I'm using RPKI since ROS 7.xx. Never had a problem with that. One session is pointing to Routinator and the second one to Fort validator.Pay attention to the filtering order: for example you should filter first rfc5735 then RPKI with reject only, then all other filters with accept rules. Avoid using "if else accept" unless in the last filter rule.
In your example you are using "else" in the RPKI validation. This means that all the filter that follows are useless. If you have another "if else accept" before the RPKI validation the RPKI filtering is useless, because the routes are being accepted before the validation.
Code:
add chain=bgp_rpki disabled=no rule="rpki-verify groupFIRT"add chain=bgp_rpki disabled=no rule="if (rpki invalid) { reject }"In your example you are using "else" in the RPKI validation. This means that all the filter that follows are useless. If you have another "if else accept" before the RPKI validation the RPKI filtering is useless, because the routes are being accepted before the validation.
Statistics: Posted by Network5 — Thu Jan 25, 2024 11:37 pm