[FROG] rpki start

Chris Knipe cknipe at opticnetworks.net
Wed Mar 22 11:36:52 UTC 2023 

Hi,

So modified the config:
service advanced-vty
service password-encryption
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
exit

Restarted FRR
za-ctn-rs01a# sh rpki cache-connection
No connection to RPKI cache server.

za-ctn-rs01a# wr mem
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf

write mem removes the exit too.
service password-encryption
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
service advanced-vty

Complete config just for clarity (didn’t want to spam the list, but seems that it is needed):
frr version 8.1
frr defaults traditional
hostname za-ctn-rs01a
log syslog informational
no log unique-id
service advanced-vty
service password-encryption
no ip forwarding
no ipv6 forwarding
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
rpki
rpki polling_period 300
rpki retry_interval 10
rpki cache rtr.rpki.cloudflare.com 8282 preference 2
rpki cache rtr.rpki.cloudflare.com 8283 preference 3
exit
service advanced-vty
service password-encryption
service integrated-vtysh-config
!
ip router-id a.b.c.131
ip route 0.0.0.0/0 a.b.c.129
ip route 0.0.0.0/0 a.b.c.130 10
ip route a.b.c.0/23 Null0 tag 20
ip route a.b.c.0/24 Null0 tag 30
ip route a.b.d.0/24 Null0 tag 30
ip route e.f.g.0/24 Null0 tag 25
ipv6 route ::/0 a:b:c:6000::81
ipv6 route ::/0 a:b:c:6000::82 10
ipv6 route a:b:c::/48 Null0 tag 25
!
interface ens32
bandwidth 10000
ipv6 ospf6 area 0
exit
!
router bgp 65530
bgp router-id a.b.c.131
bgp log-neighbor-changes
bgp always-compare-med
no bgp suppress-duplicates
no bgp default ipv4-unicast
bgp cluster-id a.b.c.128
bgp disable-ebgp-connected-route-check
bgp graceful-shutdown
bgp graceful-restart
bgp route-reflector allow-outbound-policy
neighbor a.b.c.132 remote-as 65530
neighbor a.b.c.132 description ZA-JNB-RS01B
neighbor a.b.c.139 remote-as 65530
neighbor a.b.c.139 description ZA-CTN-RS01B
neighbor a.b.c.140 remote-as 65530
neighbor a.b.c.140 description ZA-JNB-RS01A
neighbor a.b.c.254 remote-as 65530
neighbor a.b.c.254 description ZA-CTN-CR01B
neighbor a.b.c.255 remote-as 65530
neighbor a.b.c.255 description ZA-CTN-CR01A
neighbor a:b:c:6000::84 remote-as 65530
neighbor a:b:c:6000::84 description ZA-JNB-RS01B
neighbor a:b:c:6000::8b remote-as 65530
neighbor a:b:c:6000::8b description ZA-CTN-RS01B
neighbor a:b:c:6000::8c remote-as 65530
neighbor a:b:c:6000::8c description ZA-JNB-RS01A
neighbor a:b:c:6000::fe remote-as 65530
neighbor a:b:c:6000::fe description ZA-CTN-CR01B
neighbor a:b:c:6000::ff remote-as 65530
neighbor a:b:c:6000::ff description ZA-CTN-CR01A
bgp fast-convergence
!
address-family ipv4 unicast
  redistribute static
  bgp dampening
  neighbor a.b.c.132 activate
  neighbor a.b.c.132 addpath-tx-all-paths
  neighbor a.b.c.132 soft-reconfiguration inbound
  neighbor a.b.c.132 allowas-in origin
  neighbor a.b.c.132 route-map BGP-RS-OUTv4 out
  neighbor a.b.c.132 attribute-unchanged next-hop
  neighbor a.b.c.139 activate
  neighbor a.b.c.139 addpath-tx-all-paths
  neighbor a.b.c.139 soft-reconfiguration inbound
  neighbor a.b.c.139 allowas-in origin
  neighbor a.b.c.139 attribute-unchanged next-hop
  neighbor a.b.c.254 activate
  neighbor a.b.c.254 route-reflector-client
  neighbor a.b.c.254 soft-reconfiguration inbound
  neighbor a.b.c.254 allowas-in origin
  neighbor a.b.c.254 route-map BGP-TRANS-OUTv4 out
  neighbor a.b.c.255 activate
  neighbor a.b.c.255 route-reflector-client
  neighbor a.b.c.255 soft-reconfiguration inbound
  neighbor a.b.c.255 allowas-in origin
  neighbor a.b.c.255 route-map BGP-TRANS-OUTv4 out
exit-address-family
!
address-family ipv6 unicast
  redistribute static
  bgp dampening
  neighbor a:b:c:6000::8b activate
  neighbor a:b:c:6000::8b addpath-tx-all-paths
  neighbor a:b:c:6000::8b soft-reconfiguration inbound
  neighbor a:b:c:6000::8b allowas-in origin
  neighbor a:b:c:6000::8b attribute-unchanged as-path next-hop med
  neighbor a:b:c:6000::8c activate
  neighbor a:b:c:6000::8c addpath-tx-all-paths
  neighbor a:b:c:6000::8c soft-reconfiguration inbound
  neighbor a:b:c:6000::8c allowas-in origin
  neighbor a:b:c:6000::8c attribute-unchanged as-path next-hop
 neighbor a:b:c:6000::fe activate
  neighbor a:b:c:6000::fe route-reflector-client
  neighbor a:b:c:6000::fe soft-reconfiguration inbound
  neighbor a:b:c:6000::fe allowas-in origin
  neighbor a:b:c:6000::fe route-map BGP-TRANS-OUTv6 out
  neighbor a:b:c:6000::fe attribute-unchanged as-path next-hop med
  neighbor a:b:c:6000::ff activate
  neighbor a:b:c:6000::ff route-reflector-client
  neighbor a:b:c:6000::ff soft-reconfiguration inbound
  neighbor a:b:c:6000::ff allowas-in origin
  neighbor a:b:c:6000::ff route-map BGP-TRANS-OUTv6 out
  neighbor a:b:c:6000::ff attribute-unchanged as-path next-hop med
exit-address-family
exit
!
router ospf
ospf router-id a.b.c.131
log-adjacency-changes detail
compatible rfc1583
auto-cost reference-bandwidth 10000
graceful-restart
network a.b.c.128/29 area 0
capability opaque
exit
!
router ospf6
ospf6 router-id a.b.c.131
log-adjacency-changes detail
auto-cost reference-bandwidth 10000
graceful-restart
exit
!



From: Donald Sharp <donaldsharp72 at gmail.com>
Sent: Wednesday, 22 March 2023 13:24
To: Chris Knipe <cknipe at opticnetworks.net>
Cc: ch <ch at ntrv.dk>; frog at lists.frrouting.org
Subject: Re: [FROG] rpki start

Add a `exit` to the end of rpki configuration section

rpki
   rpki polling_period 1000
   rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8282 preference 2
   rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8283 preference 3
exit

On Wed, Mar 22, 2023 at 5:16 AM Chris Knipe <cknipe at opticnetworks.net<mailto:cknipe at opticnetworks.net>> wrote:
Hi,

daemons.conf:
vtysh_enable=yes
zebra_options="  -A 127.0.0.1 -s 90000000"
bgpd_options="   -A 127.0.0.1 -M rpki"
ospfd_options="  -A 127.0.0.1"
ospf6d_options=" -A ::1"

za-ctn-rs01a# sh rpki cache-server
host: rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> port: 8282
host: rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> port: 8283
za-ctn-rs01a# sh rpki cache-connection
No connection to RPKI cache server.
za-ctn-rs01a# sh ver
FRRouting 8.1 (za-ctn-rs01a).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

config
Current configuration:
!
frr version 8.1
frr defaults traditional
hostname za-ctn-rs01a
log syslog informational
no log unique-id
service advanced-vty
service password-encryption
no ip forwarding
no ipv6 forwarding
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
service advanced-vty
service password-encryption
rpki
rpki polling_period 1000
rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8282 preference 2
rpki cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8283 preference 3
service advanced-vty
service password-encryption
service integrated-vtysh-config

RPKI doesn’t do anything until I execute rpki start
za-ctn-rs01a# rpki start
za-ctn-rs01a# sh rpki cache-connection
Connected to group 2
rpki tcp cache rtr.rpki.cloudflare.com<http://rtr.rpki.cloudflare.com> 8282 pref 2

--
C

From: Donald Sharp <donaldsharp72 at gmail.com<mailto:donaldsharp72 at gmail.com>>
Sent: Wednesday, 22 March 2023 01:00
To: Chris Knipe <cknipe at opticnetworks.net<mailto:cknipe at opticnetworks.net>>
Cc: ch <ch at ntrv.dk<mailto:ch at ntrv.dk>>; frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>
Subject: Re: [FROG] rpki start

What does your config look like?  Mine starts automatically, rpki is programmed to start it when you leave the rpki subnode

donald

On Tue, Mar 21, 2023 at 5:15 PM Chris Knipe via frog <frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>> wrote:



---------- Forwarded message ----------
From: Chris Knipe <cknipe at opticnetworks.net<mailto:cknipe at opticnetworks.net>>
To: ch <ch at ntrv.dk<mailto:ch at ntrv.dk>>, "frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>" <frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>>
Cc:
Bcc:
Date: Tue, 21 Mar 2023 19:00:29 +0000
Subject: RE: [FROG] rpki start
Hi,

>
>Or are you referring to an RPKI (caching) server FRR connects to?
>

Correct.  RPKI doesn't automatically connect to the RPKI servers unless I issue a "rpki start" command.

Configuration etc. is 100%, works absolutely fine.  Just doesn't automatically connect to the RPKI servers.

--
Chris.




---------- Forwarded message ----------
From: Chris Knipe via frog <frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>>
To: ch <ch at ntrv.dk<mailto:ch at ntrv.dk>>, "frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>" <frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>>
Cc:
Bcc:
Date: Tue, 21 Mar 2023 19:00:29 +0000
Subject: Re: [FROG] rpki start
_______________________________________________
frog mailing list
frog at lists.frrouting.org<mailto:frog at lists.frrouting.org>
https://lists.frrouting.org/listinfo/frog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20230322/f6180c32/attachment-0001.htm>

More information about the frog mailing list