peer origin-validation export (BGP-IPv4 unicast address family view/BGP-IPv6 unicast address family view)

Function

The peer origin-validation export command configures the local device to perform ROA export validation on routes to be sent to an EBGP peer.

Using the undo peer origin-validation export command, you can cancel the configuration.

Using the peer origin-validation export disable command, you can disable the ROA-based outbound check for the routes advertised to an eBGP neighbor.

Using the undo peer origin-validation export disable command, you can cancel the configuration.

By default, a device is disabled from performing ROA check on routes before sending them to EBGP peers.

Format

peer { peerIpv4Addr | peerIpv6Addr } origin-validation export [ include-not-found [ external ] ]

peer { peerIpv4Addr | peerIpv6Addr } origin-validation export disable

undo peer { peerIpv4Addr | peerIpv6Addr } origin-validation export [ include-not-found [ external ] ]

undo peer { peerIpv4Addr | peerIpv6Addr } origin-validation export disable

Parameters

Parameter Description Value
peerIpv4Addr

Specifies the IPv4 address of a BGP peer.

The value is in dotted decimal notation.
peerIpv6Addr

Specifies the IP address of an IPv6 peer.

The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.
include-not-found

The router sends a route with the ROA check result as Valid and Not Found to the EBGP neighbor.

-
external

The router sends a route that is received from another AS and whose ROA check result is Valid or Not Found to the EBGP peer.

-

Views

BGP-IPv4 unicast address family view, BGP-IPv6 unicast address family view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bgp write

Usage Guidelines

Usage Scenario

After a device sets up a session with an RPKI server and saves the ROA data downloaded from the server, you can run the peer origin-validation export command to enable the device to perform ROA check on the routes to be advertised to an EBGP peer, if a route is matched in the ROA database and the source AS is the same as that in the database, the check result is Valid. If the source AS is different from that in the database, the check result is Invalid. If no route is matched in the ROA database, the check result is Not Found, by default, only the routes whose verification result is Valid are advertised. If you want to advertise the routes with the validation result being Valid or Not Found, you can configure the include-not-found keyword. To advertise the routes with the check result as Valid or Not Found (the Not Found routes are advertised from other ASs to the local device), you can configure the include-not-found external keyword.

Example

# Configure the local device to perform ROA check on the routes to be sent to EBGP peers.
<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 10.1.2.1 as-number 200
[*HUAWEI-bgp] ipv4-family unicast
[*HUAWEI-bgp-af-ipv4] peer 10.1.2.1 origin-validation export
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >