search

pierky / arouteserver

A tool to automatically build (and test) feature-rich configurations for BGP route servers.
https://arouteserver.readthedocs.org/
GNU General Public License v3.0
284 stars 46 forks source link

use rpki-client 'expires' functionality in openbgpd output #92

Closed job closed 2 years ago

job commented 2 years ago

Hi @pierky

Starting with OpenBGPD 7.2, the bgpd.conf configuration format permits to specify an optional expiration moment (as unix timestamp) for each RPKI VRP. This makes it possible to automatically purge outdated RPKI information from the routeserver pipeline, in case arouteserver's configuration generation process is stuck or not running.

The format is pretty straight forward:

roa-set {
        1.0.0.0/24 source-as 13335 expires 1639189098
        1.0.4.0/24 source-as 38803 expires 1639180474
        1.0.4.0/22 source-as 38803 expires 1639180474
        ...
}

Values can be extracted from rpki-client's output (example is at vrps.json)

Perhaps arouteserver should take advantage of this OpenBGPD capability and pass on these expiration moments?

pierky commented 2 years ago

Hi @job,

thanks for the suggestion. I’ve added the support of the expires attribute: a pre-release is out on the test instance of PyPi: v1.13.0-alpha1

It'd be great if you could give it a try, by following the instructions reported on the docs about how to install pre-releases: https://arouteserver.readthedocs.io/en/latest/INSTALLATION.html#development-and-pre-release-versions

Pls let me know if you have a chance to try it out.

Thanks

job commented 2 years ago

@pierky tested - looks good to me

pierky commented 2 years ago

Thanks @job, the pipeline for v1.13.0 is running, if everything goes well, the new release will be out in about 1 hour from now.