prefix origin-validation enable (BGP-VPN instance IPv6 address family view)

Function

The prefix origin-validation enable command enables BGP origin AS validation.

The undo prefix origin-validation enable command disables BGP origin AS validation.

By default, BGP origin AS validation is disabled.

Format

prefix origin-validation enable

undo prefix origin-validation enable

Parameters

None

Views

BGP-VPN instance IPv6 address family view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bgp write

Usage Guidelines

Usage Scenario

After an RPKI session is established between a router and an RPKI server, you can run the prefix origin-validation enable command to enable BGP origin AS validation. After BGP origin AS validation is enabled, the router periodically queries Route Origin Authorizations (ROAs) from the RPKI server and matches the origin AS of each received BGP route against the ROAs. The validation result can be Valid, Not Found, or Invalid.

The BGP origin AS validation result can be applied to route selection and advertised to BGP peers.

Example

# Enable BGP origin AS validation.
<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vpna
[*HUAWEI-vpn-instance-vpna] ipv6-family
[*HUAWEI-vpn-instance-vpna-af-ipv6] quit
[*HUAWEI-vpn-instance-vpna] quit
[*HUAWEI] bgp 100
[*HUAWEI-bgp] ipv6-family vpn-instance vpna
[*HUAWEI-bgp-6-vpna] prefix origin-validation enable
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >