On Fri, Nov 23, 2018 at 2:31 PM Alex Band <a...@nlnetlabs.nl> wrote: > Hi Jeff, > > While I can’t offer you a solution today, I’m happy to tell you we’ve > recognised this particular use case and are working on a free, open source > solution. > > We're building a toolset that allows you to run a CA as a child of one or > multiple RIRs transparently and publish using your own or a third party > publication server. In addition, we’ll provide validation software. > > https://www.nlnetlabs.nl/projects/rpki/project-plan/ > > For the validation software we have running code that is already used in > production in various places: > > https://github.com/NLnetLabs/routinator > > With development ongoing, we’re still in the process of getting this fully > funded as we’re a small non-profit. So far the RIPE NCC Community Projects > Fund and Brazilian registry NIC.br are contributing to financing this > project. Our goal to to provide something that is on par with our other > projects, such as NSD and Unbound. > > Happy to keep you updated on the progress. > > Cheers, > > Alex Band > NLnet Labs > > > On 23 Nov 2018, at 18:51, Jeff McAdams <je...@iglou.com> wrote: > > > > OK, I'm trying to do the responsible thing and further the progress and > > deployment of RPKI. I feel like I have a pretty good handle on a path > > forward for doing validation and routing-policy based on ROA validation. >
hey thanks! :) > > However, I also feel like I'm really banging my head against a wall > trying > > to set up publication of ROAs. $employer has IP space from several RIRs, > > and enough space that there is a pretty strong desire to have our own > > publication system for this, but I'm really struggling to find extant > > software to do this. > I think there are 3 options: ripe validator v2 (potentially v3?) - https://github.com/RIPE-NCC/rpki-validator https://github.com/RIPE-NCC/rpki-validator-3 rpki.net validator - https://github.com/dragonresearch/rpki.net bbn rpstir - https://github.com/bgpsecurity/rpstir > Are there people doing their own publication? Or is everyone just using > > Hosted ARIN/RIPE/APNIC/etc. systems? My colleagues and I feel like > trying > > to manage and automate processes against multiple RIRs is not ideal, so > > setting up a publication system that can use the Up-Down protocol, or > > perhaps publish our own publication points, or whatever is the best way > to > > handle this would be desired. > > > > Can anyone point me to some facilitating resources on this? Software > > packages that are reasonably current and maintained and not a total pain > > to deploy? > > > > -- > > Jeff > >
