-
Notifications
You must be signed in to change notification settings - Fork 2
Home
README v0.1 2018-03-08
The Smart Validator 2 empowers safer inter-domain routing by securing BGP.
The Smart Validator 2 is based on the RIPE NCC Certification Validator Tool, that allows you to validate objects that have been published in a public certificate repository. It is designed to assist network operators in improving their BGP routing decisions using the Resource Public Key Infrastructure (RPKI) data set. Using either preconfigured or manually added RPKI trust anchors, the Validator checks the validity of Route Origin Authorizations (ROAs) and automatically compares them to your global and local BGP stream. In the Graphical User Interface you see the protection status of BGP announcements, including our own, and possible BGP hijacks or misconfigurations. You can apply different heuristics to handle appearing conflicts and distinguish between hijack and misconfiguration.
The Smart Validator 2 has two operation modes: The Simulator mode allows you to monitor the impact of applying the RPKI protocol and your chosen heuristic to your network without really applying it. In Simulator mode, you can easily optimise your network for RPKI application and fix potential misconfigurations without the risk of losing traffic. After that you can switch to the Router mode which can connect to one or multiple routers and send them your RPKI data set to use it for their BGP routing decisions.
The following paragraph is only a brief description of the user interaction possibilities. For a more detailed description of functionality and usage of the Graphical User Interface head to the User Interface Manual.
The Dashboard provides you with all valuable information concerning BGP and RPKI. With the given numbers and graphs you can estimate the security status and amount of potentially blocked traffic in your network.
The Simulator lets you add custom prefixes and monitor if they would be protected, blocked or not affected under the currently chosen RPKI heuristic.
The Self overview page works like the Simulator. If you own a range of IP addresses, add them in the Settings so that you can assure they will be protected or at least not blocked when network operators apply RPKI.
The Conflicts page provides a full detail list of all BGP announcements that conflict with ROAs in some way, and also the lists of announcements that are blocked and of announcements that are protected by whitelist ROAs.
The Current ROA status page shows all ROAs gathered from different sources and their status, i.e. if they are blocked or whitelisted.
The Data sources page simply contains an overview of all the raw data the Smart Validator 2 uses.
The Router status shows you which routers are connected to the system and if they are online.
The Settings contain 4 areas: The overview page shows your login status. The Simulator page allows you to switch between Simulator mode and Router mode. On Conflict Handler page you can choose your heuristic that decides how the Smart Validator 2 should treat conflicts between BGP announcements and ROAs. In My Prefixes you can add IP prefixes that you own to monitor them in the Self overview page.
To run the web demo you only need an active Internet connection and a web browser (e.g. [ Google Chrome ]).
Java 8
The web demo does not need any installation. Simply open your browser and visit https://demo.smart-validator.net to run it. You can create a user account with your e-mail address under https://demo.smart-validator.net/users/sign_up to be able to view the full data set.
Launch it using: java -jar "jar name"
Both the web demo and local installation come with default configuration. For a detailed explanation of all configuration options and settings, have a look at the User Interface Manual.
GitHub repository: [https://github.com/SmartValidator/SmartValidator2]
- clone with '--recursive' flag on.
- to build - simply run: mvn clean package.
Website: [https://smart-validator.net] GitHub repository: [https://github.com/SmartValidator/SmartValidator2]
This library is distributed under the BSD License. See: [https://raw.github.com/RIPE-NCC/rpki-validator/master/LICENSE.txt]