RPKI Workshop Demonstration #4
Using RPKI.NET and Creating ROAs
The RPKI Workshop Demonstration #5: Creating Users and Allocating New Resources video shows how to use the RPKI.NET graphical interface to perform a number of administrative actions to manage the RPKI.NET system. These charts on this page are intended to be used with this video.
Notes:
- It is assumed the user will be running these commands on a local copy of the RPKI Workshop virtual machine. Instructions for downloading and setting up the RPKI Workshop VM may be found in the Workshop Demonstration #2 video, Installation and Setup.
- Most user names in this video are specific to the RPKI Workshop VM and won't be used in a production environment. Similarly, the address ranges are purely for the sake of example.
- The tasks are broken down into a number of sub-tasks. Each sub-task is then divided into a number of steps. The GUI actions for each step are provided with a "Time Mark" to show where in the video each step takes place.
- The Time Marks are approximate. Most will be a couple seconds prior to the actual action taken in each step. This will hopefully provide a little context for the step prior to it actually being performed.
- The video is demonstrating how to use the GUI. Consequently, there will be some steps that are repetitive and won't necessarily be needed every time the sub-task or task is performed.
- The RPKI.NET GUI users are distinct from the Quagga users.
- Many of the commands are run in a web browser that is connected to the RPKI.NET administrative GUI. It is assumed the user has logged in to the GUI as the labuser08 user. Alternatively, the user may have logged in to the GUI as the root user, but selected the labuser08 identity.
- Other commands are run in a terminal window. There are entries in the "Thing to Click" column that say "Display Terminal Window" and "Hide Terminal Window". These are not specific controls in the RPKI.NET GUI; rather, they are actions that must be taken that depend upon the system and the user's environment. It is beyond the scope of this guide to provide details of these two actions.
| Task | Sub-Task | Time Mark | Page in GUI | Thing to Click | Text to Enter |
|---|---|---|---|---|---|
| Quagga Interface | Get state of Quagga's routing tables | 0:13 | terminal window | ||
| Login to router | 0:16 | ssh r4@trusty | |||
| enter login password | 0:21 | fnord | |||
| enter Quagga password | 0:22 | fnord | |||
| Show BGP tables | 0:25 | show ip bgp | |||
| 0:35 | Scroll to entries for 192.168.8.0 | ||||
| 65533 and 65534 routers (b0 and b1 routers) |
0:50 | ||||
| Return to RPKI.NET GUI | 1:12 | Hide terminal window | |||
| Create a ROA | 1:32 | labuser08's dashboard | "Create" button in ROAs section | ||
| Entry fields are empty | 1:35 | Create ROAs | |||
| Return to dashboard | 1:43 | browser's "back" button | |||
| 1:50 | labuser08's dashboard | "ROA" button in Unallocated Resources section | |||
| Prefix entry filled out; Fill out remainder of entries: |
1:51 | Create ROAs | |||
| enter maximum length for ROA's address block | 1:59 | 24 | |||
| enter router's ASN | 2:25 | 65533 | |||
| Preview new ROA | 2:31 | "Preview" button | |||
| Create the ROA | 2:38 | Confirm ROA Requests | "Create" button | ||
| ROA section now has a ROA; Unallocated Resources section is empty |
2:45 | labuser08's dashboard | |||
| ROA Propagation | Return to Quagga terminal | 3:02 | terminal window | Display terminal window | |
| Show BGP tables | 3:06 | show ip bgp | |||
| New ROA information has not propagated yet; (waiting a short time...) |
3:14 | Scroll to entries for 192.168.8.0 | |||
| Show BGP tables | 3:43 | show ip bgp | |||
| New ROA information has propagated | 3:48 | Scroll to entries for 192.168.8.0 | |||
| 65533 and 65534 routers have new data | 3:52 | ||||
| Discussion about effect of publishing one ROA on valid and invalid routes | 4:00 | Hide terminal window | |||
| Add ROA to Validate an Invalid Route | Explanation of loop button in ROAs section | 4:35 | labuser08's dashboard | ||
| 4:56 | loop button in ROAs section | ||||
| Prefix entry filled out; Fill out remainder of entries: |
4:59 | Create ROAs | |||
| enter maximum length for ROA's address block | 5:01 | 24 | |||
| enter ASN of other router | 5:05 | 65534 | |||
| Preview new ROA | 5:09 | "Preview" button | |||
| 5:12 | Confirm ROA Requests | "Create" button | |||
| Create Ghostbusters Record | Create a new Ghostbusters record | 5:18 | labuser08's dashboard | "Create" button in "Ghostbusters" section | |
| Fill in fields for new Ghostbuster record: | 5:28 | New Ghostbuster Request | Select a parent from Parent drop-down menu | ||
| enter Full name | 5:35 | Joe Smith | |||
| enter Email address | 5:37 | joe@superisp.com | |||
| enter Organization | 5:45 | Super ISP | |||
| Save Ghostbuster record | 5:52 | "Save" button | |||
| View new Ghostbuster record | 5:56 | labuser08's dashboard | Display terminal window | ||
| Check validity of ROAs | Show BGP tables | 6:10 | terminal window | show ip bgp | |
| 6:14 | Scroll to entries for 192.168.8.0 | ||||
| New ROA information has propagated -- 65533 and 65534 routers have valid data | 6:15 | Hide terminal window | |||
| Remove an authorization | Remove authorization for a ROA | 6:28 | labuser08's dashboard | Trashcan icon for AS 65534 in ROAs section | |
| Delete selected ROA | 6:34 | Delete ROA Request | "Delete" button | ||
| 6:40 | labuser08's dashboard | Display terminal window | |||
| Verify ROA removal | 6:45 | terminal window | show ip bgp | ||
| Show new ROA information has propagated | 6:49 | Scroll to entries for 192.168.8.0 | |||
| 65533 is valid; 65534 is invalid | 6:50 |
This document is prepared under Contract Number HSHQDC-14-C-B0035 for DHS S&T CSD
Copyright © 2016, Parsons, Inc.
All rights reserved.