Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1997
Views
11
Helpful
28
Replies

RPKI Validator Server Configuration

Go to solution
onibala
Level 1
Level 1

‎10-12-2023 06:14 AM

Can IOS, IOS-XE, or IOS-XR support server functioning as RPKI Validator? This is similar of PKI CA server configuration in any IOS platform.

I want to test it in our Lab without connecting to any RPKI servers in the Internet.

Thanks,

Audie

 

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎10-12-2023 08:04 AM - edited ‎10-12-2023 08:05 AM

Hello @onibala

IOS-XE XR Ok. A doubt about IOS.... because you have a peering with ISP and have the full table.... you need plateform with IOS-XR or XE. Thens it is ok! 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Go to solution
M02@rt37
VIP
VIP
In response to onibala

‎10-12-2023 08:51 AM - edited ‎10-12-2023 08:52 AM

@onibala 

Refer here 

xr: https://beufa.net/fr/blog/rpki-use-routinator-rtr-cache-validator-cisco-ios-xr/

xe: https://www.rheintal-ix.net/tech/rpki/

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful

Go to solution
Harold Ritter
Level 12
Level 12
In response to onibala

‎10-16-2023 07:04 AM - edited ‎10-16-2023 07:10 AM

Hi @onibala ,

The validator function is normally run on a separate Linux server. As far as I know, XR and XE do not support the RPKI Validator (or equivalent) functionality natively, but they both allow you to run 3rd party applications in a container. This might be an option, but I think the safest implementation would be to run it on a separate Linux server.

Regards,

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

28 Replies 28

Go to solution
onibala
Level 1
Level 1

‎10-12-2023 06:28 AM

Thanks for the quick response Balaji! This config is for VPN certificate. I am looking for securing BGP Prefix and AS exchange. 

Here are examples:

How to Install an RPKI Validator | RIPE Labs

https://rpki.readthedocs.io/en/latest/

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to onibala

‎10-12-2023 08:35 AM

got you, IOS XE and XR support that features as per the document.

setting offline RPKI Server (not that i have done before)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
onibala
Level 1
Level 1
In response to balaji.bandi

‎10-12-2023 08:45 AM

Balaji,

Please provide the link of how to setup RPKI server.

Thanks!

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to onibala

‎10-12-2023 08:51 AM - edited ‎10-12-2023 08:52 AM

@onibala 

Refer here 

xr: https://beufa.net/fr/blog/rpki-use-routinator-rtr-cache-validator-cisco-ios-xr/

xe: https://www.rheintal-ix.net/tech/rpki/

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎10-12-2023 08:04 AM - edited ‎10-12-2023 08:05 AM

Hello @onibala

IOS-XE XR Ok. A doubt about IOS.... because you have a peering with ISP and have the full table.... you need plateform with IOS-XR or XE. Thens it is ok! 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
onibala
Level 1
Level 1
In response to M02@rt37

‎10-12-2023 08:15 AM

Thanks for replying M02@rt37

I will get the XR or XE as long it can function as RPKI server.

Go to solution
onibala
Level 1
Level 1
In response to M02@rt37

‎10-16-2023 04:48 AM

M02@rt37,

I knew already the link given (https://beufa.net/blog/rpki-use-routinator-rtr-cache-validator-cisco-ios-xr/). I will accept it as solution, but I was looking an article from Cisco.com.

Thank You

Go to solution
onibala
Level 1
Level 1

‎10-16-2023 04:52 AM

Anyone has the solution from Cisco.com, and "other than" from beufa.net?

I have seen this link before. Has anyone tried it?

Thanks

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to onibala

‎10-16-2023 04:58 AM

What you need exactly' you want to try it in lab?

0 Helpful

Go to solution
onibala
Level 1
Level 1
In response to MHM Cisco World

‎10-16-2023 05:06 AM

MHM Cisco World,

I want to setup simple setup of 5 (IOS, IOS-XE) routers, with one functioning as the Validator. I am hesitant to buy an XR router functioning as the Validator, and does not work! I have not found an article by Cisco to back it up.

I want to see proof by Cisco that the XR can support the Validator function.

0 Helpful

Go to solution
Harold Ritter
Level 12
Level 12
In response to onibala

‎10-16-2023 07:04 AM - edited ‎10-16-2023 07:10 AM

Hi @onibala ,

The validator function is normally run on a separate Linux server. As far as I know, XR and XE do not support the RPKI Validator (or equivalent) functionality natively, but they both allow you to run 3rd party applications in a container. This might be an option, but I think the safest implementation would be to run it on a separate Linux server.

Regards,

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
onibala
Level 1
Level 1
In response to Harold Ritter

‎10-16-2023 07:09 AM

This is what I suspected Harold. I hope you are wrong though. That is why I was skeptical of the beufa.net article.

Thanks!

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card