Add proper support for RFC 8210 (BGPSEC) #57
Comments
benjojo
changed the title
benjojo
added a commit
that referenced
this issue
Feb 21, 2023
Tag: #57 This is not a good patch, however it does work. What I will do is instead of merging this patch, I will write a new one based on what I have learned on writing this one. Most critically. I will not do what I have done here, and extend bgpsec keys as it's own family of things since VRPManager. Since when we do ASPA, that will add even round of things to VRPManager. So instead I will make VRPManager a thing that serves generic things rather than just VRPs. Make VRPs a thing, BGPSecKeys and ASPA
|
Basic POC written: commit d44a5d5 (HEAD -> bgpsec-poc-bad, origin/bgpsec-poc-bad) |
benjojo
added a commit
that referenced
this issue
Feb 21, 2023
This imports and exports BGPsec router key data, and exports router key data out over RTR to supporting clients (any version higher than 1) Since it's obvious that at some point there will be clients that will have issues seeing a RouterKey PDU for the first time ever, I've included a -disable.bgpsec flag to prevent them from being sent. That way if someone is caught off guard during an upgrade, they can disable it and keep upgrading. Tag: #57
benjojo
added a commit
that referenced
this issue
Feb 21, 2023
|
Last bit is to add BGPsec support to rtrmon |
|
Probably best if rtrmon can use the same data structures?
It is now completely separate and that leads to extra work for everything
that is added.
…On Tue, Feb 21, 2023, 23:17 Ben Cox ***@***.***> wrote:
Last bit is to add BGPsec support to rtrmon
—
Reply to this email directly, view it on GitHub
<#57 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABQTET2TDGVGPJP7W7VOILWYU5H7ANCNFSM5JGYA5QA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
It kinda already does use as much as possible, since RTRMon has the compare feature the needs for rtrmon are quite different to the rest of the tools |
benjojo
added a commit
that referenced
this issue
Feb 22, 2023
It is not pretty, I didnt really want to overhaul the whole tool since I also use this tool to test my own releases of stayrtr. So instead bgpsec router keys are injected as "special" VRPs. Since RTRMon is not complying to a standard, I feel we can be more flexible here. Tag: #57
|
BGPsec support is in master branch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think RFC 8210 section 6 was implemented, but
Router Keysare not yet picked up from the JSON and converted into RTR PDUs (Section 5.10). An example Router Key is available under the RIPE TA. Thepubkeyfield contains the SPKI in base64 encoded form.The text was updated successfully, but these errors were encountered: