This command establishes a TCP connection to the configured cache server. TCP connections are not secured by nature. Establishing this connection enables the validation of prefixes with the RPKI server. Only one (1) cache server can be configured under one priority. Attempting to configure another RPKI server will report an error. The RPKI server connection is attempted through the Management VRF. Use the no format of this command to remove the configured RPKI server from the priority.
RPKI Priority
Only one RPKI Server can be configured in a priority. Attempts to configure more than one server in a priority will report an error.
Use the [no] format of this command to remove a configured RPKI server from the current RPKI priority priority.
Warning
Every time this command is run, there is a possibility that your CLI console response may become slow. This is due to the SLX-OS performing CPU intensive tasks of caching ROAs from the remote RPKI server and then revalidating RPKI state for all existing prefixes. This has been observed in systems with fully scaled routes in RIB-in when adding a server in the highest RPKI priority group. Adding servers in the lower priority groups does not cause this issue.
This slowdown is also possible when the connection to the existing RPKI server fails and the system fails over to the server with the next priority.
This example shows the steps to add a TCP connection to the configured cache server in the rpki priority within the router bgp configuration mode. This example also shows adding a server to another RPKI priority.
SLX(config)# router bgp SLX(config-bgp-router)# rpki priority 1 SLX(config-bgp-rpki-grp)# server tcp rpki.realmv6.org port 113 SLX(config-bgp-rpki-grp)# exit SLX(config-bgp-router)# rpki priority 2 SLX(config-bgp-rpki-grp)# server tcp 10.10.11.152 port 113 SLX(config-bgp-rpki-grp)#