c671a9170f5c6c1cf25be2afe6cc1c70e6f8da24
howto/Bird.md
| ... | ... | @@ -288,6 +288,29 @@ then create the directory to make sure curls can save the files: |
| 288 | 288 | mkdir -p /var/lib/bird/ |
| 289 | 289 | ``` |
| 290 | 290 | |
| 291 | +# Use RPKI ROA for bird2 |
|
| 292 | +Download gortr |
|
| 293 | + |
|
| 294 | +`https://github.com/cloudflare/gortr/releases` |
|
| 295 | +Running gortr |
|
| 296 | +`./gortr -verify=false -checktime=false -cache=https://dn42.burble.com/roa/dn42_roa_46.json` |
|
| 297 | + |
|
| 298 | +Add this your bird configure file,other ROA protocol must remove |
|
| 299 | + |
|
| 300 | + |
|
| 301 | +``` |
|
| 302 | +protocol rpki rpki_dn42{ |
|
| 303 | + roa4 { table dn42_roa; }; |
|
| 304 | + roa6 { table dn42_roa_v6; }; |
|
| 305 | + |
|
| 306 | + remote "<your rpki server ip or domain>" port 8282; |
|
| 307 | + |
|
| 308 | + retry keep 90; |
|
| 309 | + refresh keep 900; |
|
| 310 | + expire keep 172800; |
|
| 311 | +} |
|
| 312 | +``` |
|
| 313 | + |
|
| 291 | 314 | ## Filter configuration |
| 292 | 315 | |
| 293 | 316 | In your import filter add the following to reject invalid routes: |
| ... | ... | @@ -307,6 +330,7 @@ roa table dn42_roa { |
| 307 | 330 | }; |
| 308 | 331 | ``` |
| 309 | 332 | |
| 333 | + |
|
| 310 | 334 | **NOTE**: Make sure you setup ROA checks for both bird and bird6 (for IPv6). |
| 311 | 335 | |
| 312 | 336 | # Useful bird commmands |