We run a RPKI monitor that examines various statistics of the emerging RPKI and its relationship to global BGP trace data. Aspects of the RPKI-BGP component are similar to some of the other monitors, the RPKI analysis component offers some new data and visualizations of emerging RPKI structure and usage. Both views offer global and per-region statistics and the ability to compare statistics across regions. We continue to add new analysis modules to the monitor. For details see: http://rpki-monitor.antd.nist.gov
There is a new release of our BGP-SrX (quagga) origin validation prototype (v 0.3.1) that now contains full support for signaling validation state with community attributes (draft-ietf-sidr-origin-validation-signaling-04) along with some bug fixes. Source and binary installs available below: http://bgpsrx.antd.nist.gov/ At the same site, there is also a stub, pre-release of a BGPSEC prototype. Mainly offered as an early interoperability tester for BGPSEC session negotiation and BGPSEC_Path attribute generation and validation. Router keys are self-signed and stored in a local file (i.e., no rpki-to-router support for router keys yet). For now, there is just a binary release and instruction file to operate prototype as an interop test tool. Router Diagnostic commands have been extended to display BGPSEC information, e.g.: =============== bgpd# show ip bgp 10.40.0.0/16 BGP routing table entry for 10.40.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 2030 40 SRx Information: Update ID: 0.09A2630D Validation: prefix-origin: valid path: valid bgpsec: valid (combination of prefix-origin and path validation) PathType: BGPSEC-Path ( 1 signature blocks, each with 2 path segments) signature block #1: algorithm suite id 1 path segment 1: as=2030; pcount=1 signature segment [1]: block 1, ski=97E8EEC56E7C8AE22866D218B0E4D40416EC4EFA path segment 2: as=40; pcount=1 signature segment [1]: block 1, ski=A509AE9ED377CC31AED01E820670DF9CC781DA9F 10.0.1.2 from 10.0.1.2 (10.0.1.2) Origin IGP, localpref 100, valid, external, best Last Update: Mon May 5 08:42:37 2014 ================ Once we add new rpki-to-router (draft-austein-sidr-rpki-rtr-rfc6810bis-01) support and do further robustness testing, we will release full source for this functionality too. ‹ Doug Montgomery, Mgr Internet & Scalable Systems Research @ NIST / ITL / ANTD _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
