Installation¶
System Requirements¶
Routinator has minimal system requirements. When choosing a system, make sure you have 1GB of available memory and 4GB of disk space for the application. This will give you ample margin for the RPKI repositories to grow over time, as adoption increases. A powerful CPU is not required.
As new RPKI repositories can emerge in any IP address range and on any domain name, outbound traffic must not be blocked based on IP or DNS in any way. Routinator only needs to establish outbound connections via HTTPS and rsync, on ports 443 and 873, respectively.
Binary Packages¶
Getting started with Routinator is really easy by installing a binary package for either Debian and Ubuntu or for Red Hat Enterprise Linux (RHEL) and compatible systems such as Rocky Linux. Alternatively, you can run with Docker.
You can also build Routinator from the source code using Cargo, Rust’s build system and package manager. Cargo lets you to run Routinator on almost any operating system and CPU architecture. Refer to the Building From Source section to get started.
To install a Routinator package, you need the 64-bit version of one of these Debian versions:
Debian Bullseye 11
Debian Buster 10
Debian Stretch 9
Packages for the amd64
/x86_64
architecture are available for
all listed versions. In addition, we offer armhf
architecture
packages for Debian/Raspbian Bullseye, and arm64
for Buster.
First update the apt package index:
sudo apt update
Then install packages to allow apt to use a repository over HTTPS:
sudo apt install \
ca-certificates \
curl \
gnupg \
lsb-release
Add the GPG key from NLnet Labs:
curl -fsSL https://packages.nlnetlabs.nl/aptkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/nlnetlabs-archive-keyring.gpg
Now, use the following command to set up the main repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/debian \
$(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nlnetlabs.list > /dev/null
Update the apt package index once more:
sudo apt update
You can now install Routinator with:
sudo apt install routinator
Before running Routinator for the first time, you must prepare the directory for the local RPKI cache, as well as the directory where the Trust Anchor Locator (TAL) files reside. After entering this command, follow the instructions provided about the ARIN TAL:
sudo routinator-init
To learn more about this process refer to the Initialisation section. After successful initialisation you can enable Routinator with:
sudo systemctl enable --now routinator
By default, Routinator will start the RTR server on port 3323 and the
HTTP server on port 8323. These, and other values can be changed in
the configuration file located in
/etc/routinator/routinator.conf
.
You can check the status of Routinator with:
sudo systemctl status routinator
You can view the logs with:
sudo journalctl --unit=routinator
To install a Routinator package, you need the 64-bit version of one of these Ubuntu versions:
Ubuntu Jammy 22.04 (LTS)
Ubuntu Focal 20.04 (LTS)
Ubuntu Bionic 18.04 (LTS)
Ubuntu Xenial 16.04 (LTS)
Packages are available for the amd64
/x86_64
architecture only.
First update the apt package index:
sudo apt update
Then install packages to allow apt to use a repository over HTTPS:
sudo apt install \
ca-certificates \
curl \
gnupg \
lsb-release
Add the GPG key from NLnet Labs:
curl -fsSL https://packages.nlnetlabs.nl/aptkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/nlnetlabs-archive-keyring.gpg
Now, use the following command to set up the main repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/ubuntu \
$(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nlnetlabs.list > /dev/null
Update the apt package index once more:
sudo apt update
You can now install Routinator with:
sudo apt install routinator
Before running Routinator for the first time, you must prepare the directory for the local RPKI cache, as well as the directory where the Trust Anchor Locator (TAL) files reside. After entering this command, follow the instructions provided about the ARIN TAL:
sudo routinator-init
To learn more about this process refer to the Initialisation section. After successful initialisation you can enable Routinator with:
sudo systemctl enable --now routinator
By default, Routinator will start the RTR server on port 3323 and the
HTTP server on port 8323. These, and other values can be changed in
the configuration file located in
/etc/routinator/routinator.conf
.
You can check the status of Routinator with:
sudo systemctl status routinator
You can view the logs with:
sudo journalctl --unit=routinator
To install a Routinator package, you need Red Hat Enterprise Linux
(RHEL) 7 or 8, or compatible operating system such as Rocky Linux.
Packages are available for the amd64
/x86_64
architecture only.
First create a file named /etc/yum.repos.d/nlnetlabs.repo
,
enter this configuration and save it:
[nlnetlabs]
name=NLnet Labs
baseurl=https://packages.nlnetlabs.nl/linux/centos/$releasever/main/$basearch
enabled=1
Add the GPG key from NLnet Labs:
sudo rpm --import https://packages.nlnetlabs.nl/aptkey.asc
You can now install Routinator with:
sudo yum install -y routinator
Before running Routinator for the first time, you must prepare the directory for the local RPKI cache, as well as the directory where the Trust Anchor Locator (TAL) files reside. After entering this command, follow the instructions provided about the ARIN TAL:
sudo routinator-init
To learn more about this process refer to the Initialisation section. After successful initialisation you can enable Routinator with:
sudo systemctl enable --now routinator
By default, Routinator will start the RTR server on port 3323 and the
HTTP server on port 8323. These, and other values can be changed in
the configuration file located in
/etc/routinator/routinator.conf
.
You can check the status of Routinator with:
sudo systemctl status routinator
You can view the logs with:
sudo journalctl --unit=routinator
Routinator Docker images are built with Alpine Linux for
amd64
/x86_64
architecture.
Due to the impracticality of complying with terms and conditions in an unsupervised Docker environment, it is necessary to first review and agree to the ARIN Relying Party Agreement (RPA). If you agree, you can let the Routinator Docker image install the Trust Anchor Locator (TAL) files into a mounted volume that is later reused for the server.
First, create a Docker volume to persist the TAL files in:
sudo docker volume create routinator-tals
Then run a disposable container to install the TALs:
sudo docker run --rm -v routinator-tals:/home/routinator/.rpki-cache/tals \
nlnetlabs/routinator init -f --accept-arin-rpa
Finally, launch the detached container named routinator, exposing the RPKI-to-Router (RPKI-RTR) protocol on port 3323 and HTTP on port 8323:
sudo docker run -d --restart=unless-stopped --name routinator -p 3323:3323 \
-p 8323:8323 -v routinator-tals:/home/routinator/.rpki-cache/tals \
nlnetlabs/routinator
The Routinator container is known to run successfully run under gVisor for additional isolation.
New in version 0.9.0: RPM packages
New in version 0.11.0: Debian packages for armhf
and arm64
architecture
Updating¶
To update an existing Routinator installation, first update the repository using:
sudo apt update
You can use this command to get an overview of the available versions:
sudo apt policy routinator
You can upgrade an existing Routinator installation to the latest version using:
sudo apt --only-upgrade install routinator
To update an existing Routinator installation, first update the repository using:
sudo apt update
You can use this command to get an overview of the available versions:
sudo apt policy routinator
You can upgrade an existing Routinator installation to the latest version using:
sudo apt --only-upgrade install routinator
To update an existing Routinator installation, you can use this command to get an overview of the available versions:
sudo yum --showduplicates list routinator
You can update to the latest version using:
sudo yum update -y routinator
Upgrading to the latest version of Routinator can be done with:
docker run -it nlnetlabs/routinator:latest
Installing Specific Versions¶
Before every new release of Routinator, one or more release candidates are provided for testing through every installation method. You can also install a specific version, if needed.
If you would like to try out release candidates of Routinator you can add the proposed repository to the existing main repository described earlier.
Assuming you already have followed the steps to install regular releases, run this command to add the additional repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/debian \
$(lsb_release -cs)-proposed main" | sudo tee /etc/apt/sources.list.d/nlnetlabs-proposed.list > /dev/null
Make sure to update the apt package index:
sudo apt update
You can now use this command to get an overview of the available versions:
sudo apt policy routinator
You can install a specific version using <package name>=<version>
,
e.g.:
sudo apt install routinator=0.9.0~rc2-1buster
If you would like to try out release candidates of Routinator you can add the proposed repository to the existing main repository described earlier.
Assuming you already have followed the steps to install regular releases, run this command to add the additional repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nlnetlabs-archive-keyring.gpg] https://packages.nlnetlabs.nl/linux/ubuntu \
$(lsb_release -cs)-proposed main" | sudo tee /etc/apt/sources.list.d/nlnetlabs-proposed.list > /dev/null
Make sure to update the apt package index:
sudo apt update
You can now use this command to get an overview of the available versions:
sudo apt policy routinator
You can install a specific version using <package name>=<version>
,
e.g.:
sudo apt install routinator=0.9.0~rc2-1bionic
To install release candidates of Routinator, create an additional repo
file named /etc/yum.repos.d/nlnetlabs-testing.repo
, enter this
configuration and save it:
[nlnetlabs-testing]
name=NLnet Labs Testing
baseurl=https://packages.nlnetlabs.nl/linux/centos/$releasever/proposed/$basearch
enabled=1
You can use this command to get an overview of the available versions:
sudo yum --showduplicates list routinator
You can install a specific version using
<package name>-<version info>
, e.g.:
sudo yum install -y routinator-0.9.0~rc2
All release versions of Routinator, as well as release candidates and builds based on the latest main branch are available on Docker Hub.
For example, installing Routinator 0.9.0 RC2 is as simple as:
docker run -it nlnetlabs/routinator:v0.9.0-rc2