server ssh

This command establishes a SSH connection to the configured cache server. Establishing this connection enables the validation of prefixes with the RPKI server. Only one (1) cache server can be configured under one priority. Attempting to configure another RPKI server will report an error. The RPKI server connection is attempted through the Management VRF. Use the no format of this command to remove the configured RPKI server from the priority.

Syntax

server ssh { name | ipv4/ipv6 address } port port no username username password-file client private key path

[no] server ssh { name | ipv4/ipv6 address } port port no username username password-file client private key path

Syntax

Parameters

name: The hostname of the remote RPKI cache server. You can use one of hostname or IP address.
ipv4/ipv6 address: The IPv4 or IPv6 IP address of the remote RPKI server. You can use one of hostname or IP address.
port port no: The configured SSH port number on the remote RPKI server. The default SSH port is 22. Port numbers are in the range of 1-65535.
username: The Username of the account used to connect to the remote RPKI server. This value cannot be longer than 63 characters.

password-file: The key file for this user credentials. This key file is provided by the operator of the remote RPKI server. Contact the administrator/operator of the server to get this key. An error is reported when this file is not found at the supplied path when this server entry is created.

Modes

RPKI Priority

Use the [no] format of this command to remove a configured RPKI server from the current RPKI priority.

Usage Guidelines

Only one RPKI Server can be configured in a priority. Attempts to configure more than one server in a priority will report an error.

Warning

Every time this command is run, there is a possibility that your CLI console response may become slow. This is due to the SLX-OS performing CPU intensive tasks of caching ROAs from the remote RPKI server and then revalidating RPKI state for all existing prefixes. This has been observed in systems with fully scaled routes in RIB-in when adding a server in the highest RPKI priority group. Adding servers in the lower priority groups does not cause this issue.

This slowdown is also possible when the connection to the existing RPKI server fails and the system fails over to the server with the next priority.

Examples

This example shows the steps to add a SSH connection to the configured cache server in the rpki priority within the router bgp configuration mode. This example also shows adding a SSH server to another RPKI priority.

SLX(config)# router bgp
SLX(config-bgp-router)# rpki priority 1
SLX(config-bgp-rpki-grp)# server ssh rpki.realmv6.org port 22 username rtr-ssh password-file "/root/.ssh/id_rsa_realmv6-org" 
SLX(config-bgp-rpki-grp)# exit
SLX(config-bgp-router)# rpki priority 2
SLX(config-bgp-rpki-grp)# server ssh 10.10.11.152 port 2200 username rtr-admin-g1 password-file "/root/.ssh/id_rsa_10-10-11-152"
SLX(config-bgp-rpki-grp)#