Our  "Origin Validation Looking Glass" is an online tool that allows users to perform queries on a database of BGP prefixes tagged with validity status {valid,invalid} that has been built in the same manner as a validating cache would.

This tool serves two main purposes. For our RPKI early adopters ir provides a way for debugging the ROAs they have created, allowing them to discover which routes would be tagged as valid or invalid by a validating router today. Also network operators can validate the information provider by prospective BGP peers and other customers when establishing new peering relationships or accepting new announcements, in a manner similar to what they do today using WHOIS and the Routing Registries

Query Automation

Starting with version 3.0.1 OVLG provides a RESTful interface well suited for query automation, and that can fully replace the manual queries performed through the traditional web form..

In the current version all answers are encoded in plain text ("Content-type: text/plain") in CSV format using pipes ('|') as delimiters. XML and JSON encodings will be added in future versions.

Using this interface queries and result processing can be easly automated, using tools like wget or curl and piping the output into shell or other scripts that can perform actions like sending alarms or using the output to automatically create access list or route maps suitable for a router.

 

REST URL Format

The REST URIs follow the following pattern:

 

http//www.labs.lacnic.net/rpkitools/looking_glass/rest/<query_scope>/<query_type>/<query_string>

 

  • query_scope can be either "all", "valid" or "invalid"
  • query_type can be any of:
    • cidr: search by CIDR blocks
    • prefix: search by prefix substring match
    • asn: search by ASN number, looking for the ASNs actually seen in BGP updates
    • asn2: search by ASN number, looking for ASNs expected from the ROAs
  • query_string is the actual string to be looked up in the database

 

Some examples of RESTful queries to OVLG follow below:

Getting all invalid prefixes contained in a given CIDR block:

The following query can be used to get all invalid routes contained inside the 190.139.0.0/16 CIDR block:

 

curl http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/190.139.0.0/16/

 

The output should resemble:

 

190.139.97.120/29|Invalid / Bad Origin AS|10834|7303|10834

190.139.106.232/29|Invalid / Bad Origin AS|10834|7303|10834

190.139.106.240/29|Invalid / Bad Origin AS|10834|7303|10834

190.139.106.248/29|Invalid / Bad Origin AS|10834|7303|10834

 

Getting al "valid" prefixes inside an IPv6 CIDR block:

 

curl -L http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/2001:13c7::/32

 

2001:13c7:7001::/48|Valid|28000

2001:13c7:7002::/48|Valid|28001

2001:13c7:7012::/47|Valid|28001