Local Exceptions¶
In some cases, you may want to override the global RPKI data set with your own local exceptions. For example, when a legitimate route announcement is inadvertently flagged as invalid due to a misconfigured ROA, you may want to temporarily accept it to give the operators an opportunity to resolve the issue.
You can do this by specifying route origins that should be filtered out of the output, as well as origins that should be added, in a file using JSON notation according to the SLURM standard specified in RFC 8416.
You can use this example file
as a starting point, but you can also build your own exceptions file based on
existing VRPs in the global RPKI data set using the SLURM output
format in combination with the --select-asn
and
--select-prefix
options.
See also
For example, this command will create a SLURM file that always authorises all announcements that are currently done from AS196615:
routinator vrps --format slurm --select-asn 196615
The output will look like this:
{
"slurmVersion": 1,
"validationOutputFilters": {
"prefixFilters": [ ],
"bgpsecFilters": [ ]
},
"locallyAddedAssertions": {
"prefixAssertions": [
{
"asn": 196615,
"prefix": "93.175.147.0/24",
"maxPrefixLength": 24,
"comment": "ripe"
},
{
"asn": 196615,
"prefix": "2001:7fb:fd03::/48",
"maxPrefixLength": 48,
"comment": "ripe"
},
{
"asn": 196615,
"prefix": "2001:7fb:fd04::/48",
"maxPrefixLength": 48,
"comment": "ripe"
}
],
"bgpsecAssertions": [
]
}
}
Use the --exceptions
option to refer to your file with local
exceptions. Routinator verifies that the JSON itself is valid, as well as the
specified values. The exceptions file will be re-read on every validation
run, so you can simply update the file whenever your exceptions change.
In the metrics Routinator provides, there are counters indicating how many VRPs are added and excluded from the final data set as a result of your exceptions.
Limiting Prefix Length¶
It’s possible to set the maximum length of IPv4 and IPv6 prefixes that will
be included in the VRP data set. You can set this with the
--limit-v4-len
and --limit-v6-len
options, respectively.
To illustrate this option we’ll use an extreme example:
routinator --limit-v4-len=8 --limit-v6-len=19 vrps
Now, all VRPs will be ignored that have a prefix with a length that is longer than /8 IPv4 and /19 IPv6:
ASN,IP Prefix,Max Length,Trust Anchor
AS6253,48.0.0.0/8,24,arin
AS31399,53.0.0.0/8,8,ripe
AS7922,73.0.0.0/8,8,arin
AS3320,2003::/19,19,ripe
AS5511,2a01:c000::/19,48,ripe
Note that only the prefix length itself and not the maximum prefix length value of the ROA is considered.
New in version 0.12.0.