Changes in a5136b7: Created ROA (markdown)

				ROA-slash-RPKI.md
			
          @@ -0,0 +1,62 @@

          +[[_TOC_]]

          +

          +

          +## What is ROA?

          +

          +A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.

          +

          +## What is RPKI?

          +

          +Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.  

          +It provides a way to connect number resource information to a trust anchor.

          +

          +## What is RTR?

          +

          +The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.  

          +It provides the router with validity information regarding prefix origination:  

          +

          +* VALID  

          +  The route announcement is covered by a ROA and the announcing AS is validated

          +* INVALID  

          +  The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)

          +* UNKNOWN  

          +  There exists no ROA for the route announcement

          + 

          +## How can I implement ROA on dn42?

          +

          +On dn42 we generate ROA information from the dn42 registry.  

          +ROA json/bird files can be generated using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).

          +It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr).

          +

          +### dn42regsrv 

          +

          +You can find a hosted example of dn42regsrv at https://explorer.burble.com/ 

          +

          +Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.dn42.us/burble/dn42regsrv). 

          +     

          +You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):

          +

          +    git checkout https://git.dn42.us/burble/dn42regsrv.git .

          +    cd contrib/docker

          +    docker-compose build

          +    docker-compose up -d

          +  

          +Documentation for the api endpoints can be found here: https://git.dn42.us/burble/dn42regsrv/src/master/API.md

          +

          +### gortr

          +

          +burble kindly provides ready-to-use files for gortr here:

          +

          +https://dn42.burble.com/roa/dn42_roa_46.json

          +

          +You can use these to simply run gortr via docker:

          +

          +    docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082

          +

          +### This is all to complicated, is there an easy all-in-one package for RTR?

          +

          +TODO: Publish docker-compose-yml to git for gortr+dn42regsrv

          +

          +### How do I integrate RTR with my BGP implementation

          +

          +You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.

          \ No newline at end of file

...	...	@@ -0,0 +1,62 @@
	1	+[[_TOC_]]
	2	+
	3	+
	4	+## What is ROA?
	5	+
	6	+A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.
	7	+
	8	+## What is RPKI?
	9	+
	10	+Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.
	11	+It provides a way to connect number resource information to a trust anchor.
	12	+
	13	+## What is RTR?
	14	+
	15	+The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.
	16	+It provides the router with validity information regarding prefix origination:
	17	+
	18	+* VALID
	19	+ The route announcement is covered by a ROA and the announcing AS is validated
	20	+* INVALID
	21	+ The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)
	22	+* UNKNOWN
	23	+ There exists no ROA for the route announcement
	24	+
	25	+## How can I implement ROA on dn42?
	26	+
	27	+On dn42 we generate ROA information from the dn42 registry.
	28	+ROA json/bird files can be generated using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
	29	+It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr).
	30	+
	31	+### dn42regsrv
	32	+
	33	+You can find a hosted example of dn42regsrv at https://explorer.burble.com/
	34	+
	35	+Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
	36	+
	37	+You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):
	38	+
	39	+ git checkout https://git.dn42.us/burble/dn42regsrv.git .
	40	+ cd contrib/docker
	41	+ docker-compose build
	42	+ docker-compose up -d
	43	+
	44	+Documentation for the api endpoints can be found here: https://git.dn42.us/burble/dn42regsrv/src/master/API.md
	45	+
	46	+### gortr
	47	+
	48	+burble kindly provides ready-to-use files for gortr here:
	49	+
	50	+https://dn42.burble.com/roa/dn42_roa_46.json
	51	+
	52	+You can use these to simply run gortr via docker:
	53	+
	54	+ docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082
	55	+
	56	+### This is all to complicated, is there an easy all-in-one package for RTR?
	57	+
	58	+TODO: Publish docker-compose-yml to git for gortr+dn42regsrv
	59	+
	60	+### How do I integrate RTR with my BGP implementation
	61	+
	62	+You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.
...	...	\ No newline at end of file