Fwd: Help: how to enable RPKI in FRR 5?
My bad, I forgot to send the response to the list. Also I've seen that in my first mail I misplaced the RPM link. The RPM that I've installed is the same that Martin has said https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1RPKI-2... . ---------- Forwarded message --------- From: Paco Moreno <pc.moreno2099@gmail.com> Date: mar., 17 jul. 2018 a las 9:46 Subject: Re: [FROG] Help: how to enable RPKI in FRR 5? To: Martin Winter <mwinter@opensourcerouting.org> Hi Martin, thanks for your reply. I do have the RTRlib already, just as you have mentioned here and as is stated at the docs. Also, I've installed the FRR wtih RPKI package; and also I've tried by making the RPM package "manually", including the option "--enable-rpki" (the code that I've downloaded is from the branch master). Just to add more information of the problem, actually (and this is odd) the rpki commands do appear at the vtysh console as available commands: vtysh# find rpki (enable) rpki start (enable) rpki stop (enable) show rpki cache-connection (enable) show rpki cache-server (enable) show rpki prefix-table (config) rpki (config) debug rpki .... But they don't appear at the bgp daemon console whenever I connect via "telnet localhost 2605" and run the same command bgp# find rpki So, what else do you think that might be the problem? I really appreciate your help. Best regards, Francisco Moreno El mar., 17 jul. 2018 a las 9:12, Martin Winter (< mwinter@opensourcerouting.org>) escribió:
Paco,
for RPKI, you need to download the RPKI version of FRR and install the additional RTRLIB package as well.
As described on the Github release page: “For some platforms we publish RPKI enabled packages. Please be aware that you will need the RTRLIB package installed as well for the RPKI packages. You can find the RTRLIB packages on the NetDEF CI system in the RTRLIB project”
So in your case (CentOS 7), you would download the FRR with RPKI package:
https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1RPKI-2...
and the RTRLIB from
https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-38/CentOS-7-x86_64-...
Install the RTRLIB first, then the FRR package
We decided to distribute an extra package as the RTRLIB doesn’t have official package in the various distributions (i.e. CentOS 7) and requires a manual install. Tried to avoid this extra step for the majority who doesn’t need or want RPKI.
Regards, Martin Winter
On 16 Jul 2018, at 16:01, Paco Moreno wrote:
Hi there,
I've been trying to configure FRR 5.0.1 (downloaded from Github releases https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1-20180...) and also 5.1 (manually built as RPM from master branch) to use RPKI. Both cases in CentOS 7; there's no problem compiling nor executing the service with the zebra and bgpd daemons active. But when I try to use the rpki configuration (http://docs.frrouting.org/en/latest/bgp.html#enabling-rpki), this is not recognized by the application.
For example, if I place the conf at the bgpd.conf file like the example ( http://docs.frrouting.org/en/latest/bgp.html#rpki-configuration-example) nothing happens since the configuration seems to be unrecognized. After that, I've tried to configure the rpki from the terminal (using "vtysh" or by "telnet"), like this (multiple forms, probably a little desperate): bgp# rpki % [BGP] Unknown command: rpki bgp# conf term bgp(config)# rpki % [BGP] Unknown command: rpki bgp(config)# router bgp 1 bgp(config-router)# rpki % [BGP] Unknown command: rpki
I don't know if I'm missing something or what to do, could somebody here help me with this please?
Best regards, Francisco Moreno
_______________________________________________ frog mailing list frog@lists.frrouting.org https://lists.frrouting.org/listinfo/frog
Ok, just did a quick check… Is it possible that you forgot to load the rpki module? In /etc/frr/daemons.conf the bgpd line should be: bgpd_options=" --daemon -A 127.0.0.1 -M rpki" (Notice the “-M rpki” to load the rpki module) Can you check if you have this module loaded? Regards, Martin On 17 Jul 2018, at 7:53, Paco Moreno wrote:
My bad, I forgot to send the response to the list.
Also I've seen that in my first mail I misplaced the RPM link. The RPM that I've installed is the same that Martin has said https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1RPKI-2... .
---------- Forwarded message --------- From: Paco Moreno <pc.moreno2099@gmail.com> Date: mar., 17 jul. 2018 a las 9:46 Subject: Re: [FROG] Help: how to enable RPKI in FRR 5? To: Martin Winter <mwinter@opensourcerouting.org>
Hi Martin, thanks for your reply.
I do have the RTRlib already, just as you have mentioned here and as is stated at the docs. Also, I've installed the FRR wtih RPKI package; and also I've tried by making the RPM package "manually", including the option "--enable-rpki" (the code that I've downloaded is from the branch master).
Just to add more information of the problem, actually (and this is odd) the rpki commands do appear at the vtysh console as available commands: vtysh# find rpki (enable) rpki start (enable) rpki stop (enable) show rpki cache-connection (enable) show rpki cache-server (enable) show rpki prefix-table (config) rpki (config) debug rpki ....
But they don't appear at the bgp daemon console whenever I connect via "telnet localhost 2605" and run the same command bgp# find rpki
So, what else do you think that might be the problem?
I really appreciate your help.
Best regards, Francisco Moreno
El mar., 17 jul. 2018 a las 9:12, Martin Winter (< mwinter@opensourcerouting.org>) escribió:
Paco,
for RPKI, you need to download the RPKI version of FRR and install the additional RTRLIB package as well.
As described on the Github release page: “For some platforms we publish RPKI enabled packages. Please be aware that you will need the RTRLIB package installed as well for the RPKI packages. You can find the RTRLIB packages on the NetDEF CI system in the RTRLIB project”
So in your case (CentOS 7), you would download the FRR with RPKI package:
https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1RPKI-2...
and the RTRLIB from
https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-38/CentOS-7-x86_64-...
Install the RTRLIB first, then the FRR package
We decided to distribute an extra package as the RTRLIB doesn’t have official package in the various distributions (i.e. CentOS 7) and requires a manual install. Tried to avoid this extra step for the majority who doesn’t need or want RPKI.
Regards, Martin Winter
On 16 Jul 2018, at 16:01, Paco Moreno wrote:
Hi there,
I've been trying to configure FRR 5.0.1 (downloaded from Github releases https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1-20180...) and also 5.1 (manually built as RPM from master branch) to use RPKI. Both cases in CentOS 7; there's no problem compiling nor executing the service with the zebra and bgpd daemons active. But when I try to use the rpki configuration (http://docs.frrouting.org/en/latest/bgp.html#enabling-rpki), this is not recognized by the application.
For example, if I place the conf at the bgpd.conf file like the example ( http://docs.frrouting.org/en/latest/bgp.html#rpki-configuration-example) nothing happens since the configuration seems to be unrecognized. After that, I've tried to configure the rpki from the terminal (using "vtysh" or by "telnet"), like this (multiple forms, probably a little desperate): bgp# rpki % [BGP] Unknown command: rpki bgp# conf term bgp(config)# rpki % [BGP] Unknown command: rpki bgp(config)# router bgp 1 bgp(config-router)# rpki % [BGP] Unknown command: rpki
I don't know if I'm missing something or what to do, could somebody here help me with this please?
Best regards, Francisco Moreno
_______________________________________________ frog mailing list frog@lists.frrouting.org https://lists.frrouting.org/listinfo/frog
Hi Martin, Den 17/07/2018 kl. 17:54 skrev Martin Winter:
Is it possible that you forgot to load the rpki module? In /etc/frr/daemons.conf the bgpd line should be:
bgpd_options=" --daemon -A 127.0.0.1 -M rpki"
(Notice the “-M rpki” to load the rpki module) Can you check if you have this module loaded?
That did the trick on the 6x Ubuntu 18.04 VMs I am running in my lab setup. :) One Question. Is it correct the information regarding needing to append `-M rpki` in the /etc/frr/daemons.conf file is _not_ written in the users guide? I cannot seem to recall I have read this snippet of information you just provided. /Christoffer
On 17 Jul 2018, at 9:06, Christoffer Hansen wrote:
Hi Martin,
Den 17/07/2018 kl. 17:54 skrev Martin Winter:
Is it possible that you forgot to load the rpki module? In /etc/frr/daemons.conf the bgpd line should be:
bgpd_options=" --daemon -A 127.0.0.1 -M rpki"
(Notice the “-M rpki” to load the rpki module) Can you check if you have this module loaded?
That did the trick on the 6x Ubuntu 18.04 VMs I am running in my lab setup. :)
One Question. Is it correct the information regarding needing to append `-M rpki` in the /etc/frr/daemons.conf file is _not_ written in the users guide? I cannot seem to recall I have read this snippet of information you just provided.
Well, our documentation sometimes is a bit lacking. Sorry. Most community members have more coding than doc writing skills. Specially newer features seem to get ignored… That said, if someone wants to help out on the project and provide “fixes” and improvements on the doc, then we would very welcome these contributions. - Martin
Well, that was the missing configuration =) thanks! I didn't had that line in my daemon configuration. Same as Christoffer, that wasn't in the docs but is good to know it so that we can collaborate adding this missing configuration. Best regards, Francisco Moreno El mar., 17 jul. 2018 a las 11:15, Martin Winter (< mwinter@opensourcerouting.org>) escribió:
On 17 Jul 2018, at 9:06, Christoffer Hansen wrote:
Hi Martin,
Den 17/07/2018 kl. 17:54 skrev Martin Winter:
Is it possible that you forgot to load the rpki module? In /etc/frr/daemons.conf the bgpd line should be:
bgpd_options=" --daemon -A 127.0.0.1 -M rpki"
(Notice the “-M rpki” to load the rpki module) Can you check if you have this module loaded?
That did the trick on the 6x Ubuntu 18.04 VMs I am running in my lab setup. :)
One Question. Is it correct the information regarding needing to append `-M rpki` in the /etc/frr/daemons.conf file is _not_ written in the users guide? I cannot seem to recall I have read this snippet of information you just provided.
Well, our documentation sometimes is a bit lacking. Sorry. Most community members have more coding than doc writing skills. Specially newer features seem to get ignored…
That said, if someone wants to help out on the project and provide “fixes” and improvements on the doc, then we would very welcome these contributions.
- Martin
_______________________________________________ frog mailing list frog@lists.frrouting.org https://lists.frrouting.org/listinfo/frog
Hi Martin, Den 17/07/2018 kl. 18:15 skrev Martin Winter:
Well, our documentation sometimes is a bit lacking. Sorry. Most community members have more coding than doc writing skills. Specially newer features seem to get ignored…
That said, if someone wants to help out on the project and provide “fixes” and improvements on the doc, then we would very welcome these contributions.
https://github.com/FRRouting/frr/pull/2669 Kind Regards, Christoffer
Beside the updated doc (thanks Christoffer), here's a request to update the RPM build at RedHat https://github.com/FRRouting/frr/pull/2672 Regards, Francisco Moreno El mar., 17 jul. 2018 a las 11:48, Christoffer Hansen (<netravnen@gmail.com>) escribió:
Hi Martin, Den 17/07/2018 kl. 18:15 skrev Martin Winter:
Well, our documentation sometimes is a bit lacking. Sorry. Most community members have more coding than doc writing skills. Specially newer features seem to get ignored…
That said, if someone wants to help out on the project and provide “fixes” and improvements on the doc, then we would very welcome these contributions.
https://github.com/FRRouting/frr/pull/2669
Kind Regards, Christoffer
_______________________________________________ frog mailing list frog@lists.frrouting.org https://lists.frrouting.org/listinfo/frog
participants (3)
-
Christoffer Hansen -
Martin Winter -
Paco Moreno