8b11f1100907b52937e10429ca03f1d28dbf3a4d
howto/OpenBGPD.md
| ... | ... | @@ -100,13 +100,19 @@ match from any community GRACEFUL_SHUTDOWN set { localpref 0 } |
| 100 | 100 | ``` |
| 101 | 101 | |
| 102 | 102 | # ROA |
| 103 | -OpenBSD ships with [rpki-client(8)](http://man.openbsd.org/rpki-client.8) which nicely integrates with **bgpd**. |
|
| 104 | -Since DN42 emulates an IRR WHOIS service through the registry repository instead of providing an RPKI repository, this tool cannot be used. |
|
| 105 | 103 | |
| 106 | -Instead, [a shell script](https://t4-2.high5.nl/pub/dn42/generate_roa-set.sh) parses route objects from the registry repository and generates a `roa-set {...}` block that is to be included in the main configuration file. |
|
| 104 | +An roa-set can be generated from the registry directly or you can use the following pre-build tables. |
|
| 107 | 105 | |
| 108 | 106 | One single `roa-set` may be defined, against which **bgpd** will validate the origin of each prefix; this allows filter rules to use the `ovs` keyword as demonstrated above. |
| 109 | 107 | |
| 108 | +ROA files generated by [dn42regsrv](https://git.dn42.dev/burble/dn42regsrv) are available from burble.dn42: |
|
| 109 | + |
|
| 110 | +|URL| IPv4/IPv6 | |
|
| 111 | +|---|---| |
|
| 112 | +|[https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf](https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf) | Both | |
|
| 113 | +|[https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf](https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf) | IPv4 Only | |
|
| 114 | +|[https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf](https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf) | IPv6 Only | |
|
| 115 | + |
|
| 110 | 116 | `/etc/dn42.roa-set` is the generated set: |
| 111 | 117 | ``` |
| 112 | 118 | roa-set { |