I am trying to configure RPKI in Cisco ASR1001 with IOS XE, Version 03.16.03.S. I create route map and match the prefix based on RPKI validation state:
route-map ROUTE-VALIDATION permit 10
match rpki invalid
set local-preference 90
!
route-map ROUTE-VALIDATION permit 20
match rpki not-found
set local-preference 100
!
route-map ROUTE-VALIDATION permit 30
match rpki valid
set local-preference 110
and add it to the neighbor:
neighbor 202.125.97.254 route-map ROUTE-VALIDATION in
But router tag all prefix to Valid.
# show ip bgp
V*>i 1.0.64.0/18 202.125.97.254 0 110 0 4608 1221 4637 2516 7670 18144 i
V*>i 1.0.128.0/24 202.125.97.254 0 110 0 4608 1221 4637 3491 38040 23969 ?
V*>i 1.0.128.0/19 202.125.97.254 0 110 0 4608 1221 4637 3491 38040 9737 i
V*>i 1.0.128.0/18 202.125.97.254 0 110 0 4608 1221 4637 3491 38040 9737 i
# show ip bgp 1.0.64.0/18
BGP routing table entry for 1.0.64.0/18, version 1520530
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
4608 1221 4637 2516 7670 18144, (aggregated by 18144 219.118.225.17)
202.125.97.254 (metric 1) from 202.125.97.254 (202.125.97.254)
Origin IGP, metric 0, localpref 110, valid, internal, best
Community: 302000988
path 7FBDADCB8C78 RPKI State valid
rx pathid: 0, tx pathid: 0x0
Session with RPKI Cache server is completely ok:
# show bgp ipv4 unicast rpki servers
BGP SOVC neighbor is 202.125.96.50/323 connected to port 323
Any idea?
