Bug #15771
closedRPKI cannot be configured
100%
Description
Customer concerned that enabling/changing RPKI is not working.
When the RPKI configuration is changed, the changes appear in Services > FRR BGP, Status, Configuration but do not appear in vtysh show run
. No amount of restarting FRR results in the configuration. It is as if the proper RPKI bits/modules are not being loaded.
Also tested on recent 24.08 snapshot with same result.
Files
Updated by Mike Moore 17 days ago
Confirmed as well.
There are a couple of modules in FRR (pfsense) that arent working
RPKI and AgentX
I think there's one more thing but i have to dig through tickets.
Updated by Jim Pingle 16 days ago
- Status changed from New to Feedback
There are a couple problems here.
Issue #1: The check to see if RPKI is enabled isn't right so it's not defining the correct variable to enable the RPKI module for bgpd
.
Issue #2: The "known hosts" file option was removed from FRR which makes the config invalid.
The fix for the first issue is a simple correction to the test in frr.inc
:
diff --git a/usr/local/pkg/frr.inc b/usr/local/pkg/frr.inc index db3751c6f561..1a26ce2781aa 100644 --- a/usr/local/pkg/frr.inc +++ b/usr/local/pkg/frr.inc @@ -387,7 +387,7 @@ function frr_generate_config_rcfile() { } } /* BGP RPKI */ - if (config_get_path("installedpackages/{$config_key}/config/0/enablerpki")) { + if (config_get_path("installedpackages/frrbgp/config/0/enablerpki") == "on") { $frr_daemon_modules['bgpd'] .= ' -M rpki'; }
The fix for the second problem is to remove the knownhostspath
option code:
diff --git a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml index 5b2572229beb..ea8eb2c1bcd3 100644 --- a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml +++ b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml @@ -137,12 +137,6 @@ <description>Local path that includes the public key file of the router</description> <type>input</type> </field> - <field> - <fielddescr>Known Hosts Path</fielddescr> - <fieldname>knownhostspath</fieldname> - <description>Local path that includes the known hosts file</description> - <type>input</type> - </field> </fields> <custom_delete_php_command> frr_generate_config(); diff --git a/usr/local/pkg/frr/inc/frr_bgp.inc b/usr/local/pkg/frr/inc/frr_bgp.inc index cf7e0b571639..5eb51adb3bb3 100644 --- a/usr/local/pkg/frr/inc/frr_bgp.inc +++ b/usr/local/pkg/frr/inc/frr_bgp.inc @@ -848,7 +848,7 @@ function frr_bgp_generate_rpki_servers() { if (!empty($frr_bgp_rpki_cs)) { foreach ($frr_bgp_rpki_cs as $cs) { $rpki_config .= " rpki cache {$cs['cacheserver']} {$cs['port']}"; - foreach (array("username", "privkeypath", "pubkeypath", "knownhostspath") as $key) { + foreach (array("username", "privkeypath", "pubkeypath") as $key) { if (empty($cs[$key])) { continue; }
That appears to let it start and the RPKI config appears in show run
within vtysh
, but I do not have any RPKI structure to test that it actually works.
If we can get confirmation that it works, then someone can commit those changes.
Updated by Christopher Cope 16 days ago
The customer that was hitting this issue confirmed that the above patch fixed the issue for him.
Updated by Jim Pingle 15 days ago
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
Fix committed, new package should be available on Plus when it finishes building.