The peer origin-validation export command configures a peer group on the local device to perform the ROA export validation on the routes sent to the specified EBGP peer.
The undo peer origin-validation export command cancels the configuration.
By default, a peer group on the local device is disabled from performing ROA validation on the routes to be sent to EBGP peers.
| Parameter | Description | Value |
|---|---|---|
| peerGroupName |
Specifies the name of a peer group. |
The value is a string of 1 to 47 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| include-not-found |
Enables the device to send routes with the ROA validation result as Valid or Not Found to the EBGP peer. |
- |
| external |
Enables the device to send routes with the ROA validation result as Valid or Not Found (the Not Found routes are received from other ASs) to the EBGP peer. |
- |
Usage Scenario
After a device sets up a session with an RPKI server and saves the ROA data downloaded from the server, you can run the peer origin-validation export command to enable an EBGP peer group to perform ROA validation on the routes advertised to the specified EBGP peer. If a route has a match in the ROA database and the information about the source AS is consistent with that in the database, the validation result is Valid. If the information about the source AS is inconsistent, the validation result is Invalid. If the route has no match in the ROA database, the validation result is Not Found. By default, only the routes whose validation result is Valid are advertised. To advertise the routes with the validation results being Valid or Not Found, configure include-not-found. To advertise the routes with the validation results being Valid or Not Found (the Not Found routes are received from other ASs), configure include-not-found external.