Installation
System Requirements
Routinator has minimal system requirements. When choosing a system, a powerful CPU is not required. Make sure you have 1GB of available memory and 4GB of disk space for the application.
Inode Usage
Please keep in mind that the RPKI consists of a great number of small files. As a result, Routinator will use a large amount of inodes. You should accommodate for at least two million inodes. This will give you ample margin for the RPKI repositories to grow over time, as adoption increases.
Alternatively, you could opt to use a file system such as ZFS, which doesn’t use inodes, or btrfs, where inodes are allocated dynamically as needed.
Tip
The df -i
command shows the amount of inodes available, used,
and free.
Firewall Configuration
As new RPKI repositories can emerge in any IP address range and on any domain name, outbound traffic must not be blocked based on IP or DNS in any way. Routinator only needs to establish outbound connections via HTTPS and rsync, on ports 443 and 873, respectively.
Binary Packages
Getting started with Routinator is really easy by installing a binary package for either Debian and Ubuntu or for Red Hat Enterprise Linux (RHEL) and compatible systems such as Rocky Linux. Alternatively, you can run with Docker.
You can also build Routinator from the source code using Cargo, Rust’s build system and package manager. Cargo lets you to run Routinator on almost any operating system and CPU architecture. Refer to the Building From Source section to get started.
To install a Routinator package, you need the 64-bit version of one of these Debian versions:
Debian Bookworm 12
Debian Bullseye 11
Packages for the amd64
/x86_64
architecture are available for
all listed versions. In addition, we offer armhf
architecture
packages for Debian/Raspbian Bullseye, and arm64
for Buster.
First update the apt package index:
sudo apt update
Then install packages to allow apt to use a repository over HTTPS:
sudo apt install \
ca-certificates \
curl \
gnupg \
lsb-release
Add the GPG key from NLnet Labs:
curl -fsSL https://packages.nlnetlabs.nl/aptkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/nlnetlabs-archive-keyring.gpg
Now, use the following command to set up the main repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/debian \
$(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nlnetlabs.list > /dev/null
Update the apt package index once more:
sudo apt update
You can now install Routinator with:
sudo apt install routinator
After installation Routinator will run immediately as the user
routinator and be configured to start at boot. By default, it will
run the RTR server on port 3323 and the HTTP server on port 8323.
These, and other values can be changed in the configuration
file located in
/etc/routinator/routinator.conf
.
You can check the status of Routinator with:
sudo systemctl status routinator
You can view the logs with:
sudo journalctl --unit=routinator
To install a Routinator package, you need the 64-bit version of one of these Ubuntu versions:
Ubuntu Jammy 22.04 (LTS)
Ubuntu Focal 20.04 (LTS)
Packages are available for the amd64
/x86_64
architecture only.
First update the apt package index:
sudo apt update
Then install packages to allow apt to use a repository over HTTPS:
sudo apt install \
ca-certificates \
curl \
gnupg \
lsb-release
Add the GPG key from NLnet Labs:
curl -fsSL https://packages.nlnetlabs.nl/aptkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/nlnetlabs-archive-keyring.gpg
Now, use the following command to set up the main repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/ubuntu \
$(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nlnetlabs.list > /dev/null
Update the apt package index once more:
sudo apt update
You can now install Routinator with:
sudo apt install routinator
After installation Routinator will run immediately as the user
routinator and be configured to start at boot. By default, it will
run the RTR server on port 3323 and the HTTP server on port 8323.
These, and other values can be changed in the configuration
file located in
/etc/routinator/routinator.conf
.
You can check the status of Routinator with:
sudo systemctl status routinator
You can view the logs with:
sudo journalctl --unit=routinator
To install a Routinator package, you need Red Hat Enterprise Linux
(RHEL) 8 or 9, or compatible operating system such as Rocky Linux.
Packages are available for the amd64
/x86_64
architecture only.
First create a file named /etc/yum.repos.d/nlnetlabs.repo
,
enter this configuration and save it:
[nlnetlabs]
name=NLnet Labs
baseurl=https://packages.nlnetlabs.nl/linux/centos/$releasever/main/$basearch
enabled=1
Add the GPG key from NLnet Labs:
sudo rpm --import https://packages.nlnetlabs.nl/aptkey.asc
You can now install Routinator with:
sudo yum install -y routinator
After installation Routinator will run immediately as the user
routinator and be configured to start at boot. By default, it will
run the RTR server on port 3323 and the HTTP server on port 8323.
These, and other values can be changed in the configuration
file located in
/etc/routinator/routinator.conf
.
You can check the status of Routinator with:
sudo systemctl status routinator
You can view the logs with:
sudo journalctl --unit=routinator
Routinator Docker images are built with Alpine Linux. The supported
CPU architectures are shown on the Docker Hub Routinator page per Routinator
version (aka Docker “tag”) in the OS/ARCH
column.
To run Routinator as a background daemon with the default settings (RTR server on port 3323 and HTTP server on port 8323) can be done like so:
sudo docker run -d --restart=unless-stopped --name routinator \
-p 3323:3323 \
-p 8323:8323 \
nlnetlabs/routinator
Tip
If no arguments are supplied the Routinator Docker image
configures Routinator to run in server
mode, with
--rtr
3323 and --http
8323.
For backward compatibility with earlier releases it also
configures Routinator with --http
9556, the port
number allocated by the Prometheus project
for Routinator metric publication.
The Routinator container is known to run successfully run under gVisor for additional isolation.
To adjust the configuration you can pass command line arguments to
Routinator (try --help
for more information) and/or supply your
own Routinator configuration file (by mapping it from the host into
the container using -v host/path/to/routinator.conf:/etc/routinator.conf
and passing --config /etc/routinator.conf
when running the container).
For example in an IPv6 only network you could invoke Routinator like so to have it listen on IPv6 as well as IPv4:
sudo docker run <your usual arguments> \
server --rtr [::]:3323 --http [::]:8323
Note the server
command passed to Routinator. When you override the
default arguments passed to Routinator by the Docker image you must provide
all of the arguments required by Routinator. See the Manual Page for
more information.
To persist the RPKI cache data you can create a separate Docker volume and mount it into the container like so:
sudo docker volume create rpki-cache
sudo docker run <your usual arguments> \
-v rpki-cache:/home/routinator/.rpki-cache \
nlnetlabs/routinator
New in version 0.9.0: RPM packages
New in version 0.11.0: Debian packages for armhf
and arm64
architecture
New in version 0.11.2: Ubuntu packages for Jammy 22.04 (LTS)
Deprecated since version 0.12.0: routinator-init
and --accept-arin-rpa
New in version 0.13.0: Packages for Debian Bookworm 12 and RHEL 9
Updating
To update an existing Routinator installation, first update the repository using:
sudo apt update
You can use this command to get an overview of the available versions:
sudo apt policy routinator
You can upgrade an existing Routinator installation to the latest version using:
sudo apt --only-upgrade install routinator
To update an existing Routinator installation, first update the repository using:
sudo apt update
You can use this command to get an overview of the available versions:
sudo apt policy routinator
You can upgrade an existing Routinator installation to the latest version using:
sudo apt --only-upgrade install routinator
To update an existing Routinator installation, you can use this command to get an overview of the available versions:
sudo yum --showduplicates list routinator
You can update to the latest version using:
sudo yum update -y routinator
Assuming that you run Docker with image nlnetlabs/routinator, upgrading to the latest version can be done by running the following commands:
sudo docker pull nlnetlabs/routinator
sudo docker rm --force routinator
sudo docker run <your usual arguments> nlnetlabs/routinator
Installing Specific Versions
Before every new release of Routinator, one or more release candidates are provided for testing through every installation method. You can also install a specific version, if needed.
If you would like to try out release candidates of Routinator you can add the proposed repository to the existing main repository described earlier.
Assuming you already have followed the steps to install regular releases, run this command to add the additional repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/debian \
$(lsb_release -cs)-proposed main" | sudo tee /etc/apt/sources.list.d/nlnetlabs-proposed.list > /dev/null
Make sure to update the apt package index:
sudo apt update
You can now use this command to get an overview of the available versions:
sudo apt policy routinator
You can install a specific version using <package name>=<version>
,
e.g.:
sudo apt install routinator=0.13.0~rc3-1bookworm
If you would like to try out release candidates of Routinator you can add the proposed repository to the existing main repository described earlier.
Assuming you already have followed the steps to install regular releases, run this command to add the additional repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/ubuntu \
$(lsb_release -cs)-proposed main" | sudo tee /etc/apt/sources.list.d/nlnetlabs-proposed.list > /dev/null
Make sure to update the apt package index:
sudo apt update
You can now use this command to get an overview of the available versions:
sudo apt policy routinator
You can install a specific version using <package name>=<version>
,
e.g.:
sudo apt install routinator=0.13.0~rc3-1jammy
To install release candidates of Routinator, create an additional repo
file named /etc/yum.repos.d/nlnetlabs-testing.repo
, enter this
configuration and save it:
[nlnetlabs-testing]
name=NLnet Labs Testing
baseurl=https://packages.nlnetlabs.nl/linux/centos/$releasever/proposed/$basearch
enabled=1
You can use this command to get an overview of the available versions:
sudo yum --showduplicates list routinator
You can install a specific version using
<package name>-<version info>
, e.g.:
sudo yum install -y routinator-0.13.0~rc3
All release versions of Routinator, as well as release candidates and builds based on the latest main branch are available on Docker Hub.
For example, installing Routinator 0.13.0 RC3 is as simple as:
sudo docker run <your usual arguments> nlnetlabs/routinator:v0.13.0-rc3