rpki/deploy/bird/README.md

# BIRD Minimal RTR Client Config

This folder provides a minimal BIRD setup for black-box interop testing
against this repository's RTR server defaults.

Server defaults in this repo:
- TCP: `0.0.0.0:323`
- TLS: `0.0.0.0:324`

## Files

- `Dockerfile`: builds a minimal BIRD2 runtime image.
- `bird.conf.example`: sample `/etc/bird/bird.conf`.
- `bird.conf.tls.example`: sample TLS/mTLS `/etc/bird/bird.conf`.
- `entrypoint.sh`: starts BIRD in foreground mode.
- `docker-compose.yml`: one-click local TCP test client.
- `docker-compose.tls.yml`: compose override for TLS/mTLS.

By default, the container prints periodic RPKI protocol snapshots to logs
every 5 seconds.

## Docker quick start

From repository root:

```bash
docker compose -f deploy/bird/docker-compose.yml up --build
```

Use another terminal to inspect:

```bash
docker logs -f bird-rpki-client
```

If protocol state is `up`, the RTR client path is working.

Detached mode:

```bash
docker compose -f deploy/bird/docker-compose.yml up -d --build
docker logs -f bird-rpki-client
```

Stop:

```bash
docker compose -f deploy/bird/docker-compose.yml down
```

## TLS/mTLS quick start

```bash
docker compose \
  -f deploy/bird/docker-compose.yml \
  -f deploy/bird/docker-compose.tls.yml \
  up --build
```

In detached mode, observe with:

```bash
docker logs -f bird-rpki-client
```

## Notes

- This setup targets RTR over TCP (`remote "127.0.0.1" port 323`).
- `network_mode: host` expects your RTR server to be reachable at
  `127.0.0.1:323` from the Docker host.
- TLS override mounts `../../certs` into `/etc/bird/certs`.
- Observation is controlled by env vars:
  `OBSERVE_INTERVAL` (seconds, default `5`) and `OBSERVE_PROTO`.
- If your environment does not support Docker host networking, switch to a
  bridge network and replace `remote` addresses accordingly.