119 lines
3.4 KiB
Markdown
119 lines
3.4 KiB
Markdown
# Local Repository Tree Replay Package
|
|
|
|
This package replays already prepared local RPKI repository trees with
|
|
Routinator and rpki-client.
|
|
|
|
It is intentionally independent from CIR:
|
|
|
|
- it does not read `.cir`;
|
|
- it does not read `repo-bytes.db`;
|
|
- it does not call `cir_materialize`;
|
|
- it does not generate a local repository tree.
|
|
|
|
The caller must prepare the local repository/cache tree before running these
|
|
scripts.
|
|
|
|
## Contents
|
|
|
|
```text
|
|
local-repo-replay-package/
|
|
scripts/
|
|
run_routinator_from_local_tree.sh
|
|
run_rpki_client_from_local_tree.sh
|
|
run_dual_local_tree_replay.sh
|
|
prepare_tals.py
|
|
cir-rsync-wrapper
|
|
cir-local-link-sync.py
|
|
normalize_rp_outputs.py
|
|
compare_normalized_sets.py
|
|
summarize_replay.py
|
|
docs/
|
|
input_tree_requirements.md
|
|
offline_replay_limits.md
|
|
output_files.md
|
|
examples/
|
|
routinator_example.sh
|
|
rpki_client_example.sh
|
|
dual_compare_example.sh
|
|
env.example
|
|
```
|
|
|
|
## Routinator replay
|
|
|
|
```bash
|
|
./scripts/run_routinator_from_local_tree.sh \
|
|
--routinator-bin /opt/routinator/target/release/routinator \
|
|
--mirror-root /data/replay/mirror \
|
|
--tal-dir /data/replay/tals \
|
|
--out-dir /data/replay/out/routinator \
|
|
--enable-aspa
|
|
```
|
|
|
|
The script uses `--disable-rrdp`, `--rsync-command ./scripts/cir-rsync-wrapper`,
|
|
and the local mirror root to satisfy rsync fetches from the local filesystem.
|
|
The wrapper name is historical; in this package it is only a generic
|
|
`rsync://` to local-path mapper.
|
|
|
|
If `--validation-time` is needed for Routinator, set `FAKETIME_LIB` to a working
|
|
libfaketime shared library. Otherwise Routinator validates at wall-clock time.
|
|
|
|
On Ubuntu, install and use faketime like this:
|
|
|
|
```bash
|
|
sudo apt-get install -y libfaketime
|
|
export FAKETIME_LIB=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
|
|
./scripts/run_routinator_from_local_tree.sh \
|
|
--routinator-bin /opt/routinator/target/release/routinator \
|
|
--mirror-root /data/replay/mirror \
|
|
--tal-dir /data/replay/tals \
|
|
--out-dir /data/replay/out/routinator \
|
|
--validation-time 2026-05-14T06:48:00Z \
|
|
--enable-aspa
|
|
```
|
|
|
|
Without `FAKETIME_LIB`, old local trees can produce empty or smaller output
|
|
because Routinator validates manifests and CRLs against current wall-clock time.
|
|
|
|
## rpki-client replay
|
|
|
|
```bash
|
|
./scripts/run_rpki_client_from_local_tree.sh \
|
|
--rpki-client-bin /opt/rpki-client/src/rpki-client \
|
|
--mirror-root /data/replay/mirror \
|
|
--tal-dir /data/replay/tals \
|
|
--out-dir /data/replay/out/rpki-client \
|
|
--parser-workers 4
|
|
```
|
|
|
|
The script uses `rpki-client -R -e ./scripts/cir-rsync-wrapper` so RRDP is
|
|
disabled and rsync fetches are served from the local mirror. `--cache-dir` is an
|
|
optional working cache directory used by rpki-client during this local replay.
|
|
|
|
## Dual replay
|
|
|
|
```bash
|
|
./scripts/run_dual_local_tree_replay.sh \
|
|
--routinator-bin /opt/routinator/target/release/routinator \
|
|
--routinator-mirror-root /data/replay/mirror \
|
|
--rpki-client-bin /opt/rpki-client/src/rpki-client \
|
|
--rpki-client-mirror-root /data/replay/mirror \
|
|
--tal-dir /data/replay/tals \
|
|
--out-dir /data/replay/out/dual
|
|
```
|
|
|
|
If `--validation-time` is passed to dual replay, remember to export
|
|
`FAKETIME_LIB` first so Routinator and rpki-client use the same logical
|
|
validation time.
|
|
|
|
## Outputs
|
|
|
|
Each run writes normalized output:
|
|
|
|
- `vrps.normalized.txt`
|
|
- `vaps.normalized.txt`
|
|
- `summary.json`
|
|
- raw RP output and logs
|
|
- `process-time.txt`
|
|
|
|
See `docs/output_files.md`.
|