[RPKI] Routinator 0.8.0-rc1 Released
Ximon Eighteen
ximon at nlnetlabs.nl
Wed Oct 7 15:14:06 UTC 2020
Dear mailing list,
For Debian/Ubuntu users out there we have a small treat related to the
Routinator 0.8.0-rc1 release: it's now available via our
https://packages.nlnetlabs.nl/ package server!
Once you have added the NLnet Labs package repository to your APT
configuration (see instructions at https://packages.nlnetlabs.nl/) you
can install and setup Routinator like so:
$ sudo apt-get install routinator
$ sudo routinator-init --accept-arin-rpa
$ sudo systemctl enable --now routinator
(or use --decline-arin-rpa as you see fit)
You can then check the status of Routinator with:
$ sudo systemctl status routinator
And view the logs with:
$ sudo journalctl --unit=routinator
Happy Routinating!
On behalf of the NLnet Labs RPKI Team,
Ximon
On 07-10-2020 16:27, Martin Hoffmann via RPKI wrote:
> Dear mailing list,
>
> it took a bit long but it is finally here: the first release candidate
> for Routinator 0.8.0.
>
> The most important feature in this release is much stricter validation
> of the RPKI CAs: If any of the material published by a CA is invalid for
> any reason, the entire CA is being rejected completely. No VRPs are
> added from the ROAs published by the CA itself and its child CAs are
> not even evaluated.
>
> We implement the rules proposed by draft-ietf-sidrops-6486bis[0] with
> two deviations.
>
> For one we do not currently fall back to a previous version version of
> the CA that would still be valid. This is not easily possible with the
> current architecture and will require a major redesign of how we store
> the RPKI data. This redesign is currently planned for 0.9..
>
> Secondly, we allow objects of unknown types to be present in the
> repository so long as they are correctly announced in the manifest.
> There is a new option "unknown-objects" that can be used to reject
> these objects as well. The motivation here is to not deploy a version
> that blocks new object types such as the upcoming ASPA while there are
> still ongoing discussions on the draft.
>
> In addition, the release also contains a method we called "filtering of
> unsafe VRPs" which I have described in an earlier message. As promised,
> this filter is by default disabled and can be activated via the
> "unsafe-vrps" option.
>
> To make it more convenient to look at the impact of these changes, the
> log from the most recent validation run is now available in the HTTP
> server via the /log endpoint.
>
> There are quite a few more changes. As always a detailed list can be
> found in the release notes, this time at:
>
> https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0-rc1
>
> If you want to join in on testing the next Routinator release, you
> can install this candidate via cargo. But note that you have to
> specifically provide the version number:
>
> cargo install -f --version 0.8.0-rc1 routinator
>
> Happy Routinating!
>
> On behalf of the NLnet Labs RPKI Team,
> Martin
>
> [0] https://datatracker.ietf.org/doc/draft-ietf-sidrops-6486bis/
>
More information about the RPKI
mailing list