-
-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not receiving ROAs over RTR using rtrdump #950
Comments
Not sure what exactly is wrong, but to quickly answer you last question before I can find the time to do some testing: You can try rtrlib‘s |
Hi partim, Thanks for the Using The interesting thing is that |
Thank you for the confirmation. Phew! ;) I will have a look myself. My hunch would be that rtrdump and Routinator disagree about how to downgrade to a lower protocol version, ie. #919 which was fixed but will only be in the next release. |
Hi Partim, Yeap looks like your hunch is correct with Routinator and rtrdump disagreeing on the downgrade. Forcing I think this is also the reason why our router running Extreme Network SLX-OS is unable to sync with Routinator but able to with rpki-client + stayrtr due to the RTR version and not being able to downgrade to version 1 properly. Would you happen to know when the next release will come out? |
Interesting. I didn’t expect any routers to already support ASPA. I want 0.14.0 to come out fairly soon, but there are still quite a few items on the milestone – and RTRTR should really have a release first. We’ll discuss internally if we should shift some of these items and release with only the important ones left. |
That's the weird thing, reading through the documentation for the SLX-OS, it doesn't support ASPA (for now). I'll do some tcpdumps tomorrow to check what the SLX is doing when interacting with routinator. |
I’ve updated the unstable tag in Docker Hub. Perhaps you can try that image against the router and see if the issues go away before having to make sense of tcpdumps … |
Hi Partim, Thanks for the unstable tag release for the Routinator image! I did test it with Also, I was able to determine the issue regarding the SLX-OS not being able to connect. I can confirm it is not due to the downgrade process as I originally thought; it was due to implicit deny on the ACL affecting transit traffic between the VXLAN tunnel endpoint on our routers and the RPKI validators. In this case, should I close the issue, or should it be left open, pertaining to the downgrade of RTR protocol versions between Thanks for your help! |
Thank you for testing! Please leave the issue open – I need to test the version downgrade against rtrdump and this is a good reminder. |
Hi all!
I can confirm the HTTP service is working as expected. However when trying to connect to the RTR service using the rpki/rtrdump tool with the following command
$ sudo docker run -it --rm rpki/rtrdump -connect 192.168.x.x:3323 -file ""
It is able to connect but no vrps, aspas, bgpsec_pubkeys or roas are found (see below screenshot)
This would confirm what we are seeing on our router where it isn't able to sync.
Any advice on what might be the issue? Is there another tool that could be used to verify the routinator RTR?
The text was updated successfully, but these errors were encountered: