Connecting to RPKI Servers

RPKI Servers and Priority

A connection to a remote RPKI Server is established through either SSH or TCP. Connections, once established are kept alive. If you need that the communication with the remote RPKI Server is secure, use SSH. Otherwise, use TCP to establish the connection.

Once a connection to the remote RPKI Server is established, the ROA records are downloaded from the server automatically using RPKI-RTR protocol and saved locally in the SLX device's cache. This cache is kept updated by the remote RPKI Server by periodically pushing changes to the SLX device.

You can configure up to one hundred (100) RPKI servers. To ease management, one (1) RPKI server can be configured per RPKI priority. You can create up to one hundred (100) RPKI priorities. However, at any point of time, you can establish connection to a single remote RPKI Server, either through SSH or TCP.

A server in a Priority with a lower value is always chosen over a server in a Priority with higher value. For example, a server in 'Priority number 1' will be chosen over a server in 'Priority number 2'. If the connection to the server in 'Priority number 1' fails, the system will failover to a server in 'Priority number 2' and so on.

RPKI Server Priorities are created using the rpki priority command. Use the rpki ssh or the rpki tcp commands to add a server to a Priority and also provide the connection parameters for the server. You can create a maximum of 100 server Priorities.