This is a simple, sloppily written, program to turn the output of the following command:
routinator --enable-aspa vrps -f json -o dump.json --no-route-origins --no-router-keys
into a BIRD2 function you can use to perform ASPA validation.
(Note that to use the --enable-aspa you have to compile Routinator from source. I went over this in a blog post I wrote.)
The resulting function is named is_aspa_valid() and you can use it to drop invalid paths with the filter line:
if (!is_aspa_valid()) then reject;
To run, supply an input file via the --input/-i flag. This file should be the JSON output from the routinator vrps command with ASPA enabled.
By default, the resulting function will be written to stdout. If you'd like to write it to a file you can supply an output path in the --output/-o flag.
The --verbose/-v flag will show warnings.
The --help/-h flag will show the following help menu:
Usage: ./gen [OPTIONS]
Options:
--help, -h Show this menu.
--verbose, -v Show warnings.
--input, -i The input file generated by \`routinator\`. (required)
--output, -i The file to output the BIRD2 function to.
--strict, -s Consider paths without ASPA invalid (NOT RECOMMENDED).
⚠️ Strict mode is NOT RECOMMENDED for ANY use case.
By default the program runs with strict mode turned off. This means that if an ASN hasn't published any ASPA 'certificates' (are they called that?) their routes won't be filtered out.
If you turn strict mode on then the resulting function will always return false unless a previous condition (a.k.a. an ASPA 'certificate' exists) returns true.
This is as easy as running the following command, though you will need to install Deno:
deno compile --allow-read --allow-write ./gen.ts
You can also download a pre-built binary from the releases page.
Licensed under MIT as it was the easiest one to copy paste 🐱