[FROG] Help: how to enable RPKI in FRR 5?

Martin Winter mwinter at opensourcerouting.org
Tue Jul 17 11:54:18 EDT 2018 

Ok, just did a quick check…

Is it possible that you forgot to load the rpki module?
In /etc/frr/daemons.conf the bgpd line should be:

bgpd_options="   --daemon -A 127.0.0.1 -M rpki"

(Notice the “-M rpki” to load the rpki module)
Can you check if you have this module loaded?

Regards,
    Martin


On 17 Jul 2018, at 7:53, Paco Moreno wrote:

> My bad, I forgot to send the response to the list.
>
> Also I've seen that in my first mail I misplaced the RPM link. The RPM 
> that
> I've installed is the same that Martin has said
> https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1RPKI-2018070501.el7.centos.x86_64.rpm
>  .
>
> ---------- Forwarded message ---------
> From: Paco Moreno <pc.moreno2099 at gmail.com>
> Date: mar., 17 jul. 2018 a las 9:46
> Subject: Re: [FROG] Help: how to enable RPKI in FRR 5?
> To: Martin Winter <mwinter at opensourcerouting.org>
>
>
> Hi Martin, thanks for your reply.
>
> I do have the RTRlib already, just as you have mentioned here and as 
> is
> stated at the docs. Also, I've installed the FRR wtih RPKI package; 
> and
> also I've tried by making the RPM package "manually", including the 
> option
> "--enable-rpki" (the code that I've downloaded is from the branch 
> master).
>
> Just to add more information of the problem, actually (and this is 
> odd) the
> rpki commands do appear at the vtysh console as available commands:
> vtysh# find rpki
>  (enable)  rpki start
>  (enable)  rpki stop
>  (enable)  show rpki cache-connection
>  (enable)  show rpki cache-server
>  (enable)  show rpki prefix-table
>  (config)  rpki
>  (config)  debug rpki
>  ....
>
> But they don't appear at the bgp daemon console whenever I connect via
> "telnet localhost 2605" and run the same command
> bgp# find rpki
>
> So, what else do you think that might be the problem?
>
> I really appreciate your help.
>
> Best regards,
> Francisco Moreno
>
> El mar., 17 jul. 2018 a las 9:12, Martin Winter (<
> mwinter at opensourcerouting.org>) escribió:
>
>> Paco,
>>
>> for RPKI, you need to download the RPKI version of FRR and install 
>> the
>> additional RTRLIB package as well.
>>
>> As described on the Github release page:
>> “For some platforms we publish RPKI enabled packages. Please be 
>> aware that
>> you will need
>> the RTRLIB package installed as well for the RPKI packages. You can 
>> find
>> the RTRLIB packages
>> on the NetDEF CI system in the RTRLIB project”
>>
>> So in your case (CentOS 7), you would download the FRR with RPKI 
>> package:
>>
>> https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1RPKI-2018070501.el7.centos.x86_64.rpm
>>
>> and the RTRLIB from
>>
>> https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-38/CentOS-7-x86_64-Packages/librtr-0.5.0-1.el7.centos.x86_64.rpm
>>
>> Install the RTRLIB first, then the FRR package
>>
>> We decided to distribute an extra package as the RTRLIB doesn’t 
>> have
>> official package in the
>> various distributions (i.e. CentOS 7) and requires a manual install. 
>> Tried
>> to avoid this extra
>> step for the majority who doesn’t need or want RPKI.
>>
>> Regards,
>> Martin Winter
>>
>> On 16 Jul 2018, at 16:01, Paco Moreno wrote:
>>
>> Hi there,
>>
>> I've been trying to configure FRR 5.0.1 (downloaded from Github 
>> releases
>> https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1-2018070501.el7.centos.x86_64.rpm)
>> and also 5.1 (manually built as RPM from master branch) to use RPKI. 
>> Both
>> cases in CentOS 7; there's no problem compiling nor executing the 
>> service
>> with the zebra and bgpd daemons active. But when I try to use the 
>> rpki
>> configuration 
>> (http://docs.frrouting.org/en/latest/bgp.html#enabling-rpki),
>> this is not recognized by the application.
>>
>> For example, if I place the conf at the bgpd.conf file like the 
>> example (
>> http://docs.frrouting.org/en/latest/bgp.html#rpki-configuration-example)
>> nothing happens since the configuration seems to be unrecognized. 
>> After
>> that, I've tried to configure the rpki from the terminal (using 
>> "vtysh" or
>> by "telnet"), like this (multiple forms, probably a little 
>> desperate):
>> bgp# rpki
>> % [BGP] Unknown command: rpki
>> bgp# conf term
>> bgp(config)# rpki
>> % [BGP] Unknown command: rpki
>> bgp(config)# router bgp 1
>> bgp(config-router)# rpki
>> % [BGP] Unknown command: rpki
>>
>> I don't know if I'm missing something or what to do, could somebody 
>> here
>> help me with this please?
>>
>> Best regards,
>> Francisco Moreno
>>
>> _______________________________________________
>> frog mailing list
>> frog at lists.frrouting.org
>> https://lists.frrouting.org/listinfo/frog
>>
>>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20180717/32205156/attachment-0001.html>

More information about the frog mailing list