Introduction to Fort
Design
Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the RPKI repositories, validates their entirety and serves the resulting ROAs for easy access by your routers.
The Validator is a timer that, every once in a while, resynchronizes its local cache of the RPKI Repository, validates the resulting certificate chains and stores the resulting valid ROAs in memory. The RTR Server (which is part of the same binary) delivers these ROAs to any requesting routers.
Fort is a command-line application intended for UNIX operating systems, written in C. (It requires a compiler that supports -std=gnu11.)
Standards Compliance
Further information can be found in the subsections below.
| RFC | Implemented |
|---|---|
| 3779 (IP & AS Extensions) | 100% |
| 6350 (vCard) | 0% |
| 6482 (ROA) | 100% |
| 6486 (Manifests) | 100% |
| 6487 (Resource Certificates & CRLs) | 100% |
| 6488 (Signed Objects) | 100% |
| 6493 (Ghostbusters) | 100% |
| 6810 (RTR Version 0) | 100% |
| 7318 (Policy Qualifiers) | 100% |
| 7935 (RPKI algorithms) | 100% |
| 8182 (RRDP) | 100% |
| 8209 (BGPSec Certificates) | 0% (This code was disabled in version 1.5.2) |
| 8210 (RTR Version 1) | 100% |
| 8360 (Validation Reconsidered) | 100% |
| 8416 (SLURM) | 100% |
| 8608 (BGPsec algorithms) | 100% |
| 8630 (TALs with HTTPS URIs) | 100% |
RFC 6350 (vCard)
The vCard format is only used by Ghostbusters records. 6350 defines the basic vCard format, while 6493 defines additional requirements for Ghostbusters-specific vCard.
The specific validations have been implemented, while the basic ones have not.
TO-DO
- Reach 100% RFC compliance
- Trigger revalidation and SLURM reload on SIGHUP.
- Configurable origin address for outgoing requests.