BSD Software Development

Bespoke solutions for mission-critical systems

Projects

The Route Server Support Foundation

I co-founded the Netherlands-based not-for-profit entity Stichting Route Server Support (translated: Route Server Support Foundation) to support the development of BGP & RPKI software to further the quality and safety of the Internet routing system.

RSSF contributes to the ecosystem by implementing open standards collaboratively developed in the Internet Engineering Task Force (IETF). Open Standards make it possible to create multiple different implementations for the same functionality - each implementation with its own strengths. Leveraging a diverse set of Route Server implementations reduces the chances of a single software defect causing Internet-scale problems.

The Erik Synchronisation Protocol

The Resource Public Key Infrastructure (RPKI) is a critical component of the global Internet routing system: it plays a key role in safeguarding both national and international routing infrastructure. Expedient and reliable distribution of up-to-date RPKI data helps Internet providers make better BGP routing decisions.

With the Erik Synchronization Protocol I set out to design & develop a novel HTTP-based data replication system for the RPKI using Merkle trees, content-addressable naming, and concurrency control using monotonically increasing sequence numbers. The protocol's design is intended to be efficient, fast, and easy to implement. The goal of the project is to develop the Erik Synchronization Protocol specification as an open standard and produce open-source reference implementations based on rpkitouch and rpki-client.

Rpkitouch

The rpkitouch utility is a low-level tool intended for RPKI operators. The versatile utility can inspect Canonical Cache Representation (CCR) objects, generate content-addressable filesystem hierarchies, and set the last data modification time of file to the timestamp internal to the contained RPKI object.

Visit the project's code repository here.

The rpki-client project

In 2018 we set out to create a new, high performance, secure, BSD-licensed open source, reliable, and carrier-grade RPKI validated cache. The origin story is here.

The rpki-client utility queries the Resource Public Key Infrastructure (RPKI) repository system with a built-in HTTPS client (or Rsync) to fetch all X.509 certificates, manifests, and revocation lists subordinate to a given Trust Anchor. The utility subsequently validates each Signed Object by constructing and verifying a certification path for the certificate associated with the Object (including checking relevant CRLs). Rpki-client produces lists of the Validated ROA Payloads (VRPs), BGPsec Router Keys (BRKs), and Validated ASPA Payloads (VAPs) in various formats (JSON, CCR, etc).

Rpki-client is on the forefront of innovation and used by many telecom operators around the world.