...
Routinator
| 코드 블럭 |
|---|
mkdir -p /opt/routinator
cd /opt/routinator
vi docker-compose.yml
docker compose up -d |
Routinator
| 코드 블럭 |
|---|
mkdir -p /opt/routinator
cd /opt/routinator
vi docker-compose.yml
docker compose up -d |
| 코드 블럭 |
|---|
| language | yml |
|---|
| title | /opt/routinator/docker-compose.yml |
|---|
| linenumbers | true |
|---|
|
services:
routinator:
image: nlnetlabs/routinator
container_name: routinator
restart: unless-stopped
ports: |
| 코드 블럭 |
|---|
| language | yml |
|---|
| title | /opt/routinator/docker-compose.yml |
|---|
| linenumbers | true |
|---|
|
services:
routinator:
image: nlnetlabs/routinator
container_name: routinator
restart: unless-stopped
ports:
- 3323:3323 # RTR port
- 3323:3323 # RTR port
- 8323:8323 # HTTP port
volumes:
- cache:/home/routinator/.rpki-cache
environment:
- TZ=Asia/Seoul
volumes:
cache: |
| 코드 블럭 |
|---|
# docker logs -f routinator
[WARN] rsync://repository.lacnic.net/rpki/: @ERROR: max connections (300) reached -- try again later
[WARN] rsync://repository.lacnic.net/rpki/: rsync error: error starting client-server protocol (code 5) at main.c(1859) [Receiver=3.2.7]
[WARN] No valid trust anchor for TAL lacnic
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/ACCD9BA21FE611EFA3C32B487DDC24C2.roa: certificate has expired.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/409A3962171811EFA4D9B319017001B1.roa: certificate has expired.
...
[WARN] RRDP https://rov-measurements.nlnetlabs.net/rrdp/notification.xml: error sending request for url (https://rov-measurements.nlnetlabs.net/rrdp/notification.xml): connection closed before message completed
[WARN] rsync://rpki.qs.nu/repo/cyntest/2/FF0595CB477C33B6B94C7E477213C842A6067D6B.mft: certificate has expired.
... |
| 코드 블럭 |
|---|
(HOST) # docker exec -it routinator /bin/sh.
(CONTAINER) / $ ps auxf
PID USER TIME COMMAND
1 routinat 0:00 /sbin/tini -- routinator server --rtr 0.0.0.0:3323 --http 0.0.0.0:8323 --http 0.0.0.0:9556
7 routinat 0:58 routinator server --rtr 0.0.0.0:3323 --http 0.0.0.0:8323 --http 0.0.0.0:9556
46 routinat 0:00 rsync --contimeout=10 --max-size=20000000 -rltz --delete rsync://rpki.netiface.net/repo/ /home/routinator/.rpki-cache/repository/rsync/rpki.netiface.net/repo/ |
| 코드 블럭 |
|---|
|
alias routinator='docker exec -it routinator routinator' |
| 코드 블럭 |
|---|
# routinator config
repository-dir = "/home/routinator/.rpki-cache/repository"
exceptions = []
strict = false
stale = "reject"
unsafe-vrps = "accept"
unknown-objects = "warn"
allow-dubious-hosts = false
disable-rsync = false
rsync-command = "rsync"
rsync-timeout = 300
disable-rrdp = false
rrdp-fallback = "stale"
rrdp-fallback-time = 3600
rrdp-max-delta-count = 100
rrdp-timeout = 300
rrdp-tcp-keepalive = 60
rrdp-root-certs = []
rrdp-proxies = []
max-object-size = 20000000
max-ca-depth = 32
enable-bgpsec = false
dirty = false
validation-threads = 4
refresh = 600
retry = 600
expire = 7200
history-size = 10
rtr-listen = []
rtr-tls-listen = []
http-listen = []
http-tls-listen = []
systemd-listen = false
rtr-tcp-keepalive = 60
rtr-client-metrics = false
log-level = "WARN"
log = "default"
syslog-facility = "daemon" |
/rrdp/notification.xml): connection closed before message completed
[WARN] rsync://rpki.qs.nu/repo/cyntest/2/FF0595CB477C33B6B94C7E477213C842A6067D6B.mft: certificate has expired.
... |
| 코드 블럭 |
|---|
(HOST) # docker exec -it routinator /bin/sh.
(CONTAINER) / $ ps auxf
PID USER TIME COMMAND
1 routinat 0:00 /sbin/tini -- routinator server --rtr 0.0.0.0:3323 --http 0.0.0.0:8323 --http 0.0.0.0:9556
7 routinat 0:58 routinator server --rtr 0.0.0.0:3323 --http 0.0.0.0:8323 --http 0.0.0.0:9556
46 routinat 0:00 rsync --contimeout=10 --max-size=20000000 -rltz --delete rsync://rpki.netiface.net/repo/ /home/routinator/.rpki-cache/repository/rsync/rpki.netiface.net/repo/ |
| 코드 블럭 |
|---|
|
alias routinator='docker exec -it routinator routinator' |
| 코드 블럭 |
|---|
# routinator config
repository-dir = "/home/routinator/.rpki-cache/repository"
exceptions = []
strict = false
stale = "reject"
unsafe-vrps = "accept"
unknown-objects = "warn"
allow-dubious-hosts = false
disable-rsync = false
rsync-command = "rsync"
rsync-timeout = 300
disable-rrdp = false
rrdp-fallback = "stale"
rrdp-fallback-time = 3600
rrdp-max-delta-count = 100
rrdp-timeout = 300
rrdp-tcp-keepalive = 60
rrdp-root-certs = []
rrdp-proxies = []
max-object-size = 20000000
max-ca-depth = 32
enable-bgpsec = false
dirty = false
validation-threads = 4
refresh = 600
retry = 600
expire = 7200
history-size = 10
rtr-listen = []
rtr-tls-listen = []
http-listen = []
http-tls-listen = []
systemd-listen = false
rtr-tcp-keepalive = 60
rtr-client-metrics = false
log-level = "WARN"
log = "default"
syslog-facility = "daemon" |
| 코드 블럭 |
|---|
# routinator --tal=list
.---- RIR TALs
| .- RIR test TALs
V V
X afrinic AFRINIC production TAL
X apnic APNIC production TAL
X arin ARIN production TAL
X lacnic LACNIC production TAL
X ripe RIPE production TAL
X apnic-testbed APNIC RPKI Testbed
X arin-ote ARIN Operational Test and Evaluation Environment
X ripe-pilot RIPE NCC RPKI Test Environment
nlnetlabs-testbed NLnet Labs RPKI Testbed |
Fort
| 코드 블럭 |
|---|
mkdir -p /opt/fort
cd /opt/fort
vi docker-compose.yml
docker compose up -d |
| 코드 블럭 |
|---|
| language | yml |
|---|
| title | /opt/fort/docker-compose.yml |
|---|
| linenumbers | true |
|---|
|
services:
rpki-client:
image: nicmx/fort-validator
container_name: fort-validator
restart: unless-stopped
volumes:
- ./config.json:/etc/fort/fort.conf
- tals:/etc/fort/tal
- cache:/var/local/fort
ports:
- 3323:323 # RTR port
environment:
- TZ=Asia/Seoul
volumes:
tals:
cache: |
https://nicmx.github.io/FORT-validator/usage.html#--configuration-file
| 코드 블럭 |
|---|
| language | js |
|---|
| title | /opt/fort/config.json |
|---|
| linenumbers | true |
|---|
|
{
"tal":"/etc/fort/tal",
"local-repository":"/var/local/fort"
"mode": "server",
"work-offline": false,
"daemon": false,
"log": {
"enabled": true,
"output": "console",
"level": "info",
"tag": "Operation",
"facility": "daemon",
"file-name-format": "global-url",
"color-output": false
},
"validation-log": {
"enabled": false,
"output": "console",
"level": "warning",
"tag": "Validation",
"facility": "daemon",
"file-name-format": "global-url",
"color-output": false
}
} |
| 코드 블럭 |
|---|
(HOST) # docker exec -it fort-validator /bin/sh
(CONTAINER) / # ps auxf
PID USER TIME COMMAND
1 root 0:00 tini -g -- fort --configuration-file /etc/fort/fort.conf
7 root 1:21 fort --configuration-file /etc/fort/fort.conf |
| 코드 블럭 |
|---|
# docker logs -f fort-validator
Jun 11 08:50:37 INF [Operation]: fort 1.6.2
Jun 11 08:50:37 INF [Operation]: Configuration {
Jun 11 08:50:37 INF [Operation]: tal: /etc/fort/tal
Jun 11 08:50:37 INF [Operation]: local-repository: /var/local/fort
Jun 11 08:50:37 INF [Operation]: shuffle-uris: false
Jun 11 08:50:37 INF [Operation]: maximum-certificate-depth: 32
Jun 11 08:50:37 INF [Operation]: slurm: (null)
Jun 11 08:50:37 INF [Operation]: mode: server
Jun 11 08:50:37 INF [Operation]: work-offline: false
...
Jun 11 08:50:37 INF [Operation]: }
Jun 11 08:50:37 INF [Operation]: Main loop: Starting...
Jun 11 08:50:37 INF [Operation]: [::]:323: Setting up socket...
Jun 11 08:50:37 INF [Operation]: [::]:323: Success.
Jun 11 08:50:37 INF [Operation]: The cache appears to have been built by a different version of Fort. I'm going to clear it, just to be safe. |
| 코드 블럭 |
|---|
# routinator --tal=list
.---- RIR TALs
| .- RIR test TALs
V V
X afrinic AFRINIC production TAL
X apnic APNIC production TAL
X arin ARIN production TAL
X lacnic LACNIC production TAL
X ripe RIPE production TAL
X apnic-testbed APNIC RPKI Testbed
X arin-ote ARIN Operational Test and Evaluation Environment
X ripe-pilot RIPE NCC RPKI Test Environment
nlnetlabs-testbed NLnet Labs RPKI Testbed |
RPKI-client
https://academy-training-wiki-media.storage.googleapis.com/_media/rpki20211109/rpki-client_lab.pdf
...