Send in your ideas. Deadline December 1, 2024

Last update: 2016-03-14

RPKI-RTRlib

RPKI/RTRlib

The Resource Public Key Infrastructure (RPKI) is a component of secure interdomain routing and has recently been standardized in the IETF SIDR group (RFCs 6810/6811). RPKI is currently being rolled out, and is a significant and necessary step towards fully protecting BGP.

However, the mechanism does incur additional load at BGP routers. In order to reduce that load, RPKI objects can be fetched and cryptographically validated by cache servers. The RPKI/RTR protocol defines a standard mechanism to maintain the exchange of valid RPKI data between cache server and router. RTRlib is one of the two open source reference implementation of RTR, originally created by researchers from the Computer Systems & Telematics group at Freie Universität Berlin and reseachers from the INET research group at Hamburg University of Applied Sciences, under the supervision of dr. Matthias Wählisch and Thomas Schmidt.

The RTRlib is a real-time capable, open-source (MIT licensed) C library that implements the RPKI router part. Basically, it fetches data from an RPKI cache server and allows for prefix origin validation as well as initial steps of BGP path validation (draft 6810bis). The RTRlib can serve as the backend for BGP daemons and monitoring tools in real-world operations, as well as user guidance.

The project has a public mailing list and forum:

  • https://groups.google.com/d/forum/rtrlib
  • rtrlib@googlegroups.com

The RTRlib grants an easy and highly efficient access to cryptographically valid RPKI data without relying on a specific cache server or RPKI validator implementation. The RTRlib is useful for developers of routing software but also for network operators. Developers can integrate the RTRlib into BGP daemons to extend their implementation towards RPKI. Network operators may use the RTRlib to develop monitoring tools (e.g., to evaluate the performance of caches or to validate BGP data). Extensions like the RPKI browser plugin show prefix validation results to end users, allowing them to actually check for routing anomalies as they browse.

The project will further advance and mature this software, and integrate and disseminate the solution - actively promoting its adoption by the wider internet community through e.g. a workshop held at IETF 95 in Berlin.

link-lab