region-validation (RPKI view)

Function

Using the region-validation command, you can enable the area verification function.

Using the undo region-validation command, you can disable the area verification function.

By default, area authentication is disabled.

Format

region-validation

undo region-validation

Parameters

None

Views

RPKI view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
rpki write

Usage Guidelines

Usage Scenario

After the command is configured, you can add or delete various configurations of area authentication. To apply these configurations, you need to enable the area authentication function in the BGP view.

Area verification is to combine multiple trusted ASs into an area and multiple areas into an area confederation, and then check whether the routes from EBGP peers in external domains belong to the local area. In this manner, external areas are prevented from hijacking the routes in the local area.

The area authentication configuration cannot be advertised to neighbors. Different devices (or different VSs) need to be configured separately.

Precautions

The area-authentication-mode command only enables area authentication. To make the configurations take effect, you need to run the region-validation [confed-check strict] and bestroute region-validation [allow-invalid] commands in the BGP view.

Example

# Enable area authentication.
<HUAWEI> system-view
[~HUAWEI] rpki
[*HUAWEI-rpki] region-validation
[*HUAWEI-rpki-region-validation]
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >