Krill 0.4.0 'The Krill Factor' Released

Published: Tue 03 December 2019

We are incredibly proud to introduce Krill 0.4.0 'The Krill Factor'. This release is the culmination of one and a half years of designing, building, testing and documenting our RPKI Certificate Authority (CA) and Publication Server solution.

Ready for Production Use

The first three releases of Krill were meant to test the implementation. With Krill 0.4.0 'The Krill Factor', we are confident that the software can be used reliably with all five Regional Internet Registries (RIRs) and its Route Origin Authorisations (ROAs) are correctly validated by all Relying Party software implementations. As a result, NLnet Labs is now running Krill in production under the RIPE NCC parent CA.

With Krill 0.4.0 'The Krill Factor', operators can now generate and publish RPKI cryptographic material themselves to authorise their BGP announcements. It supports running RPKI under all five RIRs simultaneously and transparently, so if you have IP address space in multiple regions you can manage it as a single pool. Krill can also delegate to child organisations or customers who, in turn, run their own CA. The built-in publication server lets operators publish certificates and ROAs from their own infrastructure. Alternatively, you can use a third party which offers RPKI publication as a service. In short, all essential functions to run RPKI yourself using Krill are now available.

Future Development

Krill can be managed using a Command Line Interface (CLI), as well as an Application Programming Interface (API). An optional web-based user interface is currently being developed as a separate project, named Lagosta. With Krill 0.4.0 'The Krill Factor' data storage and the API are now stable, allowing for seamless updates going forward. This release serves as a starting point for further development throughout 2020 and beyond, where we will work on features such as high availability and support for just-in-time authorisations integrated tightly with internal routing management.

Commercial Support

Starting with Krill 0.4.0 and Routinator 0.6.0 we are offering commercial support for our RPKI software solutions, in case this is a requirement for your organisation or if you want to support the future development of the software. The service-level agreement (SLA) contract and security policy is on par with our DNS software NSD and Unbound. End of support for the software will be publicly announced two years in advance. Krill is licensed under the Mozilla Public License 2.0. Routinator and all libraries that are built to support the RPKI toolset are licensed under the BSD 3-Clause License.

Sustainable Open Source

Once again, we would like to extend our gratitude to NIC.br, the RIPE NCC Community Projects Fund, the Dutch National Cyber Security Centre and the Mozilla Open Source Support Fund for financially supporting the development of Krill, as well as our Relying Party software package Routinator. In addition, our thanks go out to DigitalOcean for offering their cloud infrastructure for our automated test platform, Fastly for their CDN services, as well as Juniper, Cisco and Nokia for providing us with virtual routers for testing. These organisations make it possible for us to develop free, open source software in a sustainable way. Please reach out to us if you want to join this effort.

Related links:

software update