s-schmidbauer
commented
3 years ago Very nice article. I was messing with this one before. It will help me a lot, thanks.
Open jsf0 opened 3 years ago
s-schmidbauer
commented
3 years ago Very nice article. I was messing with this one before. It will help me a lot, thanks.
job
commented
3 years ago In setups like these I recommend enabling the rpki-client validator by uncommenting the entry in the root user's crontab. Uncommenting the crontab entry is all you need to do because on line 23 and line 101 of /etc/bgpd.conf the configuration to properly do RPKI Origin Validation is already present.
Here is a dirty oneliner to do it ;-)
# echo -n '/rpki\ns/^#//\nw\nq\n' | EDITOR=ed crontab -e
jsf0
commented
3 years ago Thanks! Yes, that's a good idea for a full setup. One caveat though for people running this in a VPS: rpki-client can use quite a bit of RAM and CPU when it runs. I'd recommend at least 1 GB RAM, as the 512 MB plans are already going to be pretty tight, especially if your provider is sending you a full table.
https://kernelpanic.life/software/high-availability-with-openbgpd-on-openbsd.html