Bgp Prefix Origin Validation Based On Rpki; Configure Rpki Cache-Server - Cisco NCS 5500 Series Configuration Manual

Bgp configuration ios xr

Hide thumbs Also See for NCS 5500 Series:

Configuration manuals (268 pages)

Configuration manual (170 pages)

Hardware installation manual (146 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

BGP Prefix Origin Validation Based on RPKI

The following is a sample configuration that displays DMZ link bandwidth configuration in the receiving

(R2) router:

RP/0/RP0/CPU0:router)# show bgp ipv4 unicast 10.1.1.1/32 detail

Paths: (1 available, best #1)

Not advertised to any peer

Path #1: Received by speaker 0

Not advertised to any peer

1 3

BGP Prefix Origin Validation Based on RPKI

A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain

path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH

attribute in BGP and starts with the AS that originated the prefix.

To help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle

attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS

number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route)

needs to be verified and authorized by the prefix holder. The Resource Public Key Infrastructure (RPKI) is

an approach to build a formally verifiable database of IP addresses and AS numbers as resources. The RPKI

is a globally distributed database containing, among other things, information mapping BGP (internet) prefixes

to their authorized origin-AS numbers. Routers running BGP can connect to the RPKI to validate the origin-AS

of BGP paths.

Configure RPKI Cache-server

Perform this task to configure Resource Public Key Infrastructure (RPKI) cache-server parameters.

Configure the RPKI cache-server parameters in rpki-server configuration mode. Use the rpki server command

in router BGP configuration mode to enter into the rpki-server configuration mode

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.2.x

Received Path ID 0, Local Path ID 0, version 21

Extended community: LB:3:192

Origin-AS validity: not-found

20.0.0.2 from 20.0.0.2 (10.0.0.81)

Origin incomplete, localpref 100, valid, external, best, group-best

Received Path ID 0, Local Path ID 0, version 17

Extended community: LB:1:192

Origin-AS validity: not-found

Implementing BGP

Table of Contents

Show Quick Links

Quick Links:
Enable Bgp Routing
Chapter 3 Evpn Virtual Private Wire...
Configuring L2Vpn Evpn Address Family under...

Hide quick links:

Table of Contents

Bgp Prefix Origin Validation Based On Rpki; Configure Rpki Cache-Server - Cisco NCS 5500 Series Configuration Manual

BGP Prefix Origin Validation Based on RPKI

Configure RPKI Cache-server

Hide quick links:

Related Manuals for Cisco NCS 5500 Series

Related Content for Cisco NCS 5500 Series

Table of Contents