[RPKI-Deployers] New RPKI tool from NLnet Labs: RTRTR

Chris Morrow morrowc at google.com
Thu Nov 12 10:27:53 EST 2020 

On Thu, Nov 12, 2020 at 7:54 AM Job Snijders <job at ntt.net> wrote:
>
> Hi,
>
> We've been using GoRTR for this type of functionality for some time now
> Though, I think using HTTPS to fanout from validator to RTR servers is
> simpler and more robust than using RTR as origin fetching mechanism. :-)
>
> Where they mention "IRR data" worries me a bit, as it absolutely is not
> wise to use IRR data as input to the RFC 6811 Origin Validation process.
> The semantic meaning of IRR objects is different than RPKI ROAs, making
> such objects unsuitable to pump into an 'RPKI-To-Router' application.

it sounded, to me, like one goal of this new tool was to digest 'a
bunch of data sources' and build route filters to put in your config.


>
> Kind regards,
>
> Job
>
> On Wed, Nov 11, 2020 at 11:53:57PM +0000, Compton, Rich A wrote:
> > “RTRTR<https://github.com/NLnetLabs/rtrtr> is a tool that collects, processes, and distributes data for route filtering. It reads data from various sources, such as validated RPKI data, IRR data, or local rules, allows selecting, filtering, and otherwise manipulating this data, and finally feeds it to routers either via protocols such as RTR or through generated configuration files.
> >
> > For larger networks, RTRTR is an ideal companion to Routinator. For example, it is possible to centralise validation performed by Routinator and have RTRTR running in various Points-of-Presence (PoPs) around the world to which routers can connect.”
> > https://www.nlnetlabs.nl/projects/rpki/rtrtr/
> >
> >
> > Rich Compton    |     Principal Eng     |    314.596.2828
> > 8560 Upland Drive,   Suite B  |  Englewood, CO 80112
> >
> > E-MAIL CONFIDENTIALITY NOTICE:
> > The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
>
> > --
> > RPKI-Deployers mailing list
> > RPKI-Deployers at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/rpki-deployers
>
> --
> RPKI-Deployers mailing list
> RPKI-Deployers at puck.nether.net
> https://puck.nether.net/mailman/listinfo/rpki-deployers

More information about the RPKI-Deployers mailing list