Hi Ben,
On Sat, 28 Nov 2020 at 01:32, Ben Maddison <benm@workonline.africa> wrote: > > router bgp ... > > bgp rpki server tcp [...] > > address-family ipv4 > > bgp bestpath prefix-validate disable > > [...] > > route-map RM_EBGP_IN deny 10 > > match rpki invalid > > route-map RM_EBGP_IN permit 20 > > [...] > > > Does the route-map 'match' still work here? Which release? > I remember trying this workaround before our initial rollout of ROV and > nothing matched that statement when 'prefix-validate disable' was > configured. I forget the exact release, but that would have been > 16.9.3-ish. It works for me in both recent (Amsterdam, 17.03.02) and older (Fuji, 16.09.02) code. I did not try matching NotFound or Valid, or setting different locpref's, just denying invalid routes. > > Vpnv[46] support and RTR via SSH is still not there. > > > Hahaha, don't hold your breath. Source interface selection isn't even > available. With SSH support we would get source interface selection for free :( CLI helptext actually mentions SSH username and password and a "local-port" option, but it's undocumented and unclear how it is supposed to work... LAB1(config-router)#$bgp rpki server tcp 1.2.3.4 port 3232 ref 600 password secret ? username SSH Username <cr> <cr> LAB1(config-router)#$bgp rpki server tcp 1.2.3.4 port 3232 ref 600 password secret username user1 password secret2 ? local-port SSH Local Port LAB1(config-router)#$ It's probably a leftover from someone trying to get SSH support in. Unsure why SSH support would be combined with TCP-MD5 support on the socket (which is what the first password argument is about). cheers, lukas _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/