services/RPKI.md
... ...
@@ -0,0 +1,65 @@
1
+# DN42 RPKI
2
+This page covers guidance and examples on using RPKI within DN42.
3
+
4
+## Quick Start
5
+
6
+It is recommended to run your own RPKI validator, as this provides you with the most security and control over your routing decisions. However, to get started, or if running your own validator isn’t desirable, a public RPKI RTR server is available. The service supports full RPKI validation for all relevant DN42 and affiliated networks’ prefixes.
7
+
8
+### Using Public RPKI Services
9
+
10
+DN42’s RPKI RTR service endpoints are hosted by multiple operators. By configuring multiple RTR servers in your BGP daemon, you gain additional resiliency and improved validation coverage.
11
+
12
+| Server | Port | **IPv4/IPv6** |
13
+| ------------------ | ---- | ------------- |
14
+| rpki.dn42.milu.moe | 8082 | both |
15
+| rpki.akae.re | 8082 | both |
16
+
17
+To configure the service, connect your BGP software’s RPKI client to one or more of these RTR servers.
18
+
19
+#### Example Configuration (Bird 2)
20
+
21
+```conf
22
+protocol rpki roa_dn42_1 {
23
+ roa4 { table dn42_roa; };
24
+ roa6 { table dn42_roa_v6; };
25
+ remote "rpki1.example.com";
26
+ port 8082;
27
+ refresh 600;
28
+ retry 300;
29
+ expire 7200;
30
+}
31
+
32
+protocol rpki roa_dn42_2 {
33
+ roa4 { table dn42_roa; };
34
+ roa6 { table dn42_roa_v6; };
35
+ remote "rpki2.example.com";
36
+ port 8082;
37
+ refresh 600;
38
+ retry 300;
39
+ expire 7200;
40
+}
41
+```
42
+
43
+### Running Your Own RPKI Server
44
+
45
+#### With Docker
46
+
47
+```bash
48
+docker run --name dn42rpki -p 8082:8282 --restart=always -d rpki/stayrtr -verify=false -checktime=false -cache=https://dn42.burble.com/roa/dn42_roa_46.json
49
+```
50
+
51
+#### With Docker Compose
52
+
53
+```conf
54
+services:
55
+ stayrtr:
56
+ image: rpki/stayrtr:latest
57
+ ports:
58
+ - "8082:8082"
59
+ command: >
60
+ -bind :8082
61
+ -cache https://dn42.burble.com/roa/dn42_roa_46.json
62
+ stdin_open: true
63
+ tty: true
64
+```
65
+