Introduction to Fort

Design

Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the RPKI repositories, validates their entirety and serves the resulting ROAs for easy access by your routers.

img/design.svg

The Validator is a timer that, every once in a while, resynchronizes its local cache of the RPKI Repository, validates the resulting certificate chains and stores the resulting valid ROAs in memory. The RTR Server (which is part of the same binary) delivers these ROAs to any requesting routers.

Fort is a command-line application intended for UNIX operating systems, written in C. (It requires a compiler that supports -std=gnu11.)

Standards Compliance

Further information can be found in the subsections below.

RFC Implemented
3779 (IP & AS Extensions) 100%
6350 (vCard) 0%
6482 (ROA) 100%
6486 (Manifests) 100%
6487 (Resource Certificates & CRLs) 100%
6488 (Signed Objects) 100%
6493 (Ghostbusters) 100%
6810 (RTR Version 0) 100%
7318 (Policy Qualifiers) 100%
7935 (RPKI algorithms) 100%
8182 (RRDP) 100%
8209 (BGPSec Certificates) 100%
8210 (RTR Version 1) 100%
8360 (Validation Reconsidered) 100%
8416 (SLURM) 100%
8608 (BGPsec algorithms) 100%
8630 (TALs with HTTPS URIs) 100%

RFC 6350 (vCard)

The vCard format is only used by Ghostbusters records. 6350 defines the basic vCard format, while 6493 defines additional requirements for Ghostbusters-specific vCard.

The specific validations have been implemented, while the basic ones have not.

TO-DO

  • Reach 100% RFC compliance
  • Trigger revalidation and SLURM reload on SIGHUP.
  • Configurable origin address for outgoing requests.