Open hhm-call opened 11 months ago
partim
commented
11 months ago You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the vrps command, i.e., with the testbed TAL added:
routinator --tal nlnetlabs-testbed vrpsIf you want to run it permanently, you can use the server command with some extra arguments so you can access the data. The manual has more information.
hhm-call
commented
11 months ago You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the
vrpscommand, i.e., with the testbed TAL added:routinator --tal nlnetlabs-testbed vrpsIf you want to run it permanently, you can use the
servercommand with some extra arguments so you can access the data. The manual has more information.
[root@PC1 ~]# routinator --tal nlnetlabs-testbed vrps
[WARN] RRDP https://rrdp.afrinic.net/notification.xml: Getting notification file failed with status 204 No Content
[WARN] rsync://rpki.afrinic.net/repository/afrinic/V00kEnto5oHJEhRaMMayIbP4KlA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/V00kEnto5oHJEhRaMMayIbP4KlA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36C06CB/D8FF6538D4F311ECB3714BD3F1222468/BAD292FE050511EE9502F55D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/STmJqI9ygR8i60Gk6wwSdOHx2pA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/STmJqI9ygR8i60Gk6wwSdOHx2pA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa: certificate is overclaiming IPv4 resources.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/6n6vYSDTEzssFOqYEf97HcuEQhE.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/6n6vYSDTEzssFOqYEf97HcuEQhE.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/z1Kz6_gz2w85Tz77x4mC_9aJbxA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36505B2/0569917622D711ED862FD6E0F1222468/z1Kz6_gz2w85Tz77x4mC_9aJbxA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/BpTOBmDPIzc01Obno4jqMUHuRbk.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/BpTOBmDPIzc01Obno4jqMUHuRbk.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/YmFCTuhQuS5FxpB3tvSkzniKeJM.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/YmFCTuhQuS5FxpB3tvSkzniKeJM.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D6E05488587811EEAA1EAD554AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/S4D0bEIIq3jyH3EKKWI1-QYyTis.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/S4D0bEIIq3jyH3EKKWI1-QYyTis.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4E784C9E543711EEAB9B72464AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/535AC336544111EE938070694AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C59ACA62543811EEA76CEF4A4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/758A74EA543911EE94DA1C4D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BFB19DB4543411EE906A753B4AD9E6FC.roa: certificate is not yet valid.########################### install #############################
vi /etc/yum.repos.d/nlnetlabs.repo
###
[nlnetlabs]
name=NLnet Labs
baseurl=https://packages.nlnetlabs.nl/linux/centos/8/main/x86_64
enabled=1
###
sudo rpm --import https://packages.nlnetlabs.nl/aptkey.asc
sudo yum install -y routinator
sudo yum install -y krill########################### routinator conf #############################
vi /etc/routinator/routinator.conf
###
repository-dir = "/var/lib/routinator/rpki-cache"
rtr-listen = ["172.16.0.251:3323"]
http-listen = ["172.16.0.251:8323"]
###
routinator --config /etc/routinator/routinator.conf config########################### krill conf #############################
vi /etc/krill.conf
###
service_uri = "https://localhost:3000/"
#####################################################
yum install -y nginx
vi /etc/nginx/conf.d/krillexampleorg.conf
server {
server_name RPKI_TEST_HHM;
client_max_body_size 100M;
location / {
proxy_pass https://localhost:3000/;
}
listen 80;
}
vi /etc/ssh/sshd_config
###
AllowTcpForwarding yes
###
systemctl restart sshd
##############################################
Windows input-->ssh -L 3000:localhost:3000 root@xx.xx.xx.xx
Open https://localhost:3000/, input the admin_token in /etc/krill.conf.Add an additional parent,copy <child_request>and <publisher_request>.
###
<child_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" child_handle="RPKI_TEST_HHM">
<child_bpki_ta>
...
</child_bpki_ta>
</child_request>
###
###
<publisher_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM">
<publisher_bpki_ta>
...
</publisher_bpki_ta>
</publisher_request>
###Open https://testbed.krill.cloud/ui/testbed, paste <child_request>,copy <parent_response> and <repository_response>.
###
<parent_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" parent_handle="testbed" child_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc6492/testbed">
<parent_bpki_ta>
...
</parent_bpki_ta>
</parent_response>
###
###
<repository_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/" sia_base="rsync://testbed.krill.cloud/repo/RPKI_TEST_HHM/" rrdp_notification_uri="https://testbed.krill.cloud/rrdp/notification.xml">
<repository_bpki_ta>
...
</repository_bpki_ta>
</repository_response>
###Certificate Authority RPKI_TEST_HHM
Parents
testbed_hhm
Parents https://testbed.krill.cloud/rfc6492/testbed
Last Exchange 27-09-2023 06:56:06 UTC (1 hour ago)
All Resources ASN: AS6551-AS6552
IPv4: 192.168.110.0/24, 192.168.220.0/24
IPv6:
Repository
URI https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/
Last Exchange 27-09-2023 06:49:57 UTC (1 hour ago)But afterAdd ROAs,
ASN Prefix Comment State
6551 192.168.110.0/24-32 NOT SEENI would like to know if there are problems with these operations, and how to fix them. Also, How do I get Routinator to use only krill content?
?_?
In the same virtual machine, I installed routinator and krill. v0.13 In
https://testbed.krill.cloud/ui/testbed, I created a CA in testbed using krill. I think the commandroutinator --tal nlnetlabs-testbedcan be used to connect routinator and krill. I don't know if that's rightBut it's error. So I changed my approach.
Why? Or how to connect routinator and krill?
?_?