Hi,
Upgraded from 8.1 to the latest 8.5 and it is now automatically connecting. No change in any configs.
Looks like something was broken, which is now fixed. Ubuntu still installs 8.1 on 22.0.4 TLS, so I’ve updated manually via the frr repositories.
Ty veryone for the assistance!
😊
--
Chris.
From: Donald Sharp <donaldsharp72@gmail.com>
Sent: Wednesday, 22 March 2023 13:50
To: Chris Knipe <cknipe@opticnetworks.net>
Cc: ch <ch@ntrv.dk>; frog@lists.frrouting.org
Subject: Re: [FROG] rpki start
sharpd@janelle:~$ sudo systemctl start frr
sharpd@janelle:~$ vtysh -c "show rpki cache-connection"
No connection to RPKI cache server.
sharpd@janelle:~$ vtysh -c "show rpki cache-connection"
Connected to group 1
rpki tcp cache rpki-validator.realmv6.org 8282 pref 1 (connected)
sharpd@janelle:~$ vtysh -c "show run" | grep -A 3 "rpki"
match rpki valid
exit
!
route-map VERIFY deny 20
match rpki invalid
exit
!
ip protocol bgp route-map DENY
--
rpki
rpki cache rpki-validator.realmv6.org 8282 preference 1
exit
!
end
I'm not sure what to say, but it works for me. I am running a version of latest from the last week or so on this box.
donald
On Wed, Mar 22, 2023 at 7:36 AM Chris Knipe <cknipe@opticnetworks.net> wrote:
Hi,
So modified the config:
service advanced-vty
service password-encryption
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
exit
Restarted FRR
za-ctn-rs01a# sh rpki cache-connection
No connection to RPKI cache server.
za-ctn-rs01a# wr mem
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
write mem removes the exit too.
service password-encryption
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
service advanced-vty
Complete config just for clarity (didn’t want to spam the list, but seems that it is needed):
frr version 8.1
frr defaults traditional
hostname za-ctn-rs01a
log syslog informational
no log unique-id
service advanced-vty
service password-encryption
no ip forwarding
no ipv6 forwarding
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
rpki
rpki polling_period 300
rpki retry_interval 10
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
exit
service advanced-vty
service password-encryption
service integrated-vtysh-config
!
ip router-id a.b.c.131
ip route 0.0.0.0/0 a.b.c.129
ip route 0.0.0.0/0 a.b.c.130 10
ip route a.b.c.0/23 Null0 tag 20
ip route a.b.c.0/24 Null0 tag 30
ip route a.b.d.0/24 Null0 tag 30
ip route e.f.g.0/24 Null0 tag 25
ipv6 route ::/0 a:b:c:6000::81
ipv6 route ::/0 a:b:c:6000::82 10
ipv6 route a:b:c::/48 Null0 tag 25
!
interface ens32
bandwidth 10000
ipv6 ospf6 area 0
exit
!
router bgp 65530
bgp router-id a.b.c.131
bgp log-neighbor-changes
bgp always-compare-med
no bgp suppress-duplicates
no bgp default ipv4-unicast
bgp cluster-id a.b.c.128
bgp disable-ebgp-connected-route-check
bgp graceful-shutdown
bgp graceful-restart
bgp route-reflector allow-outbound-policy
neighbor a.b.c.132 remote-as 65530
neighbor a.b.c.132 description ZA-JNB-RS01B
neighbor a.b.c.139 remote-as 65530
neighbor a.b.c.139 description ZA-CTN-RS01B
neighbor a.b.c.140 remote-as 65530
neighbor a.b.c.140 description ZA-JNB-RS01A
neighbor a.b.c.254 remote-as 65530
neighbor a.b.c.254 description ZA-CTN-CR01B
neighbor a.b.c.255 remote-as 65530
neighbor a.b.c.255 description ZA-CTN-CR01A
neighbor a:b:c:6000::84 remote-as 65530
neighbor a:b:c:6000::84 description ZA-JNB-RS01B
neighbor a:b:c:6000::8b remote-as 65530
neighbor a:b:c:6000::8b description ZA-CTN-RS01B
neighbor a:b:c:6000::8c remote-as 65530
neighbor a:b:c:6000::8c description ZA-JNB-RS01A
neighbor a:b:c:6000::fe remote-as 65530
neighbor a:b:c:6000::fe description ZA-CTN-CR01B
neighbor a:b:c:6000::ff remote-as 65530
neighbor a:b:c:6000::ff description ZA-CTN-CR01A
bgp fast-convergence
!
address-family ipv4 unicast
redistribute static
bgp dampening
neighbor a.b.c.132 activate
neighbor a.b.c.132 addpath-tx-all-paths
neighbor a.b.c.132 soft-reconfiguration inbound
neighbor a.b.c.132 allowas-in origin
neighbor a.b.c.132 route-map BGP-RS-OUTv4 out
neighbor a.b.c.132 attribute-unchanged next-hop
neighbor a.b.c.139 activate
neighbor a.b.c.139 addpath-tx-all-paths
neighbor a.b.c.139 soft-reconfiguration inbound
neighbor a.b.c.139 allowas-in origin
neighbor a.b.c.139 attribute-unchanged next-hop
neighbor a.b.c.254 activate
neighbor a.b.c.254 route-reflector-client
neighbor a.b.c.254 soft-reconfiguration inbound
neighbor a.b.c.254 allowas-in origin
neighbor a.b.c.254 route-map BGP-TRANS-OUTv4 out
neighbor a.b.c.255 activate
neighbor a.b.c.255 route-reflector-client
neighbor a.b.c.255 soft-reconfiguration inbound
neighbor a.b.c.255 allowas-in origin
neighbor a.b.c.255 route-map BGP-TRANS-OUTv4 out
exit-address-family
!
address-family ipv6 unicast
redistribute static
bgp dampening
neighbor a:b:c:6000::8b activate
neighbor a:b:c:6000::8b addpath-tx-all-paths
neighbor a:b:c:6000::8b soft-reconfiguration inbound
neighbor a:b:c:6000::8b allowas-in origin
neighbor a:b:c:6000::8b attribute-unchanged as-path next-hop med
neighbor a:b:c:6000::8c activate
neighbor a:b:c:6000::8c addpath-tx-all-paths
neighbor a:b:c:6000::8c soft-reconfiguration inbound
neighbor a:b:c:6000::8c allowas-in origin
neighbor a:b:c:6000::8c attribute-unchanged as-path next-hop
neighbor a:b:c:6000::fe activate
neighbor a:b:c:6000::fe route-reflector-client
neighbor a:b:c:6000::fe soft-reconfiguration inbound
neighbor a:b:c:6000::fe allowas-in origin
neighbor a:b:c:6000::fe route-map BGP-TRANS-OUTv6 out
neighbor a:b:c:6000::fe attribute-unchanged as-path next-hop med
neighbor a:b:c:6000::ff activate
neighbor a:b:c:6000::ff route-reflector-client
neighbor a:b:c:6000::ff soft-reconfiguration inbound
neighbor a:b:c:6000::ff allowas-in origin
neighbor a:b:c:6000::ff route-map BGP-TRANS-OUTv6 out
neighbor a:b:c:6000::ff attribute-unchanged as-path next-hop med
exit-address-family
exit
!
router ospf
ospf router-id a.b.c.131
log-adjacency-changes detail
compatible rfc1583
auto-cost reference-bandwidth 10000
graceful-restart
network a.b.c.128/29 area 0
capability opaque
exit
!
router ospf6
ospf6 router-id a.b.c.131
log-adjacency-changes detail
auto-cost reference-bandwidth 10000
graceful-restart
exit
!
From: Donald Sharp <donaldsharp72@gmail.com>
Sent: Wednesday, 22 March 2023 13:24
To: Chris Knipe <cknipe@opticnetworks.net>
Cc: ch <ch@ntrv.dk>; frog@lists.frrouting.org
Subject: Re: [FROG] rpki start
Add a `exit` to the end of rpki configuration section
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
exit
On Wed, Mar 22, 2023 at 5:16 AM Chris Knipe <cknipe@opticnetworks.net> wrote:
Hi,
daemons.conf:
vtysh_enable=yes
zebra_options=" -A 127.0.0.1 -s 90000000"
bgpd_options=" -A 127.0.0.1 -M rpki"
ospfd_options=" -A 127.0.0.1"
ospf6d_options=" -A ::1"
za-ctn-rs01a# sh rpki cache-server
host: rtr.rpki.cloudflare.com port: 8282
host: rtr.rpki.cloudflare.com port: 8283
za-ctn-rs01a# sh rpki cache-connection
No connection to RPKI cache server.
za-ctn-rs01a# sh ver
FRRouting 8.1 (za-ctn-rs01a).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
'--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'
config
Current configuration:
!
frr version 8.1
frr defaults traditional
hostname za-ctn-rs01a
log syslog informational
no log unique-id
service advanced-vty
service password-encryption
no ip forwarding
no ipv6 forwarding
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
service advanced-vty
service password-encryption
service integrated-vtysh-config
RPKI doesn’t do anything until I execute rpki start
za-ctn-rs01a# rpki start
za-ctn-rs01a# sh rpki cache-connection
Connected to group 2
rpki tcp cache rtr.rpki.cloudflare.com 8282 pref 2
--
C
From: Donald Sharp <donaldsharp72@gmail.com>
Sent: Wednesday, 22 March 2023 01:00
To: Chris Knipe <cknipe@opticnetworks.net>
Cc: ch <ch@ntrv.dk>; frog@lists.frrouting.org
Subject: Re: [FROG] rpki start
What does your config look like? Mine starts automatically, rpki is programmed to start it when you leave the rpki subnode
donald
On Tue, Mar 21, 2023 at 5:15 PM Chris Knipe via frog <frog@lists.frrouting.org> wrote:
---------- Forwarded message ----------
From: Chris Knipe <cknipe@opticnetworks.net>
To: ch <ch@ntrv.dk>, "frog@lists.frrouting.org" <frog@lists.frrouting.org>
Cc:
Bcc:
Date: Tue, 21 Mar 2023 19:00:29 +0000
Subject: RE: [FROG] rpki start
Hi,
>
>Or are you referring to an RPKI (caching) server FRR connects to?
>
Correct. RPKI doesn't automatically connect to the RPKI servers unless I issue a "rpki start" command.
Configuration etc. is 100%, works absolutely fine. Just doesn't automatically connect to the RPKI servers.
--
Chris.
---------- Forwarded message ----------
From: Chris Knipe via frog <frog@lists.frrouting.org>
To: ch <ch@ntrv.dk>, "frog@lists.frrouting.org" <frog@lists.frrouting.org>
Cc:
Bcc:
Date: Tue, 21 Mar 2023 19:00:29 +0000
Subject: Re: [FROG] rpki start
_______________________________________________
frog mailing list
frog@lists.frrouting.org
https://lists.frrouting.org/listinfo/frog