Bug #15771
closed
RPKI cannot be configured
100%
Description
Customer concerned that enabling/changing RPKI is not working.
When the RPKI configuration is changed, the changes appear in Services > FRR BGP, Status, Configuration but do not appear in vtysh show run. No amount of restarting FRR results in the configuration. It is as if the proper RPKI bits/modules are not being loaded.
Also tested on recent 24.08 snapshot with same result.
Files
Updated by Mike Moore about 1 month ago
Confirmed as well.
There are a couple of modules in FRR (pfsense) that arent working
RPKI and AgentX
I think there's one more thing but i have to dig through tickets.
Updated by Jim Pingle about 1 month ago
- Status changed from New to Feedback
There are a couple problems here.
Issue #1: The check to see if RPKI is enabled isn't right so it's not defining the correct variable to enable the RPKI module for bgpd.
Issue #2: The "known hosts" file option was removed from FRR which makes the config invalid.
The fix for the first issue is a simple correction to the test in frr.inc:
diff --git a/usr/local/pkg/frr.inc b/usr/local/pkg/frr.inc
index db3751c6f561..1a26ce2781aa 100644
--- a/usr/local/pkg/frr.inc
+++ b/usr/local/pkg/frr.inc
@@ -387,7 +387,7 @@ function frr_generate_config_rcfile() {
}
}
/* BGP RPKI */
- if (config_get_path("installedpackages/{$config_key}/config/0/enablerpki")) {
+ if (config_get_path("installedpackages/frrbgp/config/0/enablerpki") == "on") {
$frr_daemon_modules['bgpd'] .= ' -M rpki';
}
The fix for the second problem is to remove the knownhostspath option code:
diff --git a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml
index 5b2572229beb..ea8eb2c1bcd3 100644
--- a/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml
+++ b/usr/local/pkg/frr/frr_bgp_rpki_cache_servers.xml
@@ -137,12 +137,6 @@
<description>Local path that includes the public key file of the router</description>
<type>input</type>
</field>
- <field>
- <fielddescr>Known Hosts Path</fielddescr>
- <fieldname>knownhostspath</fieldname>
- <description>Local path that includes the known hosts file</description>
- <type>input</type>
- </field>
</fields>
<custom_delete_php_command>
frr_generate_config();
diff --git a/usr/local/pkg/frr/inc/frr_bgp.inc b/usr/local/pkg/frr/inc/frr_bgp.inc
index cf7e0b571639..5eb51adb3bb3 100644
--- a/usr/local/pkg/frr/inc/frr_bgp.inc
+++ b/usr/local/pkg/frr/inc/frr_bgp.inc
@@ -848,7 +848,7 @@ function frr_bgp_generate_rpki_servers() {
if (!empty($frr_bgp_rpki_cs)) {
foreach ($frr_bgp_rpki_cs as $cs) {
$rpki_config .= " rpki cache {$cs['cacheserver']} {$cs['port']}";
- foreach (array("username", "privkeypath", "pubkeypath", "knownhostspath") as $key) {
+ foreach (array("username", "privkeypath", "pubkeypath") as $key) {
if (empty($cs[$key])) {
continue;
}
That appears to let it start and the RPKI config appears in show run within vtysh, but I do not have any RPKI structure to test that it actually works.
If we can get confirmation that it works, then someone can commit those changes.
Updated by Jim Pingle about 1 month ago
- File frr_rpki.patch frr_rpki.patch added
Updated by Christopher Cope about 1 month ago
The customer that was hitting this issue confirmed that the above patch fixed the issue for him.
Updated by Jim Pingle about 1 month ago
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
Fix committed, new package should be available on Plus when it finishes building.
Updated by Marcos M about 1 month ago
- Subject changed from Enabling or changing RPKI configuration does not properly operate to RPKI cannot be configured
- Target version set to 2.8.0
- Plus Target Version set to 24.03
Updated by yon Liu about 1 month ago
Does it need to add service startup options, because in Linux system it needs to be added in daemons file ?
bgpd_options=" -A 127.0.0.1 -M rpki"