...
Now cached database can be used by routing filters to accept/reject prefixes based on RPKI validity. At first we need to set up filter rule which defines against which RPKI group perform the verification. After that filters are ready to match status from RPKI database. Status, can have one of three values:
- valid - database has a record and origin AS is valid.
- invalid - database has a record and origin AS is invalid.
- unknown - database does not have information of prefix and origin AS.
| Code Block | ||
|---|---|---|
| ||
/routing/filter/rule
add chain=bgp_in rule={ rpki-verify=myRpkiGroup }
add chain=bgp_in rule={ if ([rpki invalid]) then={ action reject } else={ action accept } |
...