Beginning with Junos 12.2, the statement validation-state: unverified
is sometimes encountered during BGP configuration when validating show route. This condition is harmless, and can either be ignored, or controlled by a policy statement.
The statement validation-state: unverified
is encountered when executing the command run show route
.
ab@cheese# run show route
inet.0: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/30 *[Direct/0] 00:02:58
> via xe-0/0/0.0
[BGP/170] 00:02:27, localpref 100
AS path: 200 I, validation-state: unverified >>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
1.1.1.1/32 *[Local/0] 00:02:58
Local via xe-0/0/0.0
10.0.0.0/8 *[Static/5] 5d 00:48:59
> to 172.27.116.1 via fxp0.0
10.10.10.10/32 *[Direct/0] 00:02:58
> via lo0.0
20.20.20.20/32 *[BGP/170] 00:02:27, localpref 100
AS path: 200 I, validation-state: unverified >>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
172.0.0.0/8 *[Static/5] 5d 00:48:59
> to 172.27.116.1 via fxp0.0
172.27.116.0/23 *[Direct/0] 5d 00:48:59
> via fxp0.0
[BGP/170] 00:02:27, localpref 100
AS path: 200 I, validation-state: unverified
> to 1.1.1.2 via xe-0/0/0.0
172.27.116.23/32 *[Local/0] 5d 00:48:59
Local via fxp0.0
This statement does not indicate an invalid path, but warns that this path has not been validated by Origin validation configuration.
Origin validation for BGP enables BGP to recognize when an autonomous system (AS) begins advertising all or part of another company's assigned network. BGP recognizes the error and responds in a way that avoids service interruptions.
To configure, include the validation statement (and associated child statements) at the [edit routing-options] hierarchy level. Also configure a policy with the from validation-database match condition, the then validation-state action, and the extended community (origin validation state).
As this display is harmless, you can ignore it or control it by policy-statement, as follows:
validation-state
(BGP-learned routes) Validation status of the route:
- Invalid—Indicates that the prefix is found, but either the corresponding AS received from the eBGP peer is not the AS that appears in the database, or the prefix length in the BGP update message is longer than the maximum length permitted in the database.
- Unknown—Indicates that the prefix is not among the prefixes or prefix ranges in the database.
- Valid—Indicates that the prefix and autonomous system pair are found in the database.
set interfaces xe-0/0/0 unit 0 family inet address 1.1.1.1/30
set interfaces lo0 unit 0 family inet address 10.10.10.10/32
set routing-options autonomous-system 100
set protocols bgp group eBGP type external
set protocols bgp group eBGP import rv
set protocols bgp group eBGP export Rrt-Export
set protocols bgp group eBGP neighbor 1.1.1.2 peer-as 200
set policy-options policy-statement PF term 1 then load-balance per-packet
set policy-options policy-statement Rrt-Export from protocol direct
set policy-options policy-statement Rrt-Export then accept
set policy-options policy-statement rv term a from protocol bgp
set policy-options policy-statement rv term a from validation-database valid
set policy-options policy-statement rv term a then local-preference 110
set policy-options policy-statement rv term a then validation-state valid
set policy-options policy-statement rv term a then accept
set policy-options policy-statement rv term b from protocol bgp
set policy-options policy-statement rv term b from validation-database invalid
set policy-options policy-statement rv term b then local-preference 9
set policy-options policy-statement rv term b then validation-state invalid
set policy-options policy-statement rv term b then accept
set policy-options policy-statement rv term c from protocol bgp
set policy-options policy-statement rv term c from validation-database unknown >>>>>>>>>>>>
set policy-options policy-statement rv term c then validation-state unknown >>>>>>>>>>>>>>>
set policy-options policy-statement rv term c then accept >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
lab@cheese# run show route
inet.0: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/30 *[Direct/0] 00:12:52
> via xe-0/0/0.0
[BGP/170] 00:12:21, localpref 100
AS path: 200 I, validation-state: unknown >>>>>>>>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
1.1.1.1/32 *[Local/0] 00:12:52
Local via xe-0/0/0.0
10.0.0.0/8 *[Static/5] 5d 00:58:53
> to 172.27.116.1 via fxp0.0
10.10.10.10/32 *[Direct/0] 00:12:52
> via lo0.0
20.20.20.20/32 *[BGP/170] 00:12:21, localpref 100
AS path: 200 I, validation-state: unknown >>>>>>>>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
172.0.0.0/8 *[Static/5] 5d 00:58:53
> to 172.27.116.1 via fxp0.0
172.27.116.0/23 *[Direct/0] 5d 00:58:53
> via fxp0.0
[BGP/170] 00:12:21, localpref 100
AS path: 200 I, validation-state: unknown >>>>>>>>>>>>>>>>>>
> to 1.1.1.2 via xe-0/0/0.0
172.27.116.23/32 *[Local/0] 5d 00:58:53
Local via fxp0.0