RPKI Workshop Demonstration #2
Installation and Setup
The RPKI Workshop Demonstration #2: Installation and Setup video leads the viewer through the process of installing the RPKI workshop on a virtual machine. The charts on this page are intended to be used with this video.
Notes:
- It is assumed the user will be running these commands on a Linux system running the QEMU-KVM virtual machine manager.
- Most user names are specific to that VM and won't be used in a production environment. Similarly, the IP addresses are what is used during this configuration. Your addresses may vary.
- The tasks are broken down into a number of sub-tasks. Each sub-task is then divided into a number of steps. The GUI actions for each step are provided with a "Time Mark" to show where in the video each step takes place.
- The Time Marks are approximate. Most will be a couple seconds prior to the actual action taken in each step. This will hopefully provide a little context for the step prior to it actually being performed.
- The commands are all run in a web browser that is connected to the RPKI.NET administrative GUI.
- The sudo command is used in several places to execute commands as root. Depending upon certain issues (e.g., your system configuration, timing), you may or may not have to enter your password to use use sudo. The times a password is required in the video are noted here, but those times may not correspond to your own use.
| Task | Sub-Task | Time Mark | Page in GUI | Thing to Click | Text to Enter |
|---|---|---|---|---|---|
Initialize VM for RPKI Workshop |
Start QEMU/KVM virtual manager | 0:30 | host terminal window 1 | sudo virt-manager (and enter your password) |
|
| Create a new VM | 0:52 | VMM window | "New" button | ||
| Choose how to install O/S | 0:56 | New VM window (step 1 of 4) | select "Import existing disk image" | ||
| 1:04 | "Forward" button | ||||
| Select storage file (User must select the image file from their machine.) |
1:04 | New VM window (step 2 of 4) | "Browse" button | ||
| Choose O/S type | 1:45 | "OS type" drop-down | |||
| 1:46 | select "Linux" | ||||
| Choose version | 1:47 | "Version" drop-down | |||
| 1:50 | select "Ubuntu Trusty Tahir LTS" | ||||
| 1:54 | "Forward" button | ||||
| Leave RAM and CPU settings as is | 1:57 | New VM window (step 3 of 4) | "Forward" button | ||
| Set hostname | 2:04 | New VM window (step 4 of 4) | rpki-workshop | ||
| Complete VM initialization | 2:10 | "Finish" button | |||
| Set Up Host and RPKI Workshop VM | Workshop VM boots | 2:12 | VM console window | ||
| Provide login data for RPKI workshop host | 2:20 | ||||
| enter user | 2:22 | alice | |||
| enter password | 2:25 | rpkiworkshop | |||
| Check VM's internet address | 2:35 | ifconfig | less | |||
| Save VM's internet address to the Host O/S | 2:55 | host terminal window 1 | echo "192.168.122.102 trusty " | tee -a /etc/hosts | ||
| Login to workshop VM | 4:02 | ssh alice@trusty | |||
| enter password | 4:10 | rpkiworkshop | |||
| Demonstration of alice's root authority | 4:52 | sudo echo hi | |||
| Update RPKI certificates | 5:04 | sudo rpkic update_bpki | |||
| Connect to a Quagga Router on the Workshop VM | Create another host terminal window | host terminal window 2 | |||
| Login to a workshop Quagga router | 5:40 | ssh r3@trusty | |||
| enter r3's login password | 5:53 | fnord | |||
| Enter Quagga password | 6:00 | fnord | |||
| Get basic Quagga help | 6:10 | ? | |||
| Get help of "show" command | 6:13 | show ? | |||
| Get help of "show ip" command | 6:17 | show ip ? | |||
| Show list of existing prefixes | 6:24 | show ip bgp | |||
| Logout of Quagga router (Automatic logout from time-out) |
|||||
| Login to RPKI.net GUI interface | Enter RPKI.net GUI URL | 6:34 | browser login | https://trusty | |
| enter username | 6:53 | root | |||
| enter password | 6:57 | rpkiworkshop | |||
| Complete the login procedure | 7:00 | "Login" button | |||
| 7:01 | Handle List | ||||
| Port Forwarding for Workshop Access | Set up port forwarding to allow workshop use from other hosts | 7:14 | host terminal window 2 | ||
| Route SSH connections to port 9022 to the workshop VM's port 22 | 7:30 | sudo iptables -t net -I PREROUTING -i enp0s25 -p tcp --dport
9022 -j DNAT --to 192.168.122.102:22 (Interface and IP address are specific to the host. The user must determine the proper values for their system.) |
|||
| Enter user password for sudo access. | 8:10 | (enter your password) | |||
| Route HTTP connections to port 9443 to the workshop VM's port 443 | 8:13 | sudo iptables -t net -I PREROUTING -i enp0s25 -p tcp --dport
9443 -j DNAT --to 192.168.122.102:443 (Interface and IP address are specific to the host. The user must determine the proper values for their system.) |
This document is prepared under Contract Number HSHQDC-14-C-B0035 for DHS S&T CSD
Copyright © 2016, Parsons, Inc.
All rights reserved.