42.conf
    |   |-- bird_roa_dn42.conf
    |   |-- bird_route_dn42.conf
    |   |-- export_dn42.json
    |   `-- export_rfc8416_dn42.json
    |-- roagen.php
    `-- update.sh