Krill 0.2.0 'Interkrillactic, Planetary' released

Published: Mon 21 October 2019
Last updated: Thu 21 November 2024

We are incredibly happy to introduce Krill version 0.2.0 'Interkrillactic, Planetary'. Krill is software that allows organisations to run Delegated RPKI under one or more Regional Internet Registries, i.e. ARIN, APNIC, LACNIC, AFRINIC and RIPE NCC, offering centralised and automated management of route authorisations.

If you are wondering why you didn't see an announcement of version 0.1.0 'A View to a Krill', it's because this release was for us to test the basic moving parts. This has resulted in a number of changes that are now available for you to try out and give us feedback on. In the coming weeks, we intend to do a series of releases to iron out the bugs and stabilise the functionality.

Version 0.2.0 'Interkrillactic, Planetary' was tested thoroughly under the RIPE NCC, APNIC and LACNIC parent Certificate Authorities, meaning we can successfully set up the system with a certificate containing our IP address ranges and Autonomous System Numbers. Testing with ARIN is currently ongoing, with AFRINIC planned afterwards.

Using the certificate we are now able to generate Route Origin Authorisations (ROAs) which correctly validate using almost all Relying Party software packages, including OctoRPKI, Routinator, FORT Validator, OpenBSD's rpki-client, rcynic and RIPE NCC RPKI Validator 2.x.

Despite our best efforts, RIPE NCC RPKI Validator 3.1 is currently the only software which doesn't seem to like our manifests. We will continue to investigate this issue together with the RIPE NCC and hopefully resolve it in the next release.

In addition to the interoperability testing, we also gave the Command Line Interface (CLI) a big overhaul, making it easier to use especially for users who manage one CA only. You can now use environment variables to set defaults for the Krill instance to connect to and which CA you want to operate on. Lastly, we added the --api argument which will simply print out the API call that the CLI would have made, without executing it. We plan to add proper (OpenAPI) documentation for the API, but for the moment this can help to explore it.

You can read about all the changes in the complete release notes as well as the updated documentation.

Related links:

software update