Configuring RPKI
RPKI is a globally distributed database that contains information mapping BGP (internet) prefixes to their authorized origin-AS numbers. To validate the origin-AS of BGP paths, routers running BGP can connect to RPKI caches.
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:
Configuring Origin AS Validation
Configuring Origin AS Validation
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bgpEntity": {
"children": [
{
"bgpInst": {
"attributes": {
"asn": "100"
},
"children": [
{
"bgpDom": {
"attributes": {
"name": "default"
},
"children": [
{
"bgpDomAf": {
"attributes": {
"originAsValidate": "enabled",
"type": "ipv4-ucast"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
CLI Command
The CLI command below is the equivalent of the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
router bgp 100
address-family ipv4 unicast
origin-as validate
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| originAsValidate | sys/bgp/inst/dom-[vrf-name]/af- [addr-family]/originAsValidate |
Properties
The following table contains information about the properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name |
|---|
| originAsValidate |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring AS Validation Signaling
Configuring AS Validation Signaling
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bgpEntity": {
"children": [
{
"bgpInst": {
"attributes": {
"asn": "100"
},
"children": [
{
"bgpDom": {
"attributes": {
"name": "default"
},
"children": [
{
"bgpDomAf": {
"attributes": {
"originAsValidateSignalEbgp": "enabled",
"type": "ipv4-ucast"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
CLI Command
The CLI command below is the equivalent of the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
router bgp 100
address-family ipv4 unicast
origin-as validate
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| originAsValidateSignalEbgp | sys/bgp/inst/dom-[vrf-name]/af-[addrfamily]/originAsValidateSignalEbgp |
Properties
The following table contains information about the properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name |
|---|
| originAsValidateSignalEbgp |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Origin AS Validation Accept
Configuring Origin AS Validation Accept
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bgpEntity": {
"children": [
{
"bgpInst": {
"attributes": {
"asn": "100"
},
"children": [
{
"bgpDom": {
"attributes": {
"name": "default"
},
"children": [
{
"bgpDomAf": {
"attributes": {
"originAsValidateAcceptEbgp": "enabled",
"type": "ipv4-ucast"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
CLI Command
The CLI command below is the equivalent of the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
router bgp 100
address-family ipv4 unicast
origin-as validate accept ebgp
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| originAsValidateAcceptEbgp | sys/bgp/inst/dom-[vrfname]/af-[addrfamily]/originAsValidateAcceptEbgp |
Properties
The following table contains information about the properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name |
|---|
| originAsValidateAcceptEbgp |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: