| 목차 |
|---|
Ref
https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/tools-and-resources/
| GitHub | Docker | Manual | ||
|---|---|---|---|---|
| Routinator | https://github.com/NLnetLabs/routinator | https://hub.docker.com/r/nlnetlabs/routinator | https://routinator.docs.nlnetlabs.nl/en/stable/installation.html | |
| Fort | https://github.com/rpki-clientNICMx/rpki-client-containerhttps://github.com/rpki-client/rpki-client-grafanaFORT-validator/ | https://hub.docker.com/r/rpkinicmx/rpkifort-clientvalidator | Fort | https://nicmx.github.comio/NICMx/FORT-validator/ |
| StayRTR | https://github.com/bgp/cloudflarestayrtr/cfrpki | Prover | https://githubhub.docker.com/lolepezyr/rpki/stayrtr | |
| RPKI- | prover
Routinator
| 코드 블럭 |
|---|
mkdir -p /opt/routinator
cd /opt/routinator
vi docker-compose.yml
docker compose up -d |
| client | https://hub.docker.com/r/rpki/rpki-client | ||
|---|---|---|---|
OctoRPKI (Deprecated) | |||
| Prover | https://github.com/lolepezy/rpki-prover |
Routinator
| 코드 블럭 |
|---|
mkdir -p /opt/routinator
cd /opt/routinator
vi docker-compose.yml
docker compose up -d |
| 코드 블럭 | ||||||
|---|---|---|---|---|---|---|
| ||||||
services:
routinator | ||||||
| 코드 블럭 | ||||||
| ||||||
services: routinator: image: nlnetlabs/routinator container_name: routinator restart: unless-stopped ports: image: nlnetlabs/routinator - 3323:3323 # RTR portcontainer_name: routinator restart: unless-stopped ports: - 3323:3323 # RTR port - 8323:8323 # HTTP port volumes: - cache:/home/routinator/.rpki-cache environment: - TZ=Asia/Seoul volumes: cache: |
...
| 코드 블럭 |
|---|
# routinator --tal=list
.---- RIR TALs
| .- RIR test TALs
V V
X afrinic AFRINIC production TAL
X apnic APNIC production TAL
X arin ARIN production TAL
X lacnic LACNIC production TAL
X ripe RIPE production TAL
X apnic-testbed APNIC RPKI Testbed
X arin-ote ARIN Operational Test and Evaluation Environment
X ripe-pilot RIPE NCC RPKI Test Environment
nlnetlabs-testbed NLnet Labs RPKI Testbed |
...
Fort
| 코드 블럭 |
|---|
mkdir -p /opt/rpki-clientfort cd /opt/rpki-clientfort vi docker-compose.yml docker compose up -d |
| 코드 블럭 | ||||||
|---|---|---|---|---|---|---|
| ||||||
services:
rpki-client:
image: rpkinicmx/rpkifort-clientvalidator
container_name: rpkifort-clientvalidator
restart: unless-stopped
ports:
- 9099:9099
volumes:
- tals./config.json:/etc/talsfort/fort.conf
- outputtals:/varetc/libfort/rpki-clienttal
- cache:/var/cachelocal/rpki-clientfort
environmentports:
- TZ=Asia/Seoul
volumes:
tals: 3323:323 # RTR port
output:
cache: | ||||||
| 코드 블럭 | ||||||
(HOST) # docker ps -a CONTAINER IDenvironment: IMAGE - TZ=Asia/Seoul volumes: COMMAND CREATED STATUS PORTS NAMES 3bd59461cc28 rpki/rpki-client "/entrypoint.sh rpki…" 8 minutes ago Up 8 minutes (healthy) 9099/tcp rpki-client (HOST) # docker exec -it rpki-client /bin/sh (CONTAINER) / # ps auxf tals: cache: |
https://nicmx.github.io/FORT-validator/usage.html#--configuration-file
| 코드 블럭 | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"tal":"/etc/fort/tal",
"local-repository":"/var/local/fort"
"mode": "server",
"work-offline": false,
"daemon": false,
"log": {
"enabled": true,
"output": "console",
"level": "info",
"tag": "Operation",
"facility": "daemon",
"file-name-format": "global-url",
"color-output": false
},
"validation-log": {
"enabled": false,
"output": "console",
"level": "warning",
"tag": "Validation",
"facility": "daemon",
"file-name-format": "global-url",
"color-output": false
}
} |
| 코드 블럭 |
|---|
(HOST) # docker exec -it fort-validator /bin/sh (CONTAINER) / # ps auxf PID USER TIME COMMAND 1 root 0:00 multiruntini /rpki-client.shg rpki--client -Bfort -c -j -m -o -v haproxy -fconfiguration-file /etc/haproxyfort/haproxyfort.cfgconf -q -W -S /run/haproxy.sock 13 7 root 01:00 {rpki-client.sh} /bin/sh /rpki-client.sh rpki-client -B -c -j -m -o -v 14 root 0:00 haproxy -f /etc/haproxy/haproxy.cfg -q -W -S /run/haproxy.sock 84 haproxy 0:00 haproxy -sf 22 -x sockpair@4 -f /etc/haproxy/haproxy.cfg -q -W -S /run/haproxy.sock 89 root 0:00 sleep 600 |
| 코드 블럭 |
21 fort --configuration-file /etc/fort/fort.conf |
| 코드 블럭 |
|---|
# docker logs -f fort-validator
Jun 11 08:50:37 INF [Operation]: fort 1.6.2
Jun 11 08:50:37 INF [Operation]: Configuration {
Jun 11 08:50:37 INF [Operation]: tal: /etc/fort/tal
Jun 11 08:50:37 INF [Operation]: local-repository: /var/local/fort
Jun 11 08:50:37 INF [Operation]: shuffle-uris: false
Jun 11 08:50:37 INF [Operation]: maximum-certificate-depth: 32
Jun 11 08:50:37 INF [Operation]: slurm: (null)
Jun 11 08:50:37 INF [Operation]: mode: server
Jun 11 08:50:37 INF [Operation]: work-offline: false
...
Jun 11 08:50:37 INF [Operation]: }
Jun 11 08:50:37 INF [Operation]: Main loop: Starting...
Jun 11 08:50:37 INF [Operation]: [::]:323: Setting up socket...
Jun 11 08:50:37 INF [Operation]: [::]:323: Success.
Jun 11 08:50:37 INF [Operation]: The cache appears to have been built by a different version of Fort. I'm going to clear it, just to be safe. |
RPKI-client
https://academy-training-wiki-media.storage.googleapis.com/_media/rpki20211109/rpki-client_lab.pdf
| 코드 블럭 |
|---|
mkdir -p /opt/rpki-client
cd /opt/rpki-client
vi docker-compose.yml
docker compose up -d |
| 코드 블럭 | ||||||
|---|---|---|---|---|---|---|
| ||||||
services:
rpki-client:
image: rpki/rpki-client
container_name: rpki-client
restart: unless-stopped
ports:
- 9099:9099
volumes:
- tals:/etc/tals
- output:/var/lib/rpki-client
- cache:/var/cache/rpki-client
environment:
- TZ=Asia/Seoul
volumes:
tals:
output:
cache: |
| 코드 블럭 |
|---|
(HOST) # docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3bd59461cc28 rpki/rpki-client "/entrypoint.sh rpki…" 8 minutes ago Up 8 minutes (healthy) 9099/tcp rpki-client
(HOST) # docker exec -it rpki-client /bin/sh
(CONTAINER) / # ps auxf
PID USER TIME COMMAND
1 root 0:00 multirun /rpki-client.sh rpki-client -B -c -j -m -o -v haproxy -f /etc/haproxy/haproxy.cfg -q -W -S /run/haproxy.sock
13 root 0:00 {rpki-client.sh} /bin/sh /rpki-client.sh rpki-client -B -c -j -m -o -v
14 root 0:00 haproxy -f /etc/haproxy/haproxy.cfg -q -W -S /run/haproxy.sock
84 haproxy 0:00 haproxy -sf 22 -x sockpair@4 -f /etc/haproxy/haproxy.cfg -q -W -S /run/haproxy.sock
89 root 0:00 sleep 600 |
| 코드 블럭 |
|---|
(HOST) # cd /var/lib/docker/volumes/rpki-client_output/_data
(HOST) # ls -alh
total 116M
drwxr-sr-x 2 900 900 4.0K 2024-06-10 Mon 17:30:38 .
drwx-----x 3 root root 4.0K 2024-06-10 Mon 16:56:15 ..
-rw-r--r-- 1 900 900 17M 2024-06-10 Mon 17:30:37 bird
-rw-r--r-- 1 900 900 13M 2024-06-10 Mon 17:30:37 bird1v4
-rw-r--r-- 1 900 900 3.3M 2024-06-10 Mon 17:30:37 bird1v6
-rw-r--r-- 1 900 900 18M 2024-06-10 Mon 17:30:37 csv
-rw-r--r-- 1 900 900 43M 2024-06-10 Mon 17:30:38 json
-rw-r--r-- 1 900 900 469K 2024-06-10 Mon 17:30:38 metrics
-rw-r--r-- 1 900 900 23M 2024-06-10 Mon 17:30:36 openbgpd
(HOST) # tail -n 10 csv
AS37100,2c0f:feb1::/32,48,afrinic,1718150685
AS36959,2c0f:feb8::/32,32,afrinic,1718150685
AS22822,2c0f:fed8::/32,48,afrinic,1718150685
AS37277,2c0f:fed8::/32,48,afrinic,1718150685
AS26506,2c0f:fed8:2::/48,48,afrinic,1718150685
AS36958,2c0f:fef0::/32,48,afrinic,1718150685
AS37334,2c0f:ff30::/32,64,afrinic,1718150685
AS3741,2c0f:ff40::/26,48,afrinic,1718150685
AS10474,2c0f:ff40::/26,48,afrinic,1718150685
AS37105,2c0f:ffd8::/32,32,afrinic,1718150685 |
etc
https://github.com/inex/IXP-Manager
https://github.com/inex/IXP-Manager/blob/master/docker-compose.yml
https://academy.apnic.net/en/events?id=a0B2e000000dWAW
https://blog.apnic.net/2022/04/06/how-to-installing-an-rpki-validator-2/
https://academy.apnic.net/en/virtual-labs