Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No connection to RPKI cache server

    FRR
    2
    3
    612
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0Y
      yon 0
      last edited by

      i have config two remote RPKI cache server port 3323 and 8282. but its all can't ecconect.

      show rpki cache-connection
      No connection to RPKI cache server.
      pf.xiaoyu.net# show rpki cache-connection
      No connection to RPKI cache server.
      pf.xiaoyu.net# show rpki prefix-table
      host: 134.195..55 port: 3323
      host: 2602:feda:      ::face port: 3323
      host: rpki-validator.realmv6.org port: 8282
      No connection to RPKI cache server.

      viktor_gV 1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate @yon 0
        last edited by

        @yon-0 unable to reproduce:

        pf100.home.arpa# show rpki cache-connection 
Connected to group 1
rpki tcp cache rpki-validator.realmv6.org 8282 pref 1
pf100.home.arpa# show rpki cache-server     
host: rpki-validator.realmv6.org port: 8282

        Please provide more details and show the /var/etc/frr/frr.conf

        yon 0Y 1 Reply Last reply Reply Quote 0
        • yon 0Y
          yon 0 @viktor_g
          last edited by

          @viktor_g said in No connection to RPKI cache server:

          /var/etc/frr/frr.conf

          cat /var/etc/frr/frr.conf
##################### DO NOT EDIT THIS FILE! ######################
###################################################################
# This file was created by an automatic configuration generator.  #
# The contents of this file will be overwritten without warning!  #
###################################################################
!
frr defaults traditional
hostname 
password 
log syslog
service integrated-vtysh-config
service password-encryption
!
ip router-id 10.50.1.254
!
ip route 240e:ff:f000::/36 pppoe0
ip route 240e:bc::/31 pppoe0
ip route 2402:4e00::/32 pppoe0
ip route 2402:4e00:1800::/40 pppoe0
ip route 240e:688::/32 pppoe0
ip route 2401:b180::/32 pppoe0
ip route 240e:96c::/32 pppoe0
ip route 2001:da8:215::/48 pppoe0
ip route 2001:da8::/32 pppoe0
ip route 2402:f000::/32 pppoe1
ip route 2408:8256:681::/48 pppoe0
ip route 2408:8256::/36 pppoe0
ip route 2408:8256::/32 pppoe0
ip route 2001:250:1001::/48 pppoe0
ip route 2001:250::/32 pppoe0
ip route 240e::/24 pppoe0
ip route 240e:358::/29 pppoe0
ip route 2409:8a55:800::/40 pppoe0
ip route 2409:8a55::/32 pppoe0
ip route 2409:8000::/20 pppoe0
ip route 2400:dd01:1032::/48 pppoe0
ip route 2400:dd00::/28 pppoe0
ip route 240d:c040::/44 pppoe0
ip route 2001:df6:f400::/48 pppoe0
ip route 2408:874c::/32 pppoe0
ip route 2408:4000::/22 pppoe0
ip route 2408:4001::/33 pppoe0
ip route 240e:83::/37 pppoe0
ip route 240e:0:9000::/37 pppoe0
!
router bgp 65105
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 bgp router-id 10.50.1.254
 timers bgp 180 300
 bgp default local-preference 100
 no bgp fast-external-failover
 no bgp network import-check
 bgp deterministic-med
 bgp always-compare-med
 bgp bestpath as-path confed
 bgp bestpath med confed
 no bgp ebgp-requires-policy
 neighbor 2a0d:2 remote-as 59753
 neighbor 2a0d:  description fr bgp
 neighbor 2a0d: update-source 2a0d:240
 neighbor 2602: remote-as 59753
 neighbor 2602:f description FMT
 neighbor 2602:fed2:7020:ca:: update-source 2602:fed2:
 neighbor 2602:fed2:7020:ca:: capability dynamic
 neighbor 2602:f  remote-as 59753
 neighbor 2602:fed description fmt2 zhu
 neighbor 2602:fed update-source 2602:fe
 neighbor 2602:f  capability dynamic
 !
 address-family ipv6 unicast
  redistribute static
  redistribute kernel
  network 2602:fed2:5021::/48
  neighbor 2a0d:2406 activate
  neighbor 2602:fed2:activate
  neighbor 2602:feda activate
  no neighbor 2a0d:240 send-community
  neighbor 2a0d:2406: next-hop-self
  neighbor 2a0d:240 soft-reconfiguration inbound
  neighbor 2a0d:240 prefix-list ipv6in in
  neighbor 2a0d:240 prefix-list myv6out out
  no neighbor 2602:fed send-community
  neighbor 2602:fed2: next-hop-self
  neighbor 2602:fed2: soft-reconfiguration inbound
  neighbor 2602:fed2 prefix-list ipv6in in
  neighbor 2602:fed2 prefix-list myv6out out
  no neighbor 2602:feda: send-community
  neighbor 2602:feda: next-hop-self
  neighbor 2602:feda soft-reconfiguration inbound
  neighbor 2602:feda: prefix-list ipv6in in
  neighbor 2602:feda: prefix-list myv6out out
 exit-address-family
 !
!
rpki
 rpki polling_period 600
 rpki expire_interval 3600
 rpki retry_interval 600
 rpki cache 134.195.121.55 3323 preference 1
 rpki cache 2602:fed 3323 preference 2
 rpki cache rpki-validator.realmv6.org 8282 preference 3
!
ipv6 prefix-list ipv6in seq 200 permit any
ipv6 prefix-list myv6out seq 50 permit 2602:fed2:5021::/48
ipv6 prefix-list myv6out seq 999 deny any
ipv6 prefix-list myv6out description my ipv6 out
!
route-map FR deny 20
 match rpki invalid
route-map FR permit 30
 set metric 5
 set local-preference 100
 match rpki notfound
route-map FR permit 50
 set metric 0
 set local-preference 110
 match rpki valid
!
line vty
!
end
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.