From martin at nlnetlabs.nl Tue Sep 10 12:57:28 2019 From: martin at nlnetlabs.nl (Martin Hoffmann) Date: Tue, 10 Sep 2019 14:57:28 +0200 Subject: [RPKI] =?utf-8?q?Routinator_0=2E6=2E0_=E2=80=98Pink_Sombrero?= =?utf-8?b?4oCZIHJlbGVhc2Vk?= Message-ID: <20190910145728.20b6a1bb@glaurung.nlnetlabs.nl> Dear mailing list, we are jubilant to announce the latest release of Routinator, version 0.6.0 ?Pink Sombrero.? This release adds support for the RPKI Repository Delta Protocol (RRDP), an alternative method of fetching RPKI data that uses HTTPS instead of rsync. RRDP will speed up synchronisation for frequently updated repositories, for instance when Routinator is running in server mode. For the RRDP implementation, most of the internal logic of Routinator has been rewired. We used this opportunity for extensive refactoring and cleanup of the code base. One user visible consequence is that the listeners for RTR and HTTP are now started immediately instead of waiting until after the first validation run. They still will report an error message until then, but at least you won?t have to wonder whether something went wrong anymore. There have been a few more changes. You can read all about them in the release notes at https://github.com/NLnetLabs/routinator/releases/tag/v0.6.0 Happy Routinating! On behalf of the NLnet Labs RPKI Team, Martin From martin at nlnetlabs.nl Wed Sep 11 19:07:22 2019 From: martin at nlnetlabs.nl (Martin Hoffmann) Date: Wed, 11 Sep 2019 21:07:22 +0200 Subject: [RPKI] =?utf-8?q?Routinator_0=2E6=2E0_=E2=80=98Pink_Sombrero?= =?utf-8?b?4oCZIHJlbGVhc2Vk?= In-Reply-To: <20190910145728.20b6a1bb@glaurung.nlnetlabs.nl> References: <20190910145728.20b6a1bb@glaurung.nlnetlabs.nl> Message-ID: <20190911210722.00434db6@glaurung.nlnetlabs.nl> Dear mailing list, we just discovered a somewhat embarrassing bug in 0.6.0 where the serial number for RTR is not increased. Consequently, RTR clients won?t get updated. We will release 0.6.1 with a fix tomorrow, but in the mean time, if you are using Routinator with RTR, you definitely want to skip 0.6.0. Terribly sorry, Martin From martin at nlnetlabs.nl Thu Sep 12 16:03:56 2019 From: martin at nlnetlabs.nl (Martin Hoffmann) Date: Thu, 12 Sep 2019 18:03:56 +0200 Subject: [RPKI] =?utf-8?q?Routinator_0=2E6=2E1_=E2=80=98Philosophy_Is_Tri?= =?utf-8?b?Y2t54oCZIFJlbGVhc2Vk?= Message-ID: <20190912180356.4abb057f@glaurung.nlnetlabs.nl> Dear mailing list, we have just released Routinator version 0.6.1 ?Philosophy Is Tricky?. The release primarily fixes an issue in yesterday?s 0.6.0 where the serial number for RTR was not updated when new data became available resulting in RTR clients getting stuck with old data. It also silences two annoying but otherwise harmless error messages and includes the RRDP statistics in the "/status" HTTP endpoint. As always, the complete release notes are available at https://github.com/NLnetLabs/routinator/releases/tag/v0.6.1 Happy Routinating! On behalf of the NLnet Labs RPKI Team, Martin From mats at exmandato.se Wed Sep 25 17:07:12 2019 From: mats at exmandato.se (Mats Mellstrand) Date: Wed, 25 Sep 2019 19:07:12 +0200 Subject: [RPKI] Strange logg Message-ID: Hi My loggs fills with lines like /var/spool/routinator/repository/rrdp/2596136452: bad RRDP server directory. Skipping. Any idea why? /mm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From martin at nlnetlabs.nl Thu Sep 26 08:16:19 2019 From: martin at nlnetlabs.nl (Martin Hoffmann) Date: Thu, 26 Sep 2019 10:16:19 +0200 Subject: [RPKI] Strange logg In-Reply-To: References: Message-ID: <20190926101619.7ddb70a2@glaurung.nlnetlabs.nl> Hi Mats, Mats Mellstrand wrote: > > My loggs fills with lines like > > /var/spool/routinator/repository/rrdp/2596136452: bad RRDP server > directory. Skipping. > > > Any idea why? When Routinator starts a new validation run, it looks at all directories in the rrdp directory, assuming they contain the state of one RRDP server. If they aren?t, it ignores them with that message. Which is to say, everything is fine. I will have a look again at the cleanup mechanism that should delete all of these directories after the validation run is complete, but this is all rather tricky with loads of fun little race conditions between competing Routinator instances (not likely, but I want to avoid producing wrong VRP lists even in unlikely cases). In general, everything that is logged with log level INFO can be safely ignored. So, in practice, running Routinator with "-v" isn?t really necessary. HTH and kind regards, Martin From cm at appliedprivacy.net Thu Sep 26 21:04:00 2019 From: cm at appliedprivacy.net (Christoph) Date: Thu, 26 Sep 2019 21:04:00 +0000 Subject: [RPKI] routinator source IP address? Message-ID: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> Hello! is there a way to tell routinator to use a specific source IP address? I did not find any such option in routinator's manual. If it uses the source IP address of the interface on which it leaves the system it will fail because the link network is not announced in BGP. thanks, Christoph From chriztoffer at netravnen.de Thu Sep 26 21:26:31 2019 From: chriztoffer at netravnen.de (Chriztoffer Hansen) Date: Thu, 26 Sep 2019 23:26:31 +0200 Subject: [RPKI] routinator source IP address? In-Reply-To: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> References: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> Message-ID: <31f62d4f-9737-bd71-5797-045cb4e90d30@netravnen.de> From one Chriztoffer to another Christoph, Christoph wrote on 26/09/2019 23:04: > is there a way to tell routinator to use a specific source IP address? > I did not find any such option in routinator's manual. Yep! [0] See routinator.conf.example at github repo. ;) [0]: https://github.com/NLnetLabs/routinator/blob/master/etc/routinator.conf.example#L104 -- [ have you enabled IPv6 on something today...? ] [ Chriztoffer Hansen +1 914 3133553 ] [ 0x18dd23c550293098de07052a9dcf2ca008ebd2e8 ] -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From chriztoffer at netravnen.de Thu Sep 26 21:29:36 2019 From: chriztoffer at netravnen.de (Chriztoffer Hansen) Date: Thu, 26 Sep 2019 23:29:36 +0200 Subject: [RPKI] routinator source IP address? In-Reply-To: <31f62d4f-9737-bd71-5797-045cb4e90d30@netravnen.de> References: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> <31f62d4f-9737-bd71-5797-045cb4e90d30@netravnen.de> Message-ID: <2ada98c2-39d7-914e-9f1a-f3c530cf1b48@netravnen.de> Chriztoffer Hansen wrote on 26/09/2019 23:26: > > Christoph wrote on 26/09/2019 23:04: >> is there a way to tell routinator to use a specific source IP address? >> I did not find any such option in routinator's manual. > > https://github.com/NLnetLabs/routinator/blob/master/etc/routinator.conf.example#L104 But I am guessing you are asking for how to configure routinator to use a specific source address and/or interface when e.g. fetching ROA's from e.g. RIPE repository? -- [ have you enabled IPv6 on something today...? ] [ Chriztoffer Hansen +1 914 3133553 ] [ 0x18dd23c550293098de07052a9dcf2ca008ebd2e8 ] -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From cm at appliedprivacy.net Thu Sep 26 21:41:00 2019 From: cm at appliedprivacy.net (Christoph) Date: Thu, 26 Sep 2019 21:41:00 +0000 Subject: [RPKI] routinator source IP address? In-Reply-To: <31f62d4f-9737-bd71-5797-045cb4e90d30@netravnen.de> References: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> <31f62d4f-9737-bd71-5797-045cb4e90d30@netravnen.de> Message-ID: Chriztoffer Hansen: > From one Chriztoffer to another Christoph, > > Christoph wrote on 26/09/2019 23:04: >> is there a way to tell routinator to use a specific source IP >> address? I did not find any such option in routinator's manual. > > Yep! [0] See routinator.conf.example at github repo. ;) > > [0]: > https://github.com/NLnetLabs/routinator/blob/master/etc/routinator.conf.example#L104 > > > I'm not looking for an option to specify the IP address routinator should bind to (--rtr) for incoming connections. I'm looking for an option to specify which source IP it uses when initiating outbound connections to fetch repo data. thanks, Christoph From martin at nlnetlabs.nl Fri Sep 27 13:48:31 2019 From: martin at nlnetlabs.nl (Martin Hoffmann) Date: Fri, 27 Sep 2019 15:48:31 +0200 Subject: [RPKI] routinator source IP address? In-Reply-To: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> References: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> Message-ID: <20190927154831.4338856e@grisu.home.partim.org> Hi Christoph, Christoph wrote: > > is there a way to tell routinator to use a specific source IP address? > I did not find any such option in routinator's manual. For rsync, you have to convince rsync to do that. You can define arguments to rsync via Routinator?s config-file-only option "rsync-args". I think --address is the rsync option you want there. So, something like: | rsync-args = ["--address", "127.0.0.1"] should work. For RRDP (so, from 0.6.1 onwards), --rrdp-local-addr allows you to specify the local address. Kind regards, Martin From cm at appliedprivacy.net Fri Sep 27 13:55:00 2019 From: cm at appliedprivacy.net (Christoph) Date: Fri, 27 Sep 2019 13:55:00 +0000 Subject: [RPKI] routinator source IP address? In-Reply-To: <20190927154831.4338856e@grisu.home.partim.org> References: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> <20190927154831.4338856e@grisu.home.partim.org> Message-ID: <9acc2393-6788-09a0-87bb-ae8811b4410f@appliedprivacy.net> > For rsync, you have to convince rsync to do that. You can define > arguments to rsync via Routinator?s config-file-only option > "rsync-args". I think --address is the rsync option you want there. > > So, something like: > > | rsync-args = ["--address", "127.0.0.1"] > > should work. > > For RRDP (so, from 0.6.1 onwards), --rrdp-local-addr allows you to > specify the local address. Thanks! iirc not all repos support RRDP, so I will have to define it in both places, right? From martin at nlnetlabs.nl Fri Sep 27 14:34:43 2019 From: martin at nlnetlabs.nl (Martin Hoffmann) Date: Fri, 27 Sep 2019 16:34:43 +0200 Subject: [RPKI] routinator source IP address? In-Reply-To: <9acc2393-6788-09a0-87bb-ae8811b4410f@appliedprivacy.net> References: <36cf0293-497d-5174-dbb7-ccbee0eb1bf8@appliedprivacy.net> <20190927154831.4338856e@grisu.home.partim.org> <9acc2393-6788-09a0-87bb-ae8811b4410f@appliedprivacy.net> Message-ID: <20190927163443.6c99c7eb@grisu.home.partim.org> Hi, Christoph wrote: > > iirc not all repos support RRDP, so I will have to define it in both > places, right? That is correct. But rrdp-local-addr is also a config file option (I think all command line options are [or should be]), so you can have it all in the config file. Kind regards, Martin