peer origin-validation export(BGP-VPN instance IPv4 address family view/BGP-VPN instance IPv6 address family view)

Function

The peer origin-validation export command configures a peer group on the local device to perform the ROA export validation on the routes sent to the specified EBGP peer.

The undo peer origin-validation export command cancels the configuration.

By default, a peer group on the local device is disabled from performing ROA validation on the routes to be sent to EBGP peers.

Format

peer peerGroupName origin-validation export [ include-not-found [ external ] ]

undo peer peerGroupName origin-validation export [ include-not-found [ external ] ]

Parameters

Parameter	Description	Value
peerGroupName	Specifies the name of a peer group.	The value is a string of 1 to 47 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
include-not-found	Configures the device to send routes with the ROA validation result as Valid or Not Found to the EBGP peer.	-
external	Configures the device to send routes whose ROA validation result is Valid or Not Found and that are received from another AS to the EBGP peer.	-

Parameter

Description

Value

peerGroupName

Specifies the name of a peer group.

The value is a string of 1 to 47 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

include-not-found

Configures the device to send routes with the ROA validation result as Valid or Not Found to the EBGP peer.

external

Configures the device to send routes whose ROA validation result is Valid or Not Found and that are received from another AS to the EBGP peer.

Views

BGP-VPN instance IPv4 address family view, BGP-VPN instance IPv6 address family view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
bgp	write

Usage Guidelines

Usage Scenario

After a device sets up a session with an RPKI server and saves the ROA data downloaded from the server, you can run the peer origin-validation export command to enable an EBGP peer group to perform ROA validation on the routes advertised to EBGP peers. If a route has a match in the ROA database and the source AS is the same as that in the database, the validation result is Valid. If the source AS is different from that in the database, the validation result is Invalid. If the route has no match in the ROA database, the validation result is Not Found. By default, only the routes whose verification result is Valid are advertised. If you want to advertise the routes with the validation result being Valid or Not Found, you can configure the include-not-found keyword. To advertise the routes with the validation result as Valid or Not Found (the Not Found routes are advertised from other ASs to the local device), you can configure the include-not-found external keyword.

Example

# Configure an EBGP peer group to perform the ROA validation on the routes to be sent to the specified EBGP peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] vpn-instance vpn
[*HUAWEI-bgp-instance-vpn] group test external
[*HUAWEI-bgp] ipv4-family vpn-instance vpn
[*HUAWEI-bgp-vpn] peer test enable
[*HUAWEI-bgp-vpn] peer test origin-validation export