Installation

System Requirements

Routinator has minimal system requirements. When choosing a system, make sure you have 1GB of available memory and 4GB of disk space for the application. This will give you ample margin for the RPKI repositories to grow over time, as adoption increases. A powerful CPU is not required.

As new RPKI repositories can emerge in any IP address range and on any domain name, outbound traffic must not be blocked based on IP or DNS in any way. Routinator only needs to establish outbound connections via HTTPS and rsync, on ports 443 and 873, respectively.

Quick Start

New in version 0.9: RPM packages

Getting started with Routinator is really easy by installing a binary package for either Debian and Ubuntu or for Red Hat Enterprise Linux (RHEL), CentOS and Rocky Linux. The NLnet Labs software package repository currently has packages available for the amd64/x86_64 architecture only. Alternatively, you can run with Docker or build from Cargo, Rust’s build system and package manager.

Our software package repository has binary packages available for Debian 9 (stretch), 10 (buster) and 11 (bullseye).

First update the apt package index:

sudo apt update

Then install packages to allow apt to use a repository over HTTPS:

sudo apt install \
  ca-certificates \
  curl \
  gnupg \
  lsb-release

Add the GPG key from NLnet Labs:

curl -fsSL https://packages.nlnetlabs.nl/aptkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/nlnetlabs-archive-keyring.gpg

Now, use the following command to set up the main repository:

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/debian \
$(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nlnetlabs.list > /dev/null

Update the apt package index once more:

sudo apt update

You can now install Routinator with:

sudo apt install routinator

Before running Routinator for the first time, you must prepare the directory for the local RPKI cache, as well as the directory where the Trust Anchor Locator (TAL) files reside. After entering this command, follow the instructions provided about the ARIN TAL:

sudo routinator-init

After successful initialisation you can enable Routinator with:

sudo systemctl enable --now routinator

By default, Routinator will start the RTR server on port 3323 and the HTTP server on port 8323. These, and other values can be changed in the configuration file located in /etc/routinator/routinator.conf.

You can check the status of Routinator with:

sudo systemctl status routinator

You can view the logs with:

sudo journalctl --unit=routinator

Updating

To update an existing Routinator installation, first update the repository using:

sudo apt update

You can use this command to get an overview of the available versions:

sudo apt policy routinator

You can upgrade an existing Routinator installation to the latest version using:

sudo apt --only-upgrade install routinator

Installing Specific Versions

Before every new release of Routinator, one or more release candidates are provided for testing through every installation method. You can also install a specific version, if needed.

If you would like to try out release candidates of Routinator you can add the proposed repository to the existing main repository described earlier.

Assuming you already have followed the steps to install regular releases, run this command to add the additional repository:

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/debian \
$(lsb_release -cs)-proposed main" | sudo tee /etc/apt/sources.list.d/nlnetlabs-proposed.list > /dev/null

Make sure to update the apt package index:

sudo apt update

You can now use this command to get an overview of the available versions:

sudo apt policy routinator

You can install a specific version using <package name>=<version>, e.g.:

sudo apt install routinator=0.9.0~rc2-1buster

Installing From Source

There are three things you need to install and run Routinator: rsync, a C toolchain and Rust. You can install Routinator on any system where you can fulfil these requirements.

You need rsync because some RPKI repositories still use it as its main means of distribution. Some of the cryptographic primitives used by Routinator require a C toolchain. Lastly, you need Rust because that’s the programming language that Routinator has been written in.

rsync

Currently, Routinator requires the rsync executable to be in your path. Due to the nature of rsync, it is unclear which particular version you need at the very least, but whatever is being shipped with current Linux and *BSD distributions, as well as macOS should be fine. Alternatively, you can download rsync from the Samba website.

On Windows, Routinator requires the rsync version that comes with Cygwin – make sure to select rsync during the installation phase.

C Toolchain

Some of the libraries Routinator depends on require a C toolchain to be present. Your system probably has some easy way to install the minimum set of packages to build from C sources. For example, this command will install everything you need on Debian/Ubuntu:

apt install build-essential

If you are unsure, try to run cc on a command line. If there is a complaint about missing input files, you are probably good to go.

Rust

The Rust compiler runs on, and compiles to, a great number of platforms, though not all of them are equally supported. The official Rust Platform Support page provides an overview of the various support levels.

While some system distributions include Rust as system packages, Routinator relies on a relatively new version of Rust, currently 1.52 or newer. We therefore suggest to use the canonical Rust installation via a tool called rustup.

Assuming you already have curl installed, you can install rustup and Rust by simply entering:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Alternatively, visit the official Rust website for other installation methods.

You can update your Rust installation later by running:

rustup update

Building

The easiest way to get Routinator is to leave it to Cargo by saying:

cargo install --locked routinator

The command will build Routinator and install it in the same directory that Cargo itself lives in, likely $HOME/.cargo/bin. This means Routinator will be in your path, too.

Notes

In case you want to enable or disable certain features, build a statically linked Routinator, store the RPKI cache on a tmpfs file system, or you have an Operating System where special care needs to be taken, such as OpenBSD and CentOS 6, please refer to the Installation Notes.