[sidr] A note about a few tools that maybe of interest:
"Montgomery, Douglas" <dougm@nist.gov> Mon, 05 May 2014 16:25 UTC
Return-Path: <dougm@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 904BF1A02E9 for <sidr@ietfa.amsl.com>; Mon, 5 May 2014 09:25:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pitzBnzURxWu for <sidr@ietfa.amsl.com>; Mon, 5 May 2014 09:25:23 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) by ietfa.amsl.com (Postfix) with ESMTP id B65E91A00C6 for <sidr@ietf.org>; Mon, 5 May 2014 09:25:22 -0700 (PDT)
Received: from BLUPR09MB038.namprd09.prod.outlook.com (10.255.211.144) by BLUPR09MB038.namprd09.prod.outlook.com (10.255.211.144) with Microsoft SMTP Server (TLS) id 15.0.934.12; Mon, 5 May 2014 16:25:12 +0000
Received: from BLUPR09MB038.namprd09.prod.outlook.com ([169.254.11.59]) by BLUPR09MB038.namprd09.prod.outlook.com ([169.254.11.59]) with mapi id 15.00.0934.000; Mon, 5 May 2014 16:25:12 +0000
From: "Montgomery, Douglas" <dougm@nist.gov>
To: "sidr@ietf.org" <sidr@ietf.org>
Thread-Topic: A note about a few tools that maybe of interest:
Thread-Index: AQHPaH6WQNIwDauF0ESUBR3NybX37g==
Date: Mon, 05 May 2014 16:25:12 +0000
Message-ID: <CF8D339D.1C809%dougm@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.1.140326
x-originating-ip: [129.6.140.29]
x-forefront-prvs: 0202D21D2F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(199002)(31966008)(16601075003)(74662001)(81342001)(74502001)(15202345003)(81542001)(87936001)(36756003)(54356999)(50986999)(83072002)(92566001)(79102001)(66066001)(86362001)(83506001)(575784001)(80022001)(83322001)(19580395003)(99396002)(4396001)(21056001)(20776003)(101416001)(77982001)(92726001)(85852003)(99286001)(64706001)(2656002)(76482001)(15975445006)(46102001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR09MB038; H:BLUPR09MB038.namprd09.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: nist.gov does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov;
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <9E8BA0BC9F5133429B74A724CCB9BD1C@namprd09.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/SdvjRXUuFt_OOS30s98jHLG8iSs
Subject: [sidr] A note about a few tools that maybe of interest:
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 16:25:25 -0000
We run a RPKI monitor that examines various statistics of the emerging RPKI and its relationship to global BGP trace data. Aspects of the RPKI-BGP component are similar to some of the other monitors, the RPKI analysis component offers some new data and visualizations of emerging RPKI structure and usage. Both views offer global and per-region statistics and the ability to compare statistics across regions. We continue to add new analysis modules to the monitor. For details see: http://rpki-monitor.antd.nist.gov There is a new release of our BGP-SrX (quagga) origin validation prototype (v 0.3.1) that now contains full support for signaling validation state with community attributes (draft-ietf-sidr-origin-validation-signaling-04) along with some bug fixes. Source and binary installs available below: http://bgpsrx.antd.nist.gov/ At the same site, there is also a stub, pre-release of a BGPSEC prototype. Mainly offered as an early interoperability tester for BGPSEC session negotiation and BGPSEC_Path attribute generation and validation. Router keys are self-signed and stored in a local file (i.e., no rpki-to-router support for router keys yet). For now, there is just a binary release and instruction file to operate prototype as an interop test tool. Router Diagnostic commands have been extended to display BGPSEC information, e.g.: =============== bgpd# show ip bgp 10.40.0.0/16 BGP routing table entry for 10.40.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 2030 40 SRx Information: Update ID: 0.09A2630D Validation: prefix-origin: valid path: valid bgpsec: valid (combination of prefix-origin and path validation) PathType: BGPSEC-Path ( 1 signature blocks, each with 2 path segments) signature block #1: algorithm suite id 1 path segment 1: as=2030; pcount=1 signature segment [1]: block 1, ski=97E8EEC56E7C8AE22866D218B0E4D40416EC4EFA path segment 2: as=40; pcount=1 signature segment [1]: block 1, ski=A509AE9ED377CC31AED01E820670DF9CC781DA9F 10.0.1.2 from 10.0.1.2 (10.0.1.2) Origin IGP, localpref 100, valid, external, best Last Update: Mon May 5 08:42:37 2014 ================ Once we add new rpki-to-router (draft-austein-sidr-rpki-rtr-rfc6810bis-01) support and do further robustness testing, we will release full source for this functionality too. ‹ Doug Montgomery, Mgr Internet & Scalable Systems Research @ NIST / ITL / ANTD
- [sidr] A note about a few tools that maybe of int… Montgomery, Douglas