Open hhm-call opened 11 months ago
You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the vrps
command, i.e., with the testbed TAL added:
routinator --tal nlnetlabs-testbed vrps
If you want to run it permanently, you can use the server
command with some extra arguments so you can access the data. The manual has more information.
You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the
vrps
command, i.e., with the testbed TAL added:routinator --tal nlnetlabs-testbed vrps
If you want to run it permanently, you can use the
server
command with some extra arguments so you can access the data. The manual has more information.
[root@PC1 ~]# routinator --tal nlnetlabs-testbed vrps
[WARN] RRDP https://rrdp.afrinic.net/notification.xml: Getting notification file failed with status 204 No Content
[WARN] rsync://rpki.afrinic.net/repository/afrinic/V00kEnto5oHJEhRaMMayIbP4KlA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/V00kEnto5oHJEhRaMMayIbP4KlA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36C06CB/D8FF6538D4F311ECB3714BD3F1222468/BAD292FE050511EE9502F55D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/STmJqI9ygR8i60Gk6wwSdOHx2pA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/STmJqI9ygR8i60Gk6wwSdOHx2pA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa: certificate is overclaiming IPv4 resources.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/6n6vYSDTEzssFOqYEf97HcuEQhE.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/6n6vYSDTEzssFOqYEf97HcuEQhE.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/z1Kz6_gz2w85Tz77x4mC_9aJbxA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36505B2/0569917622D711ED862FD6E0F1222468/z1Kz6_gz2w85Tz77x4mC_9aJbxA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/BpTOBmDPIzc01Obno4jqMUHuRbk.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/BpTOBmDPIzc01Obno4jqMUHuRbk.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/YmFCTuhQuS5FxpB3tvSkzniKeJM.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/YmFCTuhQuS5FxpB3tvSkzniKeJM.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D6E05488587811EEAA1EAD554AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/S4D0bEIIq3jyH3EKKWI1-QYyTis.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/S4D0bEIIq3jyH3EKKWI1-QYyTis.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4E784C9E543711EEAB9B72464AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/535AC336544111EE938070694AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C59ACA62543811EEA76CEF4A4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/758A74EA543911EE94DA1C4D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BFB19DB4543411EE906A753B4AD9E6FC.roa: certificate is not yet valid.
########################### install #############################
vi /etc/yum.repos.d/nlnetlabs.repo
###
[nlnetlabs]
name=NLnet Labs
baseurl=https://packages.nlnetlabs.nl/linux/centos/8/main/x86_64
enabled=1
###
sudo rpm --import https://packages.nlnetlabs.nl/aptkey.asc
sudo yum install -y routinator
sudo yum install -y krill
########################### routinator conf #############################
vi /etc/routinator/routinator.conf
###
repository-dir = "/var/lib/routinator/rpki-cache"
rtr-listen = ["172.16.0.251:3323"]
http-listen = ["172.16.0.251:8323"]
###
routinator --config /etc/routinator/routinator.conf config
########################### krill conf #############################
vi /etc/krill.conf
###
service_uri = "https://localhost:3000/"
###
##################################################
yum install -y nginx
vi /etc/nginx/conf.d/krillexampleorg.conf
server {
server_name RPKI_TEST_HHM;
client_max_body_size 100M;
location / {
proxy_pass https://localhost:3000/;
}
listen 80;
}
vi /etc/ssh/sshd_config
###
AllowTcpForwarding yes
###
systemctl restart sshd
##############################################
Windows input-->ssh -L 3000:localhost:3000 root@xx.xx.xx.xx
Open https://localhost:3000/
, input the admin_token
in /etc/krill.conf
.Add an additional parent,copy <child_request>
and <publisher_request>
.
###
<child_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" child_handle="RPKI_TEST_HHM">
<child_bpki_ta>
...
</child_bpki_ta>
</child_request>
###
###
<publisher_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM">
<publisher_bpki_ta>
...
</publisher_bpki_ta>
</publisher_request>
###
Open https://testbed.krill.cloud/ui/testbed
, paste <child_request>
,copy <parent_response>
and <repository_response>
.
###
<parent_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" parent_handle="testbed" child_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc6492/testbed">
<parent_bpki_ta>
...
</parent_bpki_ta>
</parent_response>
###
###
<repository_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/" sia_base="rsync://testbed.krill.cloud/repo/RPKI_TEST_HHM/" rrdp_notification_uri="https://testbed.krill.cloud/rrdp/notification.xml">
<repository_bpki_ta>
...
</repository_bpki_ta>
</repository_response>
###
Certificate Authority RPKI_TEST_HHM
Parents
testbed_hhm
Parents https://testbed.krill.cloud/rfc6492/testbed
Last Exchange 27-09-2023 06:56:06 UTC (1 hour ago)
All Resources ASN: AS6551-AS6552
IPv4: 192.168.110.0/24, 192.168.220.0/24
IPv6:
Repository
URI https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/
Last Exchange 27-09-2023 06:49:57 UTC (1 hour ago)
But afterAdd ROAs
,
ASN Prefix Comment State
6551 192.168.110.0/24-32 NOT SEEN
I would like to know if there are problems with these operations, and how to fix them. Also, How do I get Routinator to use only krill content?
?_?
In the same virtual machine, I installed routinator and krill. v0.13 In
https://testbed.krill.cloud/ui/testbed
, I created a CA in testbed using krill. I think the commandroutinator --tal nlnetlabs-testbed
can be used to connect routinator and krill. I don't know if that's rightBut it's error. So I changed my approach.
Why? Or how to connect routinator and krill?
?_?