Examples of configurations

Default

Configurations built using the default general.yml and clients.yml files distributed with the project.

https://github.com/pierky/arouteserver/blob/master/examples/default

See the textual representation (HTML) of this configuration.

Feature-rich example

Configurations built using the files provided in the examples/rich directory.

• GTSM and ADD-PATH are enabled by default on the route server.

• Next-hop filtering allows clients to set NEXT_HOP of any client in the same AS.

• Local networks are filtered, and also transit-free ASNs, “never via route-servers” networks, invalid paths and prefixes/origin ASNs which are not authorized by clients’ AS-SETs (which are fetched from PeeringDB).

• Dataset used for prefix validation extended using NIC.BR Whois DB dump and RPKI ROAs.

• RPKI-based Origin Validation is enabled; INVALID routes are rejected.

• RFC9234 route leak prevention using roles is configured.

• A max-prefix limit is enforced on the basis of PeeringDB information.

• Blackhole filtering is implemented with a rewrite-next-hop policy and can be triggered with BGP communities BLACKHOLE, 65534:0 and 999:666:0.

• Control communities allow selective announcement control and prepending, also on the basis of peers RTT.

• 32bit ASNs are mapped to 16bit ASNs for usage in standard BGP communities.

• Graceful BGP session shutdown is enabled.

• Client timers are configured using the custom, site-specific .local file.

• Informational custom BGP communities are used to tag routes from European or American clients.

Please note: for the sake of readability of the configuration files built in this example the set of RPKI ROAs is artificially limited to just a bunch of them.

https://github.com/pierky/arouteserver/blob/master/examples/rich

See the textual representation (HTML) of this configuration.

BIRD hooks example

The BIRD configurations provided in this example have been generated enabling BIRD hooks:

$ arouteserver bird --ip-ver 4 --use-local-files header --use-hooks pre_receive_from_client post_receive_from_client [...]

The above list of hooks passed to the bird command has been truncated for the sake of readability; the complete list used in this example is provided below.

The command line argument --use-local-files enables the header inclusion point, in order to add the include "/etc/bird/header.local"; configuration statement to the BIRD configuration generated by ARouteServer.

define rs_as = 999;

log "/var/log/bird.log" all;
log syslog all;
debug protocols all;

protocol device {};

table master sorted;

include "/etc/bird/header.local";
...

This file must be present on the route server where BIRD is executed and must contain the custom functions used to implement the hooks. See the header.local file for the functions declaration.

List of hooks used in this example:

• pre_receive_from_client

• post_receive_from_client

• pre_announce_to_client

• post_announce_to_client

• scrub_communities_in

• scrub_communities_out

• apply_blackhole_filtering_policy

• route_can_be_announced_to

• announce_rpki_invalid_to_client

https://github.com/pierky/arouteserver/blob/master/examples/bird_hooks

Clients from Euro-IX member list JSON file

Some clients files automatically built from Euro-IX member list JSON files are reported here.

https://github.com/pierky/arouteserver/blob/master/examples/clients-from-euroix

configure command output

The configure command can be used to quickly generate policy definition files (general.yml) which are based on suggested settings and best practices.

A list of BGP communities is also automatically built.

$ arouteserver configure --output examples/auto-config/bird-general.yml

BGP daemon
==========

Depending on the BGP daemon used for the route server some features may not be
available.

Details here:
https://arouteserver.readthedocs.io/en/latest/CONFIG.html#caveats-and-
limitations

Which BGP daemon will be used? [bird/openbgpd] bird
Which version? [1.6.3/1.6.4/1.6.6/1.6.7/1.6.8/2.0.7/2.0.7+b962967e/2.0.8/2.0.9/2.0.10/2.0.11/2.13/2.14/2.15/3.0] 2.15

Router server's ASN
===================

What's the ASN of the route server? 64496

Route server's BGP router-id
============================

Please enter the route server BGP router-id: 192.0.2.1

List of local networks
======================

A list of local IPv4/IPv6 networks must be provided here: routes announced by
route server clients for these prefixes will be filtered out.

Please enter a comma-separated list of local networks: 192.0.2.0/24,2001:db8::/32



Route server policy definition file generated successfully!
===========================================================

The content of the general configuration file will now be written to
examples/auto-config/bird-general.yml

Some notes:

 - Accepted prefix lengths are 8-24 for IPv4 and 12-48 for IPv6.
 - Routes with 'transit-free networks' or 'never via route-server' (PeeringDB)
ASNs in the middle of AS_PATH are rejected.
 - IRR-based filters are enabled; prefixes that are more specific of those
registered are accepted.
 - PeeringDB is used to fetch AS-SETs for those clients that are not explicitly
configured.
 - RPKI ROAs are used as if they were route objects to further enrich IRR data.
 - NIC.BR Whois database dump is fetched from Registro.br to further enrich IRR
data.
 - RPKI BGP Origin Validation is enabled. INVALID routes are rejected.
 - PeeringDB is used to fetch networks prefix count.
 - Route leak prevention using roles (RFC9234) is enabled.
 - Routes tagged with the GRACEFUL_SHUTDOWN well-known community (65535:0) are
processed accordingly to draft-ietf-grow-bgp-gshut.

The textual description (HTML and Markdown) generated on the basis of the general.yml files produced by this command is also reported here.

https://github.com/pierky/arouteserver/blob/master/examples/auto-config

bird-general.yml.html - See the textual representation (HTML) of this configuration.

openbgpd-general.yml.html - See the textual representation (HTML) of this configuration.

IX-F Member Export files

The files reported within this directory were generated using the ixf-member-export command.

https://github.com/pierky/arouteserver/blob/master/examples/ixf-member-export

BIRD v2/v3 and OpenBGPD RPKI RTR configuration

This is an example of how to use BIRD v2/v3 or OpenBGPD with an external source for RPKI ROAs based on the RTR protocol.

BIRD v2/v3 and OpenBGPD (starting with release 6.9) have built-in support for the RTR protocol, that allows to connect the BGP daemon directly to a local cache (a “validator”).

To configure the daemons with ARouteServer in order to fetch ROAs using RTR, the rpki_roas.source option must be set to rtr and a local rpki_rtr_config.local file must be placed inside the same directory where the main configuration file is created (/etc/bird or /etc/bgpd by default, or a custom one set using the --local-files-dir command line argument of ARouteServer).

The rpki_rtr_config.local file is expected to contain the snippet of BIRD or OpenBGPD config needed to setup one or more RTR sessions:

• BIRD v2/v3: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.13

  Please note: the names of the tables where ROAs will be injected into must be RPKI4 and RPKI6.

• OpenBGPD: https://man.openbsd.org/bgpd.conf#rtr

Example configurations are reported in the rpki_rtr_config.local.BIRD and rpki_rtr_config.local.OpenBGPD files that can be found within this directory.

https://github.com/pierky/arouteserver/blob/master/examples/rpki_rtr