protocol rpki { roa6 { table roa_v6; }; remote "10.43.141.166" port 3323; retry keep 90; refresh keep 900; expire keep 172800; } function filter_reason(lc rsn) { bgp_large_community.add(rsn); } # RPKI tests function is_rpki_invalid_v6() { if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then bgp_large_community.add(informational_rpki_valid); else if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then bgp_large_community.add(informational_rpki_unknown); else if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then { print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last; bgp_large_community.add(informational_rpki_invalid); return true; } else bgp_large_community.add(informational_rpki_not_checked); return false; } function is_rpki_invalid_dn42_v4() { if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then bgp_large_community.add(informational_rpki_valid); else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then bgp_large_community.add(informational_rpki_unknown); else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then { print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last; bgp_large_community.add(informational_rpki_invalid); return true; } else bgp_large_community.add(informational_rpki_not_checked); return false; } function is_rpki_invalid_dn42_v6() { if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then bgp_large_community.add(informational_rpki_valid); else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then bgp_large_community.add(informational_rpki_unknown); else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then { print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last; bgp_large_community.add(informational_rpki_invalid); return true; } else bgp_large_community.add(informational_rpki_not_checked); return false; }