The peer origin-validation export command configures the local device to perform ROA validation on the routes to be sent to an EBGP peer.
The undo peer origin-validation export command cancels the configuration.
The peer origin-validation export disable command disables the local device from performing ROA validation on the routes to be advertised to an EBGP peer.
The undo peer origin-validation export disable command cancels the configuration.
By default, a device is disabled from performing ROA validation on the routes to be advertised to an EBGP peer.
peer { peerIpv4Addr | peerIpv6Addr } origin-validation export [ include-not-found [ external ] ]
peer { peerIpv4Addr | peerIpv6Addr } origin-validation export disable
undo peer { peerIpv4Addr | peerIpv6Addr } origin-validation export [ include-not-found [ external ] ]
undo peer { peerIpv4Addr | peerIpv6Addr } origin-validation export disable
| Parameter | Description | Value |
|---|---|---|
| peerIpv4Addr |
Specifies the IPv4 address of a peer. |
The value is in dotted decimal notation. |
| peerIpv6Addr |
Specifies the IPv6 address of a peer. |
The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X. |
| include-not-found |
Configures the device to send routes with the ROA validation result as Valid or Not Found to the EBGP peer. |
- |
| external |
Configures the device to send the routes that are received from another AS and whose ROA validation result is Valid or Not Found to the EBGP peer. |
- |
Usage Scenario
After a device sets up a session with an RPKI server and saves the ROA data downloaded from the server, you can run the peer origin-validation export command to enable the device to perform ROA validation on the routes to be advertised to an EBGP peer. If a route has a match in the ROA database and the origin AS is the same as that in the database, the validation result is Valid. If the origin AS is different from that in the database, the validation result is Invalid. If a route has no match in the ROA database, the validation result is Not Found. By default, only the routes whose verification result is Valid are advertised. If you want to configure the device to advertise the routes with the validation result being Valid or Not Found, you can configure the include-not-found keyword. If you want to configure the device to advertise the routes that are received from another AS and whose validation result is Valid or Not Found, configure the include-not-found external keyword.
<HUAWEI> system-view [~HUAWEI] bgp 100 [*HUAWEI-bgp] vpn-instance vpn [*HUAWEI-bgp-instance-vpn] peer 10.1.2.1 as-number 200 [*HUAWEI-bgp-instance-vpn] quit [*HUAWEI-bgp] ipv6-family vpn-instance vpn [*HUAWEI-bgp-6-vpn] peer 10.1.2.1 enable [*HUAWEI-bgp-6-vpn] peer 10.1.2.1 origin-validation export