Project

General

Profile

Actions

Bug #15771

closed

RPKI cannot be configured

Added by Chris Linstruth 2 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
FRR
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Affected Version:
2.7.2
Affected Plus Version:
24.03
Affected Architecture:

Description

Customer concerned that enabling/changing RPKI is not working.

When the RPKI configuration is changed, the changes appear in Services > FRR BGP, Status, Configuration but do not appear in vtysh show run. No amount of restarting FRR results in the configuration. It is as if the proper RPKI bits/modules are not being loaded.

Also tested on recent 24.08 snapshot with same result.


Files

frr_rpki.patch (2.14 KB) frr_rpki.patch Jim Pingle, 10/09/2024 04:43 PM
Actions #1

Updated by Mike Moore 2 months ago

Confirmed as well.
There are a couple of modules in FRR (pfsense) that arent working
RPKI and AgentX

I think there's one more thing but i have to dig through tickets.

Actions #2

Updated by Jim Pingle 2 months ago

  • Status changed from New to Feedback

There are a couple problems here.

Issue #1: The check to see if RPKI is enabled isn't right so it's not defining the correct variable to enable the RPKI module for bgpd.

Issue #2: The "known hosts" file option was removed from FRR which makes the config invalid.

The fix for the first issue is a simple correction to the test in frr.inc:

diff --git a/usr/local/pkg/frr.inc b/usr/local/pkg/frr.inc
index db3751c6f561..1a26ce2781aa 100644
--- a/usr/local/pkg/frr.inc
+++ b/usr/local/pkg/frr.inc
@@ -387,7 +387,7 @@ function frr_generate_config_rcfile() {
                }
        }
        /* BGP RPKI */
-       if (config_get_path("installedpackages/{$config_key}/config/0/enablerpki")) {
+       if (config_get_path("installedpackages/frrbgp/config/0/enablerpki") == "on") {
                $frr_daemon_modules['bgpd'] .= ' -M rpki';
        }

The fix for the second problem is to remove the knownhostspath option code:

diff --git a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml
index 5b2572229beb..ea8eb2c1bcd3 100644
--- a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml
+++ b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml
@@ -137,12 +137,6 @@
                        <description>Local path that includes the public key file of the router</description>
                        <type>input</type>
                </field>
-               <field>
-                       <fielddescr>Known Hosts Path</fielddescr>
-                       <fieldname>knownhostspath</fieldname>
-                       <description>Local path that includes the known hosts file</description>
-                       <type>input</type>
-               </field>
        </fields>
        <custom_delete_php_command>
                frr_generate_config();
diff --git a/usr/local/pkg/frr/inc/frr_bgp.inc b/usr/local/pkg/frr/inc/frr_bgp.inc
index cf7e0b571639..5eb51adb3bb3 100644
--- a/usr/local/pkg/frr/inc/frr_bgp.inc
+++ b/usr/local/pkg/frr/inc/frr_bgp.inc
@@ -848,7 +848,7 @@ function frr_bgp_generate_rpki_servers() {
        if (!empty($frr_bgp_rpki_cs)) {
                foreach ($frr_bgp_rpki_cs as $cs) {
                        $rpki_config .= " rpki cache {$cs['cacheserver']} {$cs['port']}";
-                       foreach (array("username", "privkeypath", "pubkeypath", "knownhostspath") as $key) {
+                       foreach (array("username", "privkeypath", "pubkeypath") as $key) {
                                if (empty($cs[$key])) {
                                        continue;
                                }

That appears to let it start and the RPKI config appears in show run within vtysh, but I do not have any RPKI structure to test that it actually works.

If we can get confirmation that it works, then someone can commit those changes.

Actions #3

Updated by Jim Pingle 2 months ago

Actions #4

Updated by Christopher Cope 2 months ago

The customer that was hitting this issue confirmed that the above patch fixed the issue for him.

Actions #5

Updated by Jim Pingle 2 months ago

  • Assignee set to Jim Pingle
  • % Done changed from 0 to 100

Fix committed, new package should be available on Plus when it finishes building.

Actions #6

Updated by Marcos M 2 months ago

  • Subject changed from Enabling or changing RPKI configuration does not properly operate to RPKI cannot be configured
  • Target version set to 2.8.0
  • Plus Target Version set to 24.03
Actions #7

Updated by yon Liu 2 months ago

Does it need to add service startup options, because in Linux system it needs to be added in daemons file ?

bgpd_options=" -A 127.0.0.1 -M rpki"

Actions #8

Updated by Marcos M 2 months ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF