Bug #15771
closedRPKI cannot be configured
100%
Description
Customer concerned that enabling/changing RPKI is not working.
When the RPKI configuration is changed, the changes appear in Services > FRR BGP, Status, Configuration but do not appear in vtysh show run
. No amount of restarting FRR results in the configuration. It is as if the proper RPKI bits/modules are not being loaded.
Also tested on recent 24.08 snapshot with same result.
Files
Updated by Mike Moore 2 months ago
Confirmed as well.
There are a couple of modules in FRR (pfsense) that arent working
RPKI and AgentX
I think there's one more thing but i have to dig through tickets.
Updated by Jim Pingle 2 months ago
- Status changed from New to Feedback
There are a couple problems here.
Issue #1: The check to see if RPKI is enabled isn't right so it's not defining the correct variable to enable the RPKI module for bgpd
.
Issue #2: The "known hosts" file option was removed from FRR which makes the config invalid.
The fix for the first issue is a simple correction to the test in frr.inc
:
diff --git a/usr/local/pkg/frr.inc b/usr/local/pkg/frr.inc index db3751c6f561..1a26ce2781aa 100644 --- a/usr/local/pkg/frr.inc +++ b/usr/local/pkg/frr.inc @@ -387,7 +387,7 @@ function frr_generate_config_rcfile() { } } /* BGP RPKI */ - if (config_get_path("installedpackages/{$config_key}/config/0/enablerpki")) { + if (config_get_path("installedpackages/frrbgp/config/0/enablerpki") == "on") { $frr_daemon_modules['bgpd'] .= ' -M rpki'; }
The fix for the second problem is to remove the knownhostspath
option code:
diff --git a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml index 5b2572229beb..ea8eb2c1bcd3 100644 --- a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml +++ b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml @@ -137,12 +137,6 @@ <description>Local path that includes the public key file of the router</description> <type>input</type> </field> - <field> - <fielddescr>Known Hosts Path</fielddescr> - <fieldname>knownhostspath</fieldname> - <description>Local path that includes the known hosts file</description> - <type>input</type> - </field> </fields> <custom_delete_php_command> frr_generate_config(); diff --git a/usr/local/pkg/frr/inc/frr_bgp.inc b/usr/local/pkg/frr/inc/frr_bgp.inc index cf7e0b571639..5eb51adb3bb3 100644 --- a/usr/local/pkg/frr/inc/frr_bgp.inc +++ b/usr/local/pkg/frr/inc/frr_bgp.inc @@ -848,7 +848,7 @@ function frr_bgp_generate_rpki_servers() { if (!empty($frr_bgp_rpki_cs)) { foreach ($frr_bgp_rpki_cs as $cs) { $rpki_config .= " rpki cache {$cs['cacheserver']} {$cs['port']}"; - foreach (array("username", "privkeypath", "pubkeypath", "knownhostspath") as $key) { + foreach (array("username", "privkeypath", "pubkeypath") as $key) { if (empty($cs[$key])) { continue; }
That appears to let it start and the RPKI config appears in show run
within vtysh
, but I do not have any RPKI structure to test that it actually works.
If we can get confirmation that it works, then someone can commit those changes.
Updated by Christopher Cope 2 months ago
The customer that was hitting this issue confirmed that the above patch fixed the issue for him.
Updated by Jim Pingle 2 months ago
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
Fix committed, new package should be available on Plus when it finishes building.