[RPKI] RPKI on IOS-XR and VRF's

Julien Lesaint julien at titoon.net
Thu Mar 26 12:03:31 UTC 2020 

Hello,

New to this list ; I browsed the archives and did not see a follow-up on
this topic, so here is a feedback. Apologies for digging up an one year
old discussion.

It's behaving as expected on a NCS running 6.5.3.

>From Jan's initial message, it seems the route validation ("bgp
origin-as validation enable") was not enabled, which might explain why
the validation state was showing as "disabled".

Tested fine on 6.6.3 as well (NCS, A9k).

Lab configuration:

router bgp nnn
 vrf rpki
  rd 666:6660
  address-family ipv4 unicast
   bgp origin-as validation enable
   bgp origin-as validation signal ibgp
   redistribute connected
  !
  address-family ipv6 unicast
   bgp origin-as validation enable
   bgp origin-as validation signal ibgp
   redistribute connected
  !
  neighbor 66.66.66.66
   remote-as 65457
   ebgp-multihop 255
   update-source Loopback666
   session-open-mode passive-only
   address-family ipv4 unicast
    route-policy accept-all in
    route-policy accept-all-out out
    soft-reconfiguration inbound always
   !
  !
 !
!


>From an iBGP speaker:

RP/0/RP0/CPU0:PFPSW5#sh bgp vrf rpki 2.0.0.0/15
Thu Mar 26 12:41:52.339 CET
BGP routing table entry for 2.0.0.0/15, Route Distinguisher: 666:6660
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                130         130
Last Modified: Mar 26 12:41:52.825 for 00:00:00
Paths: (1 available, best #1)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Not advertised to any peer
  65457 3215
    10.10.10.18 (metric 11) from 10.10.10.18 (10.10.10.18)
      Received Label 24033 
      Origin IGP, localpref 100, valid, internal, best, group-best,
import-candidate, imported
      Received Path ID 0, Local Path ID 1, version 130
      Extended community: VALIDITY:0 RT:666:6667 
      Origin-AS validity: valid (iBGP signalled)
      Source AFI: VPNv4 Unicast, Source VRF: default, Source Route
Distinguisher: 666:6665
RP/0/RP0/CPU0:PFPSW5#

>From an eBGP speaker:

RP/0/RP0/CPU0:PFPSW5#sh bgp vrf rpki 2.0.0.0/15
Thu Mar 26 12:51:59.593 CET
BGP routing table entry for 2.0.0.0/15, Route Distinguisher: 666:6660
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                135         135
    Local Label: 64005
Last Modified: Mar 26 12:51:57.825 for 00:00:02
Paths: (2 available, best #1)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Not advertised to any peer
  65457 3215
    66.66.66.66 from 66.66.66.66 (172.16.69.1)
      Origin IGP, localpref 100, valid, external, best, group-best,
import-candidate
      Received Path ID 0, Local Path ID 1, version 135
      Extended community: RT:666:6667 
      Origin-AS validity: valid
  Path #2: Received by speaker 0
  Not advertised to any peer
  65457 3215, (received-only)
    66.66.66.66 from 66.66.66.66 (172.16.69.1)
      Origin IGP, localpref 100, valid, external
      Received Path ID 0, Local Path ID 0, version 0
      Origin-AS validity: valid
RP/0/RP0/CPU0:PFPSW5#

-- 
JL

More information about the RPKI mailing list