Hi, So modified the config: service advanced-vty service password-encryption rpki rpki polling_period 1000 rpki cache rtr.rpki.cloudflare.com 8282 preference 2 rpki cache rtr.rpki.cloudflare.com 8283 preference 3 exit Restarted FRR za-ctn-rs01a# sh rpki cache-connection No connection to RPKI cache server. za-ctn-rs01a# wr mem Note: this version of vtysh never writes vtysh.conf Building Configuration... Integrated configuration saved to /etc/frr/frr.conf write mem removes the exit too. service password-encryption rpki rpki polling_period 1000 rpki cache rtr.rpki.cloudflare.com 8282 preference 2 rpki cache rtr.rpki.cloudflare.com 8283 preference 3 service advanced-vty Complete config just for clarity (didn’t want to spam the list, but seems that it is needed): frr version 8.1 frr defaults traditional hostname za-ctn-rs01a log syslog informational no log unique-id service advanced-vty service password-encryption no ip forwarding no ipv6 forwarding service advanced-vty service password-encryption service advanced-vty service password-encryption service advanced-vty service password-encryption rpki rpki polling_period 300 rpki retry_interval 10 rpki cache rtr.rpki.cloudflare.com 8282 preference 2 rpki cache rtr.rpki.cloudflare.com 8283 preference 3 exit service advanced-vty service password-encryption service integrated-vtysh-config ! ip router-id a.b.c.131 ip route 0.0.0.0/0 a.b.c.129 ip route 0.0.0.0/0 a.b.c.130 10 ip route a.b.c.0/23 Null0 tag 20 ip route a.b.c.0/24 Null0 tag 30 ip route a.b.d.0/24 Null0 tag 30 ip route e.f.g.0/24 Null0 tag 25 ipv6 route ::/0 a:b:c:6000::81 ipv6 route ::/0 a:b:c:6000::82 10 ipv6 route a:b:c::/48 Null0 tag 25 ! interface ens32 bandwidth 10000 ipv6 ospf6 area 0 exit ! router bgp 65530 bgp router-id a.b.c.131 bgp log-neighbor-changes bgp always-compare-med no bgp suppress-duplicates no bgp default ipv4-unicast bgp cluster-id a.b.c.128 bgp disable-ebgp-connected-route-check bgp graceful-shutdown bgp graceful-restart bgp route-reflector allow-outbound-policy neighbor a.b.c.132 remote-as 65530 neighbor a.b.c.132 description ZA-JNB-RS01B neighbor a.b.c.139 remote-as 65530 neighbor a.b.c.139 description ZA-CTN-RS01B neighbor a.b.c.140 remote-as 65530 neighbor a.b.c.140 description ZA-JNB-RS01A neighbor a.b.c.254 remote-as 65530 neighbor a.b.c.254 description ZA-CTN-CR01B neighbor a.b.c.255 remote-as 65530 neighbor a.b.c.255 description ZA-CTN-CR01A neighbor a:b:c:6000::84 remote-as 65530 neighbor a:b:c:6000::84 description ZA-JNB-RS01B neighbor a:b:c:6000::8b remote-as 65530 neighbor a:b:c:6000::8b description ZA-CTN-RS01B neighbor a:b:c:6000::8c remote-as 65530 neighbor a:b:c:6000::8c description ZA-JNB-RS01A neighbor a:b:c:6000::fe remote-as 65530 neighbor a:b:c:6000::fe description ZA-CTN-CR01B neighbor a:b:c:6000::ff remote-as 65530 neighbor a:b:c:6000::ff description ZA-CTN-CR01A bgp fast-convergence ! address-family ipv4 unicast redistribute static bgp dampening neighbor a.b.c.132 activate neighbor a.b.c.132 addpath-tx-all-paths neighbor a.b.c.132 soft-reconfiguration inbound neighbor a.b.c.132 allowas-in origin neighbor a.b.c.132 route-map BGP-RS-OUTv4 out neighbor a.b.c.132 attribute-unchanged next-hop neighbor a.b.c.139 activate neighbor a.b.c.139 addpath-tx-all-paths neighbor a.b.c.139 soft-reconfiguration inbound neighbor a.b.c.139 allowas-in origin neighbor a.b.c.139 attribute-unchanged next-hop neighbor a.b.c.254 activate neighbor a.b.c.254 route-reflector-client neighbor a.b.c.254 soft-reconfiguration inbound neighbor a.b.c.254 allowas-in origin neighbor a.b.c.254 route-map BGP-TRANS-OUTv4 out neighbor a.b.c.255 activate neighbor a.b.c.255 route-reflector-client neighbor a.b.c.255 soft-reconfiguration inbound neighbor a.b.c.255 allowas-in origin neighbor a.b.c.255 route-map BGP-TRANS-OUTv4 out exit-address-family ! address-family ipv6 unicast redistribute static bgp dampening neighbor a:b:c:6000::8b activate neighbor a:b:c:6000::8b addpath-tx-all-paths neighbor a:b:c:6000::8b soft-reconfiguration inbound neighbor a:b:c:6000::8b allowas-in origin neighbor a:b:c:6000::8b attribute-unchanged as-path next-hop med neighbor a:b:c:6000::8c activate neighbor a:b:c:6000::8c addpath-tx-all-paths neighbor a:b:c:6000::8c soft-reconfiguration inbound neighbor a:b:c:6000::8c allowas-in origin neighbor a:b:c:6000::8c attribute-unchanged as-path next-hop neighbor a:b:c:6000::fe activate neighbor a:b:c:6000::fe route-reflector-client neighbor a:b:c:6000::fe soft-reconfiguration inbound neighbor a:b:c:6000::fe allowas-in origin neighbor a:b:c:6000::fe route-map BGP-TRANS-OUTv6 out neighbor a:b:c:6000::fe attribute-unchanged as-path next-hop med neighbor a:b:c:6000::ff activate neighbor a:b:c:6000::ff route-reflector-client neighbor a:b:c:6000::ff soft-reconfiguration inbound neighbor a:b:c:6000::ff allowas-in origin neighbor a:b:c:6000::ff route-map BGP-TRANS-OUTv6 out neighbor a:b:c:6000::ff attribute-unchanged as-path next-hop med exit-address-family exit ! router ospf ospf router-id a.b.c.131 log-adjacency-changes detail compatible rfc1583 auto-cost reference-bandwidth 10000 graceful-restart network a.b.c.128/29 area 0 capability opaque exit ! router ospf6 ospf6 router-id a.b.c.131 log-adjacency-changes detail auto-cost reference-bandwidth 10000 graceful-restart exit ! From: Donald Sharp <donaldsharp72@gmail.com> Sent: Wednesday, 22 March 2023 13:24 To: Chris Knipe <cknipe@opticnetworks.net> Cc: ch <ch@ntrv.dk>; frog@lists.frrouting.org Subject: Re: [FROG] rpki start Add a `exit` to the end of rpki configuration section rpki rpki polling_period 1000 rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8282 preference 2 rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8283 preference 3 exit On Wed, Mar 22, 2023 at 5:16 AM Chris Knipe <cknipe@opticnetworks.net<mailto:cknipe@opticnetworks.net>> wrote: Hi, daemons.conf: vtysh_enable=yes zebra_options=" -A 127.0.0.1 -s 90000000" bgpd_options=" -A 127.0.0.1 -M rpki" ospfd_options=" -A 127.0.0.1" ospf6d_options=" -A ::1" za-ctn-rs01a# sh rpki cache-server host: rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> port: 8282 host: rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> port: 8283 za-ctn-rs01a# sh rpki cache-connection No connection to RPKI cache server. za-ctn-rs01a# sh ver FRRouting 8.1 (za-ctn-rs01a). Copyright 1996-2005 Kunihiro Ishiguro, et al. configured with: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3' config Current configuration: ! frr version 8.1 frr defaults traditional hostname za-ctn-rs01a log syslog informational no log unique-id service advanced-vty service password-encryption no ip forwarding no ipv6 forwarding service advanced-vty service password-encryption service advanced-vty service password-encryption service advanced-vty service password-encryption rpki rpki polling_period 1000 rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8282 preference 2 rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8283 preference 3 service advanced-vty service password-encryption service integrated-vtysh-config RPKI doesn’t do anything until I execute rpki start za-ctn-rs01a# rpki start za-ctn-rs01a# sh rpki cache-connection Connected to group 2 rpki tcp cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8282 pref 2 -- C From: Donald Sharp <donaldsharp72@gmail.com<mailto:donaldsharp72@gmail.com>> Sent: Wednesday, 22 March 2023 01:00 To: Chris Knipe <cknipe@opticnetworks.net<mailto:cknipe@opticnetworks.net>> Cc: ch <ch@ntrv.dk<mailto:ch@ntrv.dk>>; frog@lists.frrouting.org<mailto:frog@lists.frrouting.org> Subject: Re: [FROG] rpki start What does your config look like? Mine starts automatically, rpki is programmed to start it when you leave the rpki subnode donald On Tue, Mar 21, 2023 at 5:15 PM Chris Knipe via frog <frog@lists.frrouting.org<mailto:frog@lists.frrouting.org>> wrote: ---------- Forwarded message ---------- From: Chris Knipe <cknipe@opticnetworks.net<mailto:cknipe@opticnetworks.net>> To: ch <ch@ntrv.dk<mailto:ch@ntrv.dk>>, "frog@lists.frrouting.org<mailto:frog@lists.frrouting.org>" <frog@lists.frrouting.org<mailto:frog@lists.frrouting.org>> Cc: Bcc: Date: Tue, 21 Mar 2023 19:00:29 +0000 Subject: RE: [FROG] rpki start Hi,
Or are you referring to an RPKI (caching) server FRR connects to?
Correct. RPKI doesn't automatically connect to the RPKI servers unless I issue a "rpki start" command. Configuration etc. is 100%, works absolutely fine. Just doesn't automatically connect to the RPKI servers. -- Chris. ---------- Forwarded message ---------- From: Chris Knipe via frog <frog@lists.frrouting.org<mailto:frog@lists.frrouting.org>> To: ch <ch@ntrv.dk<mailto:ch@ntrv.dk>>, "frog@lists.frrouting.org<mailto:frog@lists.frrouting.org>" <frog@lists.frrouting.org<mailto:frog@lists.frrouting.org>> Cc: Bcc: Date: Tue, 21 Mar 2023 19:00:29 +0000 Subject: Re: [FROG] rpki start _______________________________________________ frog mailing list frog@lists.frrouting.org<mailto:frog@lists.frrouting.org> https://lists.frrouting.org/listinfo/frog