Changes in 5c60694: Further work

				_Sidebar.md
			
          @@ -33,7 +33,7 @@

             * [IRC](/services/IRC)

             * [Whois registry](/services/Whois)

             * [DNS](/services/dns/Overview)

          -  * [RPKI](/services/RPKI)

          +  * [ROA + RPKI](/services/RPKI)

             * [IX Collection](/services/exchanges/IX-Collection)

             * [Public DNS](/services/Clearnet-Domains)

             * [Looking Glasses](/services/Looking-Glasses)

				howto/Bird2.md
			
          @@ -300,27 +300,7 @@ template bgp dnpeers {

           ## ROA Tables

          -The ROA table can be generated from the registry directly or you can use the following pre-built ROA tables for BIRD:

          -

          -ROA files generated by [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv) are available from burble.dn42:

          -

          -|URL|&nbsp;IPv4/IPv6&nbsp;|Description|

          -|---|---|---|

          -| <https://dn42.burble.com/roa/dn42_roa_46.json> &nbsp; | &nbsp;Both&nbsp; | JSON format for use with RPKI |

          -| <https://dn42.burble.com/roa/dn42_roa_bird1_46.conf> &nbsp; | &nbsp;Both&nbsp; | Bird1 format |

          -| <https://dn42.burble.com/roa/dn42_roa_bird1_4.conf> &nbsp; | &nbsp;IPv4 Only&nbsp; | Bird1 format |

          -| <https://dn42.burble.com/roa/dn42_roa_bird1_6.conf> &nbsp; | &nbsp;IPv6 Only&nbsp; | Bird1 format |

          -| <https://dn42.burble.com/roa/dn42_roa_bird2_46.conf> &nbsp; | &nbsp;Both&nbsp; | Bird2 format |

          -| <https://dn42.burble.com/roa/dn42_roa_bird2_4.conf> &nbsp; | &nbsp;IPv4 Only&nbsp; | Bird2 format |

          -| <https://dn42.burble.com/roa/dn42_roa_bird2_6.conf> &nbsp; | &nbsp;IPv6 Only&nbsp; | Bird2 format |

          -

          -ROA files generated by [roa_wizard](https://github.com/Kioubit/dn42_registry_wizard) are available from kioubit.dn42:

          -

          -|URL|&nbsp;IPv4/IPv6&nbsp;|Description|                                                                                      

          -|---|---|---|

          -| <https://kioubit-roa.dn42.dev/?type=v4> &nbsp; | &nbsp;IPv4 Only&nbsp; | Bird2 format |

          -| <https://kioubit-roa.dn42.dev/?type=v6> &nbsp; | &nbsp;IPv6 Only&nbsp; | Bird2 format |

          -| <https://kioubit-roa.dn42.dev/?type=json> &nbsp; | &nbsp;Both&nbsp; | JSON format for use with RPKI |

          +The ROA table can be generated from the registry directly or you can use the [pre-built ROA tables](/services/RPKI/#using-public-roa-tables) for BIRD.

           ### Updating ROA tables

          @@ -473,4 +453,4 @@ It should not be used in extremely long distance peers with the default settings

           lossy networks like but not only, Satellite, Wireless Mesh Networks should be avoided.

           Regardless, use of BFD in high quality fiber based networks with low ping is optimal.

          -Additional documentation about the BFD protocol is available at [the BIRD2 documentation](https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3) .

          \ No newline at end of file

          +Additional documentation about the BFD protocol is available at [the BIRD2 documentation](https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3) .

				howto/ROA-slash-RPKI.md
			
          @@ -1,125 +0,0 @@

          -## What is ROA?

          -

          -A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.

          -

          -## What is RPKI?

          -

          -Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.  

          -It provides a way to connect number resource information to a trust anchor.

          -

          -## What is RTR?

          -

          -The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.  

          -It provides the router with validity information regarding prefix origination:  

          -

          -* VALID  

          -  The route announcement is covered by a ROA and the announcing AS is validated

          -* INVALID  

          -  The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)

          -* UNKNOWN  

          -  There exists no ROA for the route announcement

          -

          -## How can I implement ROA on dn42?

          -

          -On dn42 we generate ROA information from the dn42 registry.  

          -ROA json/bird files can be generated using [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv).

          -It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr).

          -

          -### dn42regsrv 

          -

          -You can find a hosted example of dn42regsrv at <https://explorer.burble.com/>

          -

          -Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv). 

          -

          -You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):

          -```sh

          -git checkout https://git.burble.com/burble.dn42/dn42regsrv.git .

          -cd contrib/docker

          -./build.sh

          -docker-compose up -d

          -```

          -

          -Documentation for the api endpoints can be found here: <https://git.burble.com/burble.dn42/dn42regsrv/src/master/API.md>

          -

          -### gortr

          -

          -burble kindly provides ready-to-use files for gortr here:

          -

          -<https://dn42.burble.com/roa/dn42_roa_46.json>

          -

          -You can use these to simply run gortr via docker:

          -

          -```sh

          -docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082

          -```

          -

          -### rtrtr

          -

          -rtrtr is a RTR server from NLNet Labs. It's compatible with the dn42regsrv ROA-JSON or burbles provided one (https://dn42.burble.com/roa/dn42_roa_46.json) too. 

          -

          -NLNet Labs provides an official docker image. You just have to bind mount a suitable configuration file:

          -

          -```sh

          -docker run -d -v /etc/rtrtr.conf:/etc/rtrtr.conf -p 323:323/tcp nlnetlabs/rtrtr -c /etc/rtrtr.conf

          -```

          -

          -This is a working configuration file for dn42. Maybe change the listen addresses:

          -

          -```conf

          -log_level = "debug"

          -log_target = "stderr"

          -http-listen = []

          -[units.dn42-json]

          -type = "json"

          -uri = "https://dn42.burble.com/roa/dn42_roa_46.json"

          -refresh = 600

          -[targets.dn42-rtr]

          -type = "rtr"

          -listen = ["0.0.0.0:323", "[::]:323"]

          -unit = "dn42-json"

          -```

          -

          -For more information cosult the official documentation: <https://rtrtr.docs.nlnetlabs.nl/en/stable/>

          -

          -### Kioubit's DN42 Registry Wizard

          -

          -[DN42 Registry Wizard](https://github.com/Kioubit/dn42_registry_wizard) is a comprehensive tool for DN42 registry interactions. **Unlike other solutions, it can parse the registry and host an RTR server all-in-one** without requiring separate components.

          -

          -#### All-in-One RTR Server

          -

          -```sh

          -# Clone the DN42 registry

          -git clone https://git.dn42.dev/dn42/registry.git

          -

          -# Start RTR server directly from registry

          -./registry_wizard <path to registry> rtr 

          -

          -# Setup a cronjob to continously update the registry and notify registry_wizard

          -git fetch --all

          -git reset --hard origin/master

          -kill -SIGUSR1 "$(pidof 'registry_wizard')"

          -```

          -

          -```

          -Usage: registry_wizard <registry_root> rtr [OPTIONS]

          -

          -Options:

          -  -p, --port <port>        Port to listen on [default: 9323]

          -      --refresh <refresh>  RTR refresh timing [default: 3600]

          -      --expire <expire>    RTR expire timing [default: 7200]

          -      --retry <retry>      RTR retry timing [default: 600]

          -  -h, --help               Print help

          -```

          -

          -### Other tools / generators

          -- bauen1's dn42-roagen: <https://gitlab.com/bauen1/dn42-roagen>

          -- Kioubit's registry wizard: <https://github.com/Kioubit/dn42_registry_wizard>

          -- chuangzhu's pure bash script: <https://paste.sr.ht/~chuang/e98d2fe791de68a6cf5aade7877cd0dbc1cdb84e>

          -

          -### This is all to complicated, is there an easy all-in-one package for RTR?

          -

          -TODO: Publish docker-compose-yml to git for gortr+dn42regsrv

          -

          -### How do I integrate RTR with my BGP implementation

          -

          -You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.

				howto/lglass.md
			
          @@ -1,107 +0,0 @@

          -lglass is a Python software package designed for Internet Registries like the DN42. You can generate zone files for DNS and rDNS IPv4/v6, and handle the registry. It is available on GitHub as free software:

          -

          -```sh

          -$ git clone git://github.com/fritz0705/lglass.git

          -```

          -

          -## Links

          -- [Fritz Gihub repo](https://github.com/fritz0705/lglass)

          -- [lglass Manual](http://lglass.flonet.dn42/)

          -

          -## Running your own Whois daemon

          -

          -lglass provides an event-based whois daemon with internal caching, which was written in Python. It is very simple to run an instance:

          -

          -```sh

          -$ ./bin/lglass-whoisd

          -```

          -

          -without the configfile:

          -

          -```sh

          -$ ./bin/lglass-regtool whoisd -H $HOST -p $PORT

          -```

          -

          -```

          -usage: lglass-whoisd [-h] [-4] [-6] [--host HOST] [--port PORT]

          -                     [--cidr] [--no-cidr] [--inverse] [--no-inverse]

          -

          -optional arguments:

          -    -h, --help            show this help message and exit

          -    -4                    Listen on IPv4

          -    -6                    Listen on IPv6

          -    --host HOST, -H HOST  Listen on host

          -    --port PORT, -p PORT  Listen on port

          -    --cidr, -c            Perform CIDR matching on queries

          -    --no-cidr             Do not perform CIDR matching on queries

          -    --inverse, -i         Perform inverse matching on queries

          -    --no-inverse          Do not perform inverse matching on queries

          -```

          -

          -## Generate zone files

          -

          -lglass also provides a script to generate zone files from the registry. It's named zonegen.py and requires a registry dump from Monotone.

          -

          -To generate DNS zones:

          -

          -```sh

          -$ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com dns -z dn42

          -```

          -

          -To generate IPv4 rDNS zones:

          -

          -```sh

          -$ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns4 -N 172.22.0.0/16

          -```

          -

          -To generate IPv6 rDNS zones:

          -```sh

          -$ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns6 -N fd00::/8

          -```

          -

          -## Reformat RPSL files

          -

          -You can also reformat RPSL files using lglass by using the lglass.rpsl module:

          -

          -```sh

          -$ ./bin/lglass-rpsl < $DATA/inetnum/172.22.0.53_32

          -```

          -

          -lglass.rpsl also supports in-place operation:

          -

          -```sh

          -$ ./bin/lglass-rpsl -i $DATA/inetnum/172.22.0.53_32

          -```

          -

          -This opens the file, reads the content into memory, seeks to position 0, writes the formatted object and truncates the file.

          -Simple web interface

          -

          -lglass also comes with a simple web interface written in Python3 using Bottle and Jinja2. It also provides a binary to run it using wsgiref:

          -```sh

          -$ ./bin/lglass-web

          -```

          -

          -Furthermore you can use any WSGI server like Gunicorn by using lglass.web.application:app as WSGI callback. You can provide a path to the configuration file in the environment variable `LGLASS_WEB_CFG`.

          -

          -## Configuration

          -

          -The configuration file format is JSON and allows configuration of the database chain, the listen parameters, the custom messages and the process management.

          -

          -| Option   |      Meaning      |

          -|----------|:-------------|

          -| listen.host |IP address for listening socket (Default: ::) |

          -|listen.port|TCP port for listening socket (Default: 4343) |

          -|listen.protocol|Protocol for listening socket (4 or 6, by default 6) |

          -|database|Array of database URLs to initialize database chain|

          -|database.types|Array of object types in database (Default: undefined) <br/>Default chain:<br/>[<br/>  "whois+lglass.database.file+file:.",<br/>  "whois+lglass.database.cidr+cidr:",<br/>  "whois+lglass.database.schema+schema:",<br/>  "whois+lglass.database.cache+cached:"<br/>]|

          -|messages.preamble|String preamble for whois responses|

          -|messages.help|String help message for help requests|

          -|process.user|User to change after initialization|

          -|process.group|Group to change after initialization|

          -|process.pidfile|Path to PID file|

          -

          -## RPSL

          -- Routing Policy Specification Language [RFC2622](https://tools.ietf.org/html/rfc2622)

          -- Routing Policy Specification Language next generation (RPSLng) [RFC4012](https://tools.ietf.org/html/rfc4012)

          -- <http://www.ripe.net/data-tools/db/rpsl>

          -- <http://www.ripe.net/data-tools/db/rpsl/transition-to-rpsl-version-of-the-ripe-database>

				howto/vyos1.4.x.md
			
          @@ -268,7 +268,6 @@ delete protocols bgp neighbor fe80::4242 capability

           ```

           ## RPKI/ROA Checking

          -Burble has made this super easy. More info can be found [here](/howto/ROA-slash-RPKI) on this wiki. 

           You can achieve this by running docker on a seperate server in the network but as of Vyos 1.4 2023-02-28 its possible to do it on the vyos machine itself. This setup is using Cloudflare's GoRTR and automatically reaching out and downloading a custom JSON file generated by Burble just for the DN42 network.  

           ### Setup RPKI Caching Server on the Vyos machine

				services/RPKI.md
			
          @@ -1,7 +1,65 @@

          -# DN42 RPKI 

          -This page covers guidance and examples on using RPKI within DN42.

          +# ROA + RPKI 

          +This page covers guidance and examples on using RPKI and ROA within DN42.

          -## Quick Start

          +## What is ROA?

          +

          +A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.

          +

          +## What is RPKI?

          +

          +Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.  

          +It provides a way to connect number resource information to a trust anchor.

          +

          +## What is RTR?

          +

          +The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.  

          +It provides the router with validity information regarding prefix origination:

          +

          +* VALID  

          +  The route announcement is covered by a ROA and the announcing AS is validated

          +* INVALID  

          +  The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)

          +* UNKNOWN  

          +  There exists no ROA for the route announcement

          +

          +## How can I implement ROA on dn42?

          +

          +On dn42 we generate ROA information from the dn42 registry.  

          +

          +Generators:

          +- Burble's dn42regsrv: < https://git.burble.com/burble.dn42/dn42regsrv>

          +- bauen1's dn42-roagen: <https://gitlab.com/bauen1/dn42-roagen>

          +- Kioubit's registry wizard: <https://github.com/Kioubit/dn42_registry_wizard>

          +- chuangzhu's pure bash script: <https://paste.sr.ht/~chuang/e98d2fe791de68a6cf5aade7877cd0dbc1cdb84e>

          +

          +It is also possible to integrate the ROA files with a RTR cache server as shown below.

          +

          +## ROA

          +

          +### Using public ROA tables

          +

          +ROA files generated by [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv) are available from burble.dn42:

          +

          +|URL|&nbsp;IPv4/IPv6&nbsp;|Description|

          +|---|---|---|

          +| <https://dn42.burble.com/roa/dn42_roa_46.json> &nbsp; | &nbsp;Both&nbsp; | JSON format for use with RPKI |

          +| <https://dn42.burble.com/roa/dn42_roa_bird1_46.conf> &nbsp; | &nbsp;Both&nbsp; | Bird1 format |

          +| <https://dn42.burble.com/roa/dn42_roa_bird1_4.conf> &nbsp; | &nbsp;IPv4 Only&nbsp; | Bird1 format |

          +| <https://dn42.burble.com/roa/dn42_roa_bird1_6.conf> &nbsp; | &nbsp;IPv6 Only&nbsp; | Bird1 format |

          +| <https://dn42.burble.com/roa/dn42_roa_bird2_46.conf> &nbsp; | &nbsp;Both&nbsp; | Bird2 format |

          +| <https://dn42.burble.com/roa/dn42_roa_bird2_4.conf> &nbsp; | &nbsp;IPv4 Only&nbsp; | Bird2 format |

          +| <https://dn42.burble.com/roa/dn42_roa_bird2_6.conf> &nbsp; | &nbsp;IPv6 Only&nbsp; | Bird2 format |

          +

          +ROA files generated by [roa_wizard](https://github.com/Kioubit/dn42_registry_wizard) are available from kioubit.dn42:

          +

          +|URL|&nbsp;IPv4/IPv6&nbsp;|Description|                                                                                      

          +|---|---|---|

          +| <https://kioubit-roa.dn42.dev/?type=v4> &nbsp; | &nbsp;IPv4 Only&nbsp; | Bird2 format |

          +| <https://kioubit-roa.dn42.dev/?type=v6> &nbsp; | &nbsp;IPv6 Only&nbsp; | Bird2 format |

          +| <https://kioubit-roa.dn42.dev/?type=json> &nbsp; | &nbsp;Both&nbsp; | JSON format for use with RPKI |

          +

          +

          +## RPKI

           It is recommended to run your own RPKI validator, as this provides you with the most security and control over your routing decisions. However, to get started, or if running your own validator isn’t desirable, a public RPKI RTR server is available. The service supports full RPKI validation for all relevant DN42 and affiliated networks’ prefixes.

          @@ -104,4 +162,4 @@ Options:

                 --expire <expire>    RTR expire timing [default: 7200]

                 --retry <retry>      RTR retry timing [default: 600]

             -h, --help               Print help

          -```

          \ No newline at end of file

          +```

				services/Whois.md
			
          @@ -143,7 +143,6 @@ The idea comes from the guys at cymru.com, who provide this service for the Inte

           # Software

          - * [lglass](/howto/lglass) is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc).

            * [whois42d](https://git.dn42.dev/registry/whois42d) written in golang, lightweight/fast, whois server with support for all registry objects, type filtering and systemd socket activation.

            * [who42rs](https://git.dn42.dev/C4TG1RL5/who42rs) a reimplementation of whois42d written in Rust

...	...	@@ -300,27 +300,7 @@ template bgp dnpeers {
300	300
301	301	## ROA Tables
302	302
303		-The ROA table can be generated from the registry directly or you can use the following pre-built ROA tables for BIRD:
304		-
305		-ROA files generated by [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv) are available from burble.dn42:
306		-
307		-\|URL\| IPv4/IPv6 \|Description\|
308		-\|---\|---\|---\|
309		-\| <https://dn42.burble.com/roa/dn42_roa_46.json>   \|  Both  \| JSON format for use with RPKI \|
310		-\| <https://dn42.burble.com/roa/dn42_roa_bird1_46.conf>   \|  Both  \| Bird1 format \|
311		-\| <https://dn42.burble.com/roa/dn42_roa_bird1_4.conf>   \|  IPv4 Only  \| Bird1 format \|
312		-\| <https://dn42.burble.com/roa/dn42_roa_bird1_6.conf>   \|  IPv6 Only  \| Bird1 format \|
313		-\| <https://dn42.burble.com/roa/dn42_roa_bird2_46.conf>   \|  Both  \| Bird2 format \|
314		-\| <https://dn42.burble.com/roa/dn42_roa_bird2_4.conf>   \|  IPv4 Only  \| Bird2 format \|
315		-\| <https://dn42.burble.com/roa/dn42_roa_bird2_6.conf>   \|  IPv6 Only  \| Bird2 format \|
316		-
317		-ROA files generated by [roa_wizard](https://github.com/Kioubit/dn42_registry_wizard) are available from kioubit.dn42:
318		-
319		-\|URL\| IPv4/IPv6 \|Description\|
320		-\|---\|---\|---\|
321		-\| <https://kioubit-roa.dn42.dev/?type=v4>   \|  IPv4 Only  \| Bird2 format \|
322		-\| <https://kioubit-roa.dn42.dev/?type=v6>   \|  IPv6 Only  \| Bird2 format \|
323		-\| <https://kioubit-roa.dn42.dev/?type=json>   \|  Both  \| JSON format for use with RPKI \|
	303	+The ROA table can be generated from the registry directly or you can use the [pre-built ROA tables](/services/RPKI/#using-public-roa-tables) for BIRD.
324	304
325	305	### Updating ROA tables
326	306
...	...	@@ -473,4 +453,4 @@ It should not be used in extremely long distance peers with the default settings
473	453	lossy networks like but not only, Satellite, Wireless Mesh Networks should be avoided.
474	454	Regardless, use of BFD in high quality fiber based networks with low ping is optimal.
475	455
476		-Additional documentation about the BFD protocol is available at [the BIRD2 documentation](https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3) .
...	...	\ No newline at end of file
	0	+Additional documentation about the BFD protocol is available at [the BIRD2 documentation](https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3) .

...	...	@@ -268,7 +268,6 @@ delete protocols bgp neighbor fe80::4242 capability
268	268	```
269	269
270	270	## RPKI/ROA Checking
271		-Burble has made this super easy. More info can be found [here](/howto/ROA-slash-RPKI) on this wiki.
272	271	You can achieve this by running docker on a seperate server in the network but as of Vyos 1.4 2023-02-28 its possible to do it on the vyos machine itself. This setup is using Cloudflare's GoRTR and automatically reaching out and downloading a custom JSON file generated by Burble just for the DN42 network.
273	272
274	273	### Setup RPKI Caching Server on the Vyos machine

...	...	@@ -143,7 +143,6 @@ The idea comes from the guys at cymru.com, who provide this service for the Inte
143	143
144	144	# Software
145	145
146		- * [lglass](/howto/lglass) is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc).
147	146	* [whois42d](https://git.dn42.dev/registry/whois42d) written in golang, lightweight/fast, whois server with support for all registry objects, type filtering and systemd socket activation.
148	147	* [who42rs](https://git.dn42.dev/C4TG1RL5/who42rs) a reimplementation of whois42d written in Rust
149	148

...	...	@@ -33,7 +33,7 @@
33	33	* [IRC](/services/IRC)
34	34	* [Whois registry](/services/Whois)
35	35	* [DNS](/services/dns/Overview)
36		- * [RPKI](/services/RPKI)
	36	+ * [ROA + RPKI](/services/RPKI)
37	37	* [IX Collection](/services/exchanges/IX-Collection)
38	38	* [Public DNS](/services/Clearnet-Domains)
39	39	* [Looking Glasses](/services/Looking-Glasses)

...	...	@@ -1,125 +0,0 @@
1		-## What is ROA?
2		-
3		-A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.
4		-
5		-## What is RPKI?
6		-
7		-Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.
8		-It provides a way to connect number resource information to a trust anchor.
9		-
10		-## What is RTR?
11		-
12		-The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.
13		-It provides the router with validity information regarding prefix origination:
14		-
15		-* VALID
16		- The route announcement is covered by a ROA and the announcing AS is validated
17		-* INVALID
18		- The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)
19		-* UNKNOWN
20		- There exists no ROA for the route announcement
21		-
22		-## How can I implement ROA on dn42?
23		-
24		-On dn42 we generate ROA information from the dn42 registry.
25		-ROA json/bird files can be generated using [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv).
26		-It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr).
27		-
28		-### dn42regsrv
29		-
30		-You can find a hosted example of dn42regsrv at <https://explorer.burble.com/>
31		-
32		-Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv).
33		-
34		-You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):
35		-```sh
36		-git checkout https://git.burble.com/burble.dn42/dn42regsrv.git .
37		-cd contrib/docker
38		-./build.sh
39		-docker-compose up -d
40		-```
41		-
42		-Documentation for the api endpoints can be found here: <https://git.burble.com/burble.dn42/dn42regsrv/src/master/API.md>
43		-
44		-### gortr
45		-
46		-burble kindly provides ready-to-use files for gortr here:
47		-
48		-<https://dn42.burble.com/roa/dn42_roa_46.json>
49		-
50		-You can use these to simply run gortr via docker:
51		-
52		-```sh
53		-docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082
54		-```
55		-
56		-### rtrtr
57		-
58		-rtrtr is a RTR server from NLNet Labs. It's compatible with the dn42regsrv ROA-JSON or burbles provided one (https://dn42.burble.com/roa/dn42_roa_46.json) too.
59		-
60		-NLNet Labs provides an official docker image. You just have to bind mount a suitable configuration file:
61		-
62		-```sh
63		-docker run -d -v /etc/rtrtr.conf:/etc/rtrtr.conf -p 323:323/tcp nlnetlabs/rtrtr -c /etc/rtrtr.conf
64		-```
65		-
66		-This is a working configuration file for dn42. Maybe change the listen addresses:
67		-
68		-```conf
69		-log_level = "debug"
70		-log_target = "stderr"
71		-http-listen = []
72		-[units.dn42-json]
73		-type = "json"
74		-uri = "https://dn42.burble.com/roa/dn42_roa_46.json"
75		-refresh = 600
76		-[targets.dn42-rtr]
77		-type = "rtr"
78		-listen = ["0.0.0.0:323", "[::]:323"]
79		-unit = "dn42-json"
80		-```
81		-
82		-For more information cosult the official documentation: <https://rtrtr.docs.nlnetlabs.nl/en/stable/>
83		-
84		-### Kioubit's DN42 Registry Wizard
85		-
86		-[DN42 Registry Wizard](https://github.com/Kioubit/dn42_registry_wizard) is a comprehensive tool for DN42 registry interactions. Unlike other solutions, it can parse the registry and host an RTR server all-in-one without requiring separate components.
87		-
88		-#### All-in-One RTR Server
89		-
90		-```sh
91		-# Clone the DN42 registry
92		-git clone https://git.dn42.dev/dn42/registry.git
93		-
94		-# Start RTR server directly from registry
95		-./registry_wizard <path to registry> rtr
96		-
97		-# Setup a cronjob to continously update the registry and notify registry_wizard
98		-git fetch --all
99		-git reset --hard origin/master
100		-kill -SIGUSR1 "$(pidof 'registry_wizard')"
101		-```
102		-
103		-```
104		-Usage: registry_wizard <registry_root> rtr [OPTIONS]
105		-
106		-Options:
107		- -p, --port <port> Port to listen on [default: 9323]
108		- --refresh <refresh> RTR refresh timing [default: 3600]
109		- --expire <expire> RTR expire timing [default: 7200]
110		- --retry <retry> RTR retry timing [default: 600]
111		- -h, --help Print help
112		-```
113		-
114		-### Other tools / generators
115		-- bauen1's dn42-roagen: <https://gitlab.com/bauen1/dn42-roagen>
116		-- Kioubit's registry wizard: <https://github.com/Kioubit/dn42_registry_wizard>
117		-- chuangzhu's pure bash script: <https://paste.sr.ht/~chuang/e98d2fe791de68a6cf5aade7877cd0dbc1cdb84e>
118		-
119		-### This is all to complicated, is there an easy all-in-one package for RTR?
120		-
121		-TODO: Publish docker-compose-yml to git for gortr+dn42regsrv
122		-
123		-### How do I integrate RTR with my BGP implementation
124		-
125		-You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.

...	...	@@ -1,107 +0,0 @@
1		-lglass is a Python software package designed for Internet Registries like the DN42. You can generate zone files for DNS and rDNS IPv4/v6, and handle the registry. It is available on GitHub as free software:
2		-
3		-```sh
4		-$ git clone git://github.com/fritz0705/lglass.git
5		-```
6		-
7		-## Links
8		-- [Fritz Gihub repo](https://github.com/fritz0705/lglass)
9		-- [lglass Manual](http://lglass.flonet.dn42/)
10		-
11		-## Running your own Whois daemon
12		-
13		-lglass provides an event-based whois daemon with internal caching, which was written in Python. It is very simple to run an instance:
14		-
15		-```sh
16		-$ ./bin/lglass-whoisd
17		-```
18		-
19		-without the configfile:
20		-
21		-```sh
22		-$ ./bin/lglass-regtool whoisd -H $HOST -p $PORT
23		-```
24		-
25		-```
26		-usage: lglass-whoisd [-h] [-4] [-6] [--host HOST] [--port PORT]
27		- [--cidr] [--no-cidr] [--inverse] [--no-inverse]
28		-
29		-optional arguments:
30		- -h, --help show this help message and exit
31		- -4 Listen on IPv4
32		- -6 Listen on IPv6
33		- --host HOST, -H HOST Listen on host
34		- --port PORT, -p PORT Listen on port
35		- --cidr, -c Perform CIDR matching on queries
36		- --no-cidr Do not perform CIDR matching on queries
37		- --inverse, -i Perform inverse matching on queries
38		- --no-inverse Do not perform inverse matching on queries
39		-```
40		-
41		-## Generate zone files
42		-
43		-lglass also provides a script to generate zone files from the registry. It's named zonegen.py and requires a registry dump from Monotone.
44		-
45		-To generate DNS zones:
46		-
47		-```sh
48		-$ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com dns -z dn42
49		-```
50		-
51		-To generate IPv4 rDNS zones:
52		-
53		-```sh
54		-$ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns4 -N 172.22.0.0/16
55		-```
56		-
57		-To generate IPv6 rDNS zones:
58		-```sh
59		-$ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns6 -N fd00::/8
60		-```
61		-
62		-## Reformat RPSL files
63		-
64		-You can also reformat RPSL files using lglass by using the lglass.rpsl module:
65		-
66		-```sh
67		-$ ./bin/lglass-rpsl < $DATA/inetnum/172.22.0.53_32
68		-```
69		-
70		-lglass.rpsl also supports in-place operation:
71		-
72		-```sh
73		-$ ./bin/lglass-rpsl -i $DATA/inetnum/172.22.0.53_32
74		-```
75		-
76		-This opens the file, reads the content into memory, seeks to position 0, writes the formatted object and truncates the file.
77		-Simple web interface
78		-
79		-lglass also comes with a simple web interface written in Python3 using Bottle and Jinja2. It also provides a binary to run it using wsgiref:
80		-```sh
81		-$ ./bin/lglass-web
82		-```
83		-
84		-Furthermore you can use any WSGI server like Gunicorn by using lglass.web.application:app as WSGI callback. You can provide a path to the configuration file in the environment variable `LGLASS_WEB_CFG`.
85		-
86		-## Configuration
87		-
88		-The configuration file format is JSON and allows configuration of the database chain, the listen parameters, the custom messages and the process management.
89		-
90		-\| Option \| Meaning \|
91		-\|----------\|:-------------\|
92		-\| listen.host \|IP address for listening socket (Default: ::) \|
93		-\|listen.port\|TCP port for listening socket (Default: 4343) \|
94		-\|listen.protocol\|Protocol for listening socket (4 or 6, by default 6) \|
95		-\|database\|Array of database URLs to initialize database chain\|
96		-\|database.types\|Array of object types in database (Default: undefined) <br/>Default chain:<br/>[<br/> "whois+lglass.database.file+file:.",<br/> "whois+lglass.database.cidr+cidr:",<br/> "whois+lglass.database.schema+schema:",<br/> "whois+lglass.database.cache+cached:"<br/>]\|
97		-\|messages.preamble\|String preamble for whois responses\|
98		-\|messages.help\|String help message for help requests\|
99		-\|process.user\|User to change after initialization\|
100		-\|process.group\|Group to change after initialization\|
101		-\|process.pidfile\|Path to PID file\|
102		-
103		-## RPSL
104		-- Routing Policy Specification Language [RFC2622](https://tools.ietf.org/html/rfc2622)
105		-- Routing Policy Specification Language next generation (RPSLng) [RFC4012](https://tools.ietf.org/html/rfc4012)
106		-- <http://www.ripe.net/data-tools/db/rpsl>
107		-- <http://www.ripe.net/data-tools/db/rpsl/transition-to-rpsl-version-of-the-ripe-database>

...	...	@@ -1,7 +1,65 @@
1		-# DN42 RPKI
2		-This page covers guidance and examples on using RPKI within DN42.
	1	+# ROA + RPKI
	2	+This page covers guidance and examples on using RPKI and ROA within DN42.
3	3
4		-## Quick Start
	4	+## What is ROA?
	5	+
	6	+A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.
	7	+
	8	+## What is RPKI?
	9	+
	10	+Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.
	11	+It provides a way to connect number resource information to a trust anchor.
	12	+
	13	+## What is RTR?
	14	+
	15	+The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.
	16	+It provides the router with validity information regarding prefix origination:
	17	+
	18	+* VALID
	19	+ The route announcement is covered by a ROA and the announcing AS is validated
	20	+* INVALID
	21	+ The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)
	22	+* UNKNOWN
	23	+ There exists no ROA for the route announcement
	24	+
	25	+## How can I implement ROA on dn42?
	26	+
	27	+On dn42 we generate ROA information from the dn42 registry.
	28	+
	29	+Generators:
	30	+- Burble's dn42regsrv: < https://git.burble.com/burble.dn42/dn42regsrv>
	31	+- bauen1's dn42-roagen: <https://gitlab.com/bauen1/dn42-roagen>
	32	+- Kioubit's registry wizard: <https://github.com/Kioubit/dn42_registry_wizard>
	33	+- chuangzhu's pure bash script: <https://paste.sr.ht/~chuang/e98d2fe791de68a6cf5aade7877cd0dbc1cdb84e>
	34	+
	35	+It is also possible to integrate the ROA files with a RTR cache server as shown below.
	36	+
	37	+## ROA
	38	+
	39	+### Using public ROA tables
	40	+
	41	+ROA files generated by [dn42regsrv](https://git.burble.com/burble.dn42/dn42regsrv) are available from burble.dn42:
	42	+
	43	+\|URL\| IPv4/IPv6 \|Description\|
	44	+\|---\|---\|---\|
	45	+\| <https://dn42.burble.com/roa/dn42_roa_46.json>   \|  Both  \| JSON format for use with RPKI \|
	46	+\| <https://dn42.burble.com/roa/dn42_roa_bird1_46.conf>   \|  Both  \| Bird1 format \|
	47	+\| <https://dn42.burble.com/roa/dn42_roa_bird1_4.conf>   \|  IPv4 Only  \| Bird1 format \|
	48	+\| <https://dn42.burble.com/roa/dn42_roa_bird1_6.conf>   \|  IPv6 Only  \| Bird1 format \|
	49	+\| <https://dn42.burble.com/roa/dn42_roa_bird2_46.conf>   \|  Both  \| Bird2 format \|
	50	+\| <https://dn42.burble.com/roa/dn42_roa_bird2_4.conf>   \|  IPv4 Only  \| Bird2 format \|
	51	+\| <https://dn42.burble.com/roa/dn42_roa_bird2_6.conf>   \|  IPv6 Only  \| Bird2 format \|
	52	+
	53	+ROA files generated by [roa_wizard](https://github.com/Kioubit/dn42_registry_wizard) are available from kioubit.dn42:
	54	+
	55	+\|URL\| IPv4/IPv6 \|Description\|
	56	+\|---\|---\|---\|
	57	+\| <https://kioubit-roa.dn42.dev/?type=v4>   \|  IPv4 Only  \| Bird2 format \|
	58	+\| <https://kioubit-roa.dn42.dev/?type=v6>   \|  IPv6 Only  \| Bird2 format \|
	59	+\| <https://kioubit-roa.dn42.dev/?type=json>   \|  Both  \| JSON format for use with RPKI \|
	60	+
	61	+
	62	+## RPKI
5	63
6	64	It is recommended to run your own RPKI validator, as this provides you with the most security and control over your routing decisions. However, to get started, or if running your own validator isn’t desirable, a public RPKI RTR server is available. The service supports full RPKI validation for all relevant DN42 and affiliated networks’ prefixes.
7	65
...	...	@@ -104,4 +162,4 @@ Options:
104	162	--expire <expire> RTR expire timing [default: 7200]
105	163	--retry <retry> RTR retry timing [default: 600]
106	164	-h, --help Print help
107		-```
...	...	\ No newline at end of file
	0	+```