REST BGP Validator (RBV)
The REST BGP Validator (RBV) allows to validate the origin AS (autonomous system) of an IP prefix announced by the BGP (Border Gateway Protocol) control plane of the Internet. For the validation process RBV uses the RTRlib to access and query RPKI cache servers.
It offers a RESTful interface to web-applications for validation queries, and a simple website providing the same functionality in a user-friendly manner. Further, it is also a generic backend for the RPKI browser plugin, that is available for Firefox and Chrome.
these can be installed using
$ cd <path/to/RBV>/src $ pip install -r requirements.txt
- URL of a working RPKI cache server
- cli-validator from rtrlib
cli-validator as described in src/util/UTIL.md and
copy its compiled binary into
Optional packages, for apache integration:
- Apache webserver
- mod_wsgi for apache
These packages are available for all major OS releases and platforms, or compile and install from source.
deployment and configuration
In order to deploy and run the REST BGP Validator (RBV) - either as stand-alone server or with apache integration - some configuration steps are required.
- clone the rbv repository from github
- clone the rtrlib repo from github, too
- build RTRlib and its tools, see above or src/util/UTIL.md
cli-validatorbinary into RBV, as described above
- if necessary, modify src/html/validate.html,
localhost:5000in action attribute of all HTML form-tags to the URL (FQDN) of your server.
- review src/settings.py and modify entries accordingly
- install python requirements using pip, see above
- start the bgp-validator daemon:
- that's it, now proceed with stand-alone server or apache integration
You can run RBV as a stand-alone server using python only, without a big-iron
such as apache. RBV uses the integrated webserver of the flask microframework.
For testing just type
python rbv.py and the server starts on localhost with
port 5000. Point your browser to http://localhost:5000.
If you want public access modify
www_validator_server entry in
src/settings.py. To allow access from any interface, set
0.0.0.0 or specify a distinct interface IP address. You may also modify
the port, however ports below 1024 need system/root rights!
Note: for stand-alone server you can also use python-virtualenv.
Using mod_wsgi integrating RBV (flask app) into an apache webserver is
First, install apache and mod_wsgi, and follow the deployment and configuration
steps, as described above.
Second, modify rbv_base_path in src/settings.py matching
src directory of RBV repository clone.
Third, edit src/rbv.wsgi and replace
</path/to/RBV>/src as in
Forth, modify etc/rbv_wsgi.conf according to your server
The user in the
rbv_wsgi.conf must also have read-write access to the RBV
path and its subdirectories - do not use root here, but any other
non-priveledge user (even your own account) is fine.
/etc/apache2/sites-available and create a sym-link in
Restart the apache webserver or service.
Note1: apache v2.2 and v2.4 use different access rules, see comments in file
Note2: depending on your apache configuration (multiple websites), further steps might be necessary.
RBV provides simple REST calls to validate the origin AS (autonomous system) of a IP prefix announced by BGP. It also has a human user-friendly webinterface, just point your browser to the URL of your webserver, where RBV is deployed - or: http://your.webserver.net/html/validate.html .
The REST API is divided in two distinct calls:
- HTTP methods: GET
- parameters: (brief, cache_server)
- response: JSON
- HTTP methods: GET
- parameters: (brief, cache_server, ip2as)
- response: JSON
GET example APIv1 to validate origin AS (32934) of IP prefix (
Facebook) using cache-server
rpki-validator.realmv6.org (with Port 8282):
GET example APIv2 to validate host (
facebook.com) using IP2AS mapping of
Team Cymru and cache-server
RPKI browser plugin
- cymru, IP2AS mapping of Team Cymru
- flask, a Python web microframework
- flask_restful, flask extension to build REST APIs
- virtualenv, like chroot for Python
- wsgi, Apache integration of Python apps