Krill lets organisations run delegated RPKI on their own systems as a child of one or more Regional Internet Registries (RIRs) or National Internet Registries (NIRs) simultaneously. In turn, Krill can act as a parent for business units, branches and customers.
With Krill, operators get centralised management of Route Origin Authorisations (ROAs) in an intuitive user interface.
Getting started with Krill is easy. After installation and minimal configuration, the user interface, command line interface, API and Prometheus monitoring endpoint are immediately available via the built-in web server.
If Krill is configured to run under multiple parent RIRs, Route Origin Authorisations (ROAs) can be managed as a single pool, simplifying maintenance and monitoring.
Written in the Rust programming language, Krill is extremely robust and lightweight, letting organisations run it on minimalist hardware. A publication server is included in Krill, but can also be run as an independent component. This means organisations can host certificates and ROAs themselves or let a third party, such as their RIR, do it on their behalf.
Summarising, Krill is intended for:
- Organisations which do not want to rely on the web interface of the hosted systems that the RIRs offer, but require RPKI management that is integrated with their own systems
- Organisations that need to be able to delegate RPKI to their customers or different business units, so that that they can run their own CA and manage ROAs themselves
- Organisations that manage address space from multiple RIRs. Using Krill, they can manage all ROAs for all resources seamlessly within one system
- Organisations who want to be operationally independent from their parent RIR, such as NIRs or Enterprises
Professional support services are available for both Krill and Routinator, offering premium support, consultancy hours, early security warnings under non-disclosure, as well as priority feature requests.