feat: add rpki-enable option

natesales · Aug 21, 2021 · e536394 · e536394
1 parent 907f65c
commit e536394
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 15 deletions.
diff --git a/docs/docs/configuration.md b/docs/docs/configuration.md
@@ -33,28 +33,14 @@ sidebar_position: 3
 | default-route | bool | true |  | Add a default route |
 | accept-default | bool | false |  | Should default routes be added to the bogon list? |
 | kernel-table | int |  |  | Kernel table |
+| rpki-enable | bool | true |  | Enable RPKI RTR session |
 | peers | map[string]Peer |  |  | BGP peer configuration |
 | templates | map[string]Peer |  |  | BGP peer templates |
 | vrrp | map[string]VRRPInstance |  |  | List of VRRP instances |
 | bfd | map[string]BFDInstance |  |  | BFD instances |
 | augments | Augments |  |  | Custom configuration options |
 | optimizer | Optimizer |  |  | Route optimizer options |
 
-## Optimizer
-| Option | Type | Default | Validation | Description |
-|--------|------|---------|------------|-------------|
-| targets | []string |  |  | List of probe targets |
-| latency-threshold | uint | 100 |  | Maximum allowable latency in milliseconds |
-| packet-loss-threshold | float64 | 0.5 |  | Maximum allowable packet loss (percent) |
-| modifier | uint | 20 |  | Amount to lower local pref by for depreferred peers |
-| probe-count | int | 5 |  | Number of pings to send in each run |
-| probe-timeout | int | 1 |  | Number of seconds to wait before considering the ICMP message unanswered |
-| probe-interval | int | 120 |  | Number of seconds wait between each optimizer run |
-| cache-size | int | 15 |  | Number of probe results to store per peer |
-| probe-udp | bool | false |  | Use UDP probe (else ICMP) |
-| alert-script | string |  |  | Script to call on optimizer event |
-| exit-on-cache-full | bool | false |  | Exit optimizer on cache full |
-
 ## Peer
 | Option | Type | Default | Validation | Description |
 |--------|------|---------|------------|-------------|
@@ -146,3 +132,18 @@ sidebar_position: 3
 | statics | map[string]string |  |  | List of static routes to include in BIRD |
 | srd-communities | []string |  |  | List of communities to filter routes exported to kernel (if list is not empty, all other prefixes will not be exported) |
 
+## Optimizer
+| Option | Type | Default | Validation | Description |
+|--------|------|---------|------------|-------------|
+| targets | []string |  |  | List of probe targets |
+| latency-threshold | uint | 100 |  | Maximum allowable latency in milliseconds |
+| packet-loss-threshold | float64 | 0.5 |  | Maximum allowable packet loss (percent) |
+| modifier | uint | 20 |  | Amount to lower local pref by for depreferred peers |
+| probe-count | int | 5 |  | Number of pings to send in each run |
+| probe-timeout | int | 1 |  | Number of seconds to wait before considering the ICMP message unanswered |
+| probe-interval | int | 120 |  | Number of seconds wait between each optimizer run |
+| cache-size | int | 15 |  | Number of probe results to store per peer |
+| probe-udp | bool | false |  | Use UDP probe (else ICMP) |
+| alert-script | string |  |  | Script to call on optimizer event |
+| exit-on-cache-full | bool | false |  | Exit optimizer on cache full |
+
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -209,6 +209,7 @@ type Config struct {
 	DefaultRoute  bool   `yaml:"default-route" description:"Add a default route" default:"true"`
 	AcceptDefault bool   `yaml:"accept-default" description:"Should default routes be added to the bogon list?" default:"false"`
 	KernelTable   int    `yaml:"kernel-table" description:"Kernel table"`
+	RPKIEnable    bool   `yaml:"rpki-enable" description:"Enable RPKI RTR session" default:"true"`
 
 	Peers         map[string]*Peer         `yaml:"peers" description:"BGP peer configuration"`
 	Templates     map[string]*Peer         `yaml:"templates" description:"BGP peer templates"`

diff --git a/internal/embed/templates/global.tmpl b/internal/embed/templates/global.tmpl
@@ -171,6 +171,7 @@ function process_blackholes() {
 
 # ---- RPKI ----
 
+{{ if .RPKIEnable }}
 roa4 table rpki4;
 roa6 table rpki6;
 
@@ -185,6 +186,7 @@ protocol rpki {
   refresh keep 900;
   expire keep 172800;
 }
+{{ end }}
 
 # ---- Filter Lists ----
 # Prefix and ASN lists are adapted from https://github.com/neptune-networks/peering/blob/master/templates/bird.conf.erb and https://github.com/NLNOG/bgpfilterguide, check out those repos too!
@@ -308,13 +310,15 @@ function reject_long_as_paths() {
 }
 
 function reject_rpki_invalid() {
+  {{ if .RPKIEnable }}
   if (net.type = NET_IP4) then {
     if (roa_check(rpki6, net, bgp_path.last_nonaggregated) = ROA_INVALID) then _reject("RPKI invalid");
   }
 
   if (net.type = NET_IP6) then {
     if (roa_check(rpki4, net, bgp_path.last_nonaggregated) = ROA_INVALID) then _reject("RPKI invalid");
   }
+  {{ end }}
 }
 
 function reject_out_of_bounds_routes() {