Hello,
is there possibility to extends the existing support of RPKI-based BGP prefix origin
validation to VPRN BGP instances?
When origin validation is enabled on a VPRN PE-CE BGP session, the IP routes received from the peer are assigned origin validation states based on the lookup of each route’s origin AS and IP
prefix in the router’s database of origin validation entries. how to make this database is shared by all VPRN BGP instances and the Base router BGP instance? Does It consists of entries learned from static configuration and RPKI and router protocol interaction with local cache servers?
First of all, a clarification. VPRN BGP is a term used exclusively by Nokia to define a Layer 3 VPN over an MPLS network. So what we’re talking about, more generically is Layer 3 VPN for MPLS. So your question then is, can we use RPKI BGP validation in an MPLS L3 VPN environment.
Secondly, for the benefit of other readers, RPKI-based BGP origin AS validation is a feature that helps prevent network administrators from inadvertently advertising routes to networks they don’t control. It uses a Resource Public Key Infrastructure (RPKI) server to authenticate that certain BGP prefixes originated from an expected AS before the prefixes are allowed to be advertised. More about this can be found here:
Now, remember that the purpose of this feature is to ensure that you don’t accidentally advertise prefixes into a network you don’t control. However, in the case of MPLS, if you are using BGP between your CE and PE routers, you can advertise whatever you want without fear of injecting anything into such a network. Remember that the routing protocol employed between the CE and PE routers has the purpose of advertising whatever internal networks you want to all of your other sites connected to the MPLS VPN. Because of the use of the MPLS VPN feature, such injected routes will not interfere with the operation of the MPLS infrastructure. Thus, such a feature is actually of no benefit.
Can you tell us more about what you would like to achieve? If you tell us the reason you would like to implement something like this, we will be in a better position to help you find a solution that will fit your needs.