Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos Platform] What does "validation-state: unverified" mean in show route command during BGP configuration?

0

0

Article ID: KB27919 KB Last Updated: 24 Oct 2013Version: 1.0
Summary:

Beginning with Junos 12.2, the statement validation-state: unverified is sometimes encountered during BGP configuration when validating show route. This condition is harmless, and can either be ignored, or controlled by a policy statement.

Symptoms:

The statement validation-state: unverified is encountered when executing the command run show route

ab@cheese# run show route
inet.0: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/30 *[Direct/0] 00:02:58
> via xe-0/0/0.0
[BGP/170] 00:02:27, localpref 100
AS path: 200 I, validation-state: unverified >>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
1.1.1.1/32 *[Local/0] 00:02:58
Local via xe-0/0/0.0
10.0.0.0/8 *[Static/5] 5d 00:48:59
> to 172.27.116.1 via fxp0.0
10.10.10.10/32 *[Direct/0] 00:02:58
> via lo0.0
20.20.20.20/32 *[BGP/170] 00:02:27, localpref 100
AS path: 200 I, validation-state: unverified >>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
172.0.0.0/8 *[Static/5] 5d 00:48:59
> to 172.27.116.1 via fxp0.0
172.27.116.0/23 *[Direct/0] 5d 00:48:59
> via fxp0.0
[BGP/170] 00:02:27, localpref 100
AS path: 200 I, validation-state: unverified
> to 1.1.1.2 via xe-0/0/0.0
172.27.116.23/32 *[Local/0] 5d 00:48:59
Local via fxp0.0

Cause:

This statement does not indicate an invalid path, but warns that this path has not been validated by Origin validation configuration.

Solution:

Origin validation for BGP enables BGP to recognize when an autonomous system (AS) begins advertising all or part of another company's assigned network. BGP recognizes the error and responds in a way that avoids service interruptions.

To configure, include the validation statement (and associated child statements) at the [edit routing-options] hierarchy level. Also configure a policy with the from validation-database match condition, the then validation-state action, and the extended community (origin validation state).

As this display is harmless, you can ignore it or control it by policy-statement, as follows:

validation-state

(BGP-learned routes) Validation status of the route:

  • Invalid—Indicates that the prefix is found, but either the corresponding AS received from the eBGP peer is not the AS that appears in the database, or the prefix length in the BGP update message is longer than the maximum length permitted in the database.
  • Unknown—Indicates that the prefix is not among the prefixes or prefix ranges in the database.
  • Valid—Indicates that the prefix and autonomous system pair are found in the database.
set interfaces xe-0/0/0 unit 0 family inet address 1.1.1.1/30
set interfaces lo0 unit 0 family inet address 10.10.10.10/32
set routing-options autonomous-system 100
set protocols bgp group eBGP type external
set protocols bgp group eBGP import rv
set protocols bgp group eBGP export Rrt-Export
set protocols bgp group eBGP neighbor 1.1.1.2 peer-as 200
set policy-options policy-statement PF term 1 then load-balance per-packet
set policy-options policy-statement Rrt-Export from protocol direct
set policy-options policy-statement Rrt-Export then accept
set policy-options policy-statement rv term a from protocol bgp
set policy-options policy-statement rv term a from validation-database valid
set policy-options policy-statement rv term a then local-preference 110
set policy-options policy-statement rv term a then validation-state valid
set policy-options policy-statement rv term a then accept
set policy-options policy-statement rv term b from protocol bgp
set policy-options policy-statement rv term b from validation-database invalid
set policy-options policy-statement rv term b then local-preference 9
set policy-options policy-statement rv term b then validation-state invalid
set policy-options policy-statement rv term b then accept
set policy-options policy-statement rv term c from protocol bgp
set policy-options policy-statement rv term c from validation-database unknown >>>>>>>>>>>>
set policy-options policy-statement rv term c then validation-state unknown >>>>>>>>>>>>>>>
set policy-options policy-statement rv term c then accept >>>>>>>>>>>>>>>>>>>>>>>>>>>>>


lab@cheese# run show route
inet.0: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/30 *[Direct/0] 00:12:52
> via xe-0/0/0.0
[BGP/170] 00:12:21, localpref 100
AS path: 200 I, validation-state: unknown >>>>>>>>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
1.1.1.1/32 *[Local/0] 00:12:52
Local via xe-0/0/0.0
10.0.0.0/8 *[Static/5] 5d 00:58:53
> to 172.27.116.1 via fxp0.0
10.10.10.10/32 *[Direct/0] 00:12:52
> via lo0.0
20.20.20.20/32 *[BGP/170] 00:12:21, localpref 100
AS path: 200 I, validation-state: unknown >>>>>>>>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
172.0.0.0/8 *[Static/5] 5d 00:58:53
> to 172.27.116.1 via fxp0.0
172.27.116.0/23 *[Direct/0] 5d 00:58:53
> via fxp0.0
[BGP/170] 00:12:21, localpref 100
AS path: 200 I, validation-state: unknown >>>>>>>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
172.27.116.23/32 *[Local/0] 5d 00:58:53
Local via fxp0.0

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search