bestroute region-validation allow-invalid(BGP-IPv4 unicast address family view)

Function

The bestroute region-validation command applies the RPKI regional validation results of BGP routes to route selection. If regional validation succeeds, the route is valid and can participate in route selection. If regional validation fails, the route is invalid and cannot participate in route selection.

The undo bestroute region-validation command restores the default configuration.

The bestroute region-validation allow-invalid command applies the RPKI regional validation results of BGP routes to BGP route selection. If regional validation fails, the BGP routes are valid and the priority of the BGP routes is reduced.

The undo bestroute region-validation allow-invalid command restores the default configuration.

By default, regional validation results of BGP routes are not applied to BGP route selection.

Format

bestroute region-validation

bestroute region-validation allow-invalid

undo bestroute region-validation [ allow-invalid ]

Parameters

None

Views

BGP-IPv4 unicast address family view, BGP-IPv6 unicast address family view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bgp write

Usage Guidelines

Usage Scenario

In regional validation, multiple trusted ASs are combined into a region, and multiple regions are combined into a regional confederation. By checking whether the routes received from EBGP peers in external regions belong to the local region, regional validation prevents external areas from hijacking routes in the local region.

To improve BGP security, you can run the bestroute region-validation command to apply the RPKI regional validation results of BGP routes to route selection. If regional validation succeeds, the route is valid and can participate in route selection. If regional validation fails, the route is invalid and cannot participate in route selection. To allow the routes that fail regional validation to be valid and participate in route selection, configure the allow-invalid parameter in the command. The priority of such routes is reduced during route selection.

Example

# In the BGP-IPv4 unicast address family view, apply the RPKI regional validation results of BGP routes to route selection.
<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] ipv4-family unicast
[*HUAWEI-bgp-af-ipv4] region-validation confed-check strict
[*HUAWEI-bgp-af-ipv4] bestroute region-validation
# In the BGP-IPv4 unicast address family view, apply the RPKI regional validation results of BGP routes to route selection. If regional validation fails, the BGP routes are valid and the priority of the BGP routes is reduced.
<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] ipv4-family unicast
[*HUAWEI-bgp-af-ipv4] region-validation confed-check strict
[*HUAWEI-bgp-af-ipv4] bestroute region-validation allow-invalid
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >