summaryrefslogtreecommitdiff
path: root/smoketest/configs
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest/configs')
-rw-r--r--smoketest/configs/azure-bgp-gateway435
-rw-r--r--smoketest/configs/bgp-bfd-communities533
-rw-r--r--smoketest/configs/bgp-big-as-cloud1956
-rw-r--r--smoketest/configs/bgp-evpn-leaf148
-rw-r--r--smoketest/configs/bgp-evpn-spine128
-rw-r--r--smoketest/configs/bgp-rpki (renamed from smoketest/configs/pppoe-client)70
-rw-r--r--smoketest/configs/bgp-small-as687
-rw-r--r--smoketest/configs/bgp-small-internet-exchange488
-rw-r--r--smoketest/configs/dialup-router-complex1662
-rw-r--r--smoketest/configs/dialup-router-medium-vpn707
-rw-r--r--smoketest/configs/isis-small105
-rw-r--r--smoketest/configs/ospf-small142
-rw-r--r--smoketest/configs/rip-router267
-rw-r--r--smoketest/configs/tunnel-broker142
-rw-r--r--smoketest/configs/vrf-basic231
-rw-r--r--smoketest/configs/vrf-bgp166
-rw-r--r--smoketest/configs/vrf-ospf145
17 files changed, 8004 insertions, 8 deletions
diff --git a/smoketest/configs/azure-bgp-gateway b/smoketest/configs/azure-bgp-gateway
new file mode 100644
index 000000000..b3f5e9edc
--- /dev/null
+++ b/smoketest/configs/azure-bgp-gateway
@@ -0,0 +1,435 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians disable
+ options {
+ interface vti31 {
+ adjust-mss 1350
+ }
+ interface vti32 {
+ adjust-mss 1350
+ }
+ interface vti41 {
+ adjust-mss 1350
+ }
+ interface vti42 {
+ adjust-mss 1350
+ }
+ interface vti51 {
+ adjust-mss 1350
+ }
+ interface vti52 {
+ adjust-mss 1350
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
+high-availability {
+ vrrp {
+ group DMZ-VLAN-3962 {
+ interface eth1
+ preempt-delay 180
+ priority 200
+ virtual-address 192.168.34.36/27
+ vrid 62
+ }
+ }
+}
+interfaces {
+ ethernet eth0 {
+ address 192.0.2.189/27
+ duplex auto
+ smp-affinity auto
+ speed auto
+ }
+ ethernet eth1 {
+ address 192.168.34.37/27
+ duplex auto
+ smp-affinity auto
+ speed auto
+ }
+ loopback lo {
+ }
+ vti vti31 {
+ }
+ vti vti32 {
+ }
+ vti vti41 {
+ }
+ vti vti42 {
+ }
+ vti vti51 {
+ }
+ vti vti52 {
+ }
+}
+policy {
+ prefix-list AZURE-BGP-IPv4-in {
+ description "Prefixes received from Azure"
+ rule 100 {
+ action permit
+ le 32
+ prefix 100.64.0.0/10
+ }
+ }
+ prefix-list ONPREM-BGP-IPv4-out {
+ description "Prefixes allowed to be announced into Azure"
+ rule 100 {
+ action permit
+ prefix 10.0.0.0/8
+ }
+ rule 200 {
+ action permit
+ prefix 172.16.0.0/12
+ }
+ rule 300 {
+ action permit
+ prefix 192.168.0.0/16
+ }
+ }
+}
+protocols {
+ bgp 65522 {
+ address-family {
+ ipv4-unicast {
+ network 10.0.0.0/8 {
+ }
+ network 172.16.0.0/12 {
+ }
+ network 192.168.0.0/16 {
+ }
+ }
+ }
+ neighbor 100.66.8.36 {
+ peer-group AZURE
+ remote-as 64517
+ }
+ neighbor 100.66.8.37 {
+ peer-group AZURE
+ remote-as 64517
+ }
+ neighbor 100.66.24.36 {
+ peer-group AZURE
+ remote-as 64513
+ }
+ neighbor 100.66.24.37 {
+ peer-group AZURE
+ remote-as 64513
+ }
+ neighbor 100.66.40.36 {
+ peer-group AZURE
+ remote-as 64515
+ }
+ neighbor 100.66.40.37 {
+ peer-group AZURE
+ remote-as 64515
+ }
+ neighbor 192.168.34.38 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ password VyOSR0xx123
+ remote-as 65522
+ update-source eth1
+ }
+ peer-group AZURE {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ prefix-list {
+ export ONPREM-BGP-IPv4-out
+ import AZURE-BGP-IPv4-in
+ }
+ }
+ }
+ ebgp-multihop 2
+ update-source eth1
+ }
+ timers {
+ holdtime 30
+ keepalive 5
+ }
+ }
+ static {
+ interface-route 100.66.8.36/32 {
+ next-hop-interface vti31 {
+ }
+ next-hop-interface vti32 {
+ }
+ }
+ interface-route 100.66.8.37/32 {
+ next-hop-interface vti31 {
+ }
+ next-hop-interface vti32 {
+ }
+ }
+ interface-route 100.66.24.36/32 {
+ next-hop-interface vti41 {
+ }
+ next-hop-interface vti42 {
+ }
+ }
+ interface-route 100.66.24.37/32 {
+ next-hop-interface vti41 {
+ }
+ next-hop-interface vti42 {
+ }
+ }
+ interface-route 100.66.40.36/32 {
+ next-hop-interface vti51 {
+ }
+ next-hop-interface vti52 {
+ }
+ }
+ interface-route 100.66.40.37/32 {
+ next-hop-interface vti51 {
+ }
+ next-hop-interface vti52 {
+ }
+ }
+ route 0.0.0.0/0 {
+ next-hop 192.168.34.33 {
+ }
+ }
+ route 51.105.0.0/16 {
+ next-hop 192.0.2.161 {
+ }
+ }
+ route 52.143.0.0/16 {
+ next-hop 192.0.2.161 {
+ }
+ }
+ route 195.137.175.0/24 {
+ next-hop 192.0.2.161 {
+ }
+ }
+ route 212.23.159.0/26 {
+ next-hop 192.0.2.161 {
+ }
+ }
+ }
+}
+service {
+ ssh {
+ disable-host-validation
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.net
+ flow-accounting {
+ interface eth1
+ interface vti31
+ interface vti32
+ interface vti41
+ interface vti42
+ interface vti51
+ interface vti52
+ netflow {
+ server 10.0.1.1 {
+ port 2055
+ }
+ source-ip 192.168.34.37
+ version 10
+ }
+ syslog-facility daemon
+ }
+ host-name azure-gw-01
+ login {
+ radius-server 192.0.2.253 {
+ port 1812
+ secret secret1234
+ timeout 2
+ }
+ radius-server 192.0.2.254 {
+ port 1812
+ secret secret1234
+ timeout 2
+ }
+ radius-source-address 192.168.34.37
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 192.0.2.254
+ ntp {
+ server 192.0.2.254 {
+ }
+ }
+ syslog {
+ global {
+ archive {
+ file 10
+ size 20480
+ }
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ host 10.0.9.188 {
+ facility all {
+ level info
+ protocol udp
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+vpn {
+ ipsec {
+ esp-group ESP-AZURE {
+ compression disable
+ lifetime 27000
+ mode tunnel
+ pfs disable
+ proposal 1 {
+ encryption aes256
+ hash sha1
+ }
+ }
+ ike-group IKE-AZURE {
+ close-action none
+ dead-peer-detection {
+ action restart
+ interval 2
+ timeout 15
+ }
+ ikev2-reauth no
+ key-exchange ikev2
+ lifetime 27000
+ proposal 1 {
+ dh-group 2
+ encryption aes256
+ hash sha1
+ }
+ }
+ ipsec-interfaces {
+ interface eth0
+ }
+ logging {
+ log-level 2
+ log-modes ike
+ }
+ site-to-site {
+ peer 51.105.0.2 {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret averysecretpsktowardsazure
+ }
+ connection-type respond
+ ike-group IKE-AZURE
+ ikev2-reauth inherit
+ local-address 192.0.2.189
+ vti {
+ bind vti51
+ esp-group ESP-AZURE
+ }
+ }
+ peer 51.105.0.3 {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret averysecretpsktowardsazure
+ }
+ connection-type respond
+ ike-group IKE-AZURE
+ ikev2-reauth inherit
+ local-address 192.0.2.189
+ vti {
+ bind vti52
+ esp-group ESP-AZURE
+ }
+ }
+ peer 51.105.0.246 {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret averysecretpsktowardsazure
+ }
+ connection-type respond
+ ike-group IKE-AZURE
+ ikev2-reauth inherit
+ local-address 192.0.2.189
+ vti {
+ bind vti32
+ esp-group ESP-AZURE
+ }
+ }
+ peer 51.105.0.247 {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret averysecretpsktowardsazure
+ }
+ connection-type respond
+ ike-group IKE-AZURE
+ ikev2-reauth inherit
+ local-address 192.0.2.189
+ vti {
+ bind vti31
+ esp-group ESP-AZURE
+ }
+ }
+ peer 51.105.0.18 {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret averysecretpsktowardsazure
+ }
+ connection-type respond
+ ike-group IKE-AZURE
+ ikev2-reauth inherit
+ local-address 192.0.2.189
+ vti {
+ bind vti42
+ esp-group ESP-AZURE
+ }
+ }
+ peer 51.105.0.19 {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret averysecretpsktowardsazure
+ }
+ connection-type respond
+ ike-group IKE-AZURE
+ ikev2-reauth inherit
+ local-address 192.0.2.189
+ vti {
+ bind vti41
+ esp-group ESP-AZURE
+ }
+ }
+ }
+ }
+}
+
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.5 */
diff --git a/smoketest/configs/bgp-bfd-communities b/smoketest/configs/bgp-bfd-communities
new file mode 100644
index 000000000..3b3056a51
--- /dev/null
+++ b/smoketest/configs/bgp-bfd-communities
@@ -0,0 +1,533 @@
+interfaces {
+ ethernet eth0 {
+ address 192.0.2.100/25
+ address 2001:db8::ffff/64
+ }
+ loopback lo {
+ }
+}
+policy {
+ large-community-list ANYCAST_ALL {
+ rule 10 {
+ action permit
+ description "Allow all anycast from anywhere"
+ regex "4242420696:100:.*"
+ }
+ }
+ large-community-list ANYCAST_INT {
+ rule 10 {
+ action permit
+ description "Allow all anycast from int"
+ regex 4242420696:100:1
+ }
+ }
+ prefix-list BGP-BACKBONE-IN {
+ description "Inbound backbone routes from other sites"
+ rule 10 {
+ action deny
+ description "Block default route"
+ prefix 0.0.0.0/0
+ }
+ rule 20 {
+ action deny
+ description "Block int primary"
+ ge 21
+ prefix 192.168.0.0/20
+ }
+ rule 30 {
+ action deny
+ description "Block loopbacks"
+ ge 25
+ prefix 192.168.253.0/24
+ }
+ rule 40 {
+ action deny
+ description "Block backbone peering"
+ ge 25
+ prefix 192.168.254.0/24
+ }
+ rule 999 {
+ action permit
+ description "Allow everything else"
+ ge 1
+ prefix 0.0.0.0/0
+ }
+ }
+ prefix-list BGP-BACKBONE-OUT {
+ description "Outbound backbone routes to other sites"
+ rule 10 {
+ action permit
+ description "Int primary"
+ ge 23
+ prefix 192.168.0.0/20
+ }
+ }
+ prefix-list GLOBAL {
+ description "Globally redistributed routes"
+ rule 10 {
+ action permit
+ prefix 192.168.100.1/32
+ }
+ rule 20 {
+ action permit
+ prefix 192.168.7.128/25
+ }
+ }
+ prefix-list6 BGP-BACKBONE-IN-V6 {
+ description "Inbound backbone routes from other sites"
+ rule 10 {
+ action deny
+ description "Block default route"
+ prefix ::/0
+ }
+ rule 20 {
+ action deny
+ description "Block int primary"
+ ge 53
+ prefix fd52:d62e:8011::/52
+ }
+ rule 30 {
+ action deny
+ description "Block peering and stuff"
+ ge 53
+ prefix fd52:d62e:8011:f000::/52
+ }
+ rule 999 {
+ action permit
+ description "Allow everything else"
+ ge 1
+ prefix ::/0
+ }
+ }
+ prefix-list6 BGP-BACKBONE-OUT-V6 {
+ description "Outbound backbone routes to other sites"
+ rule 10 {
+ action permit
+ ge 64
+ prefix fd52:d62e:8011::/52
+ }
+ }
+ prefix-list6 GLOBAL-V6 {
+ description "Globally redistributed routes"
+ rule 10 {
+ action permit
+ ge 64
+ prefix fd52:d62e:8011:2::/63
+ }
+ }
+ route-map BGP-REDISTRIBUTE {
+ rule 10 {
+ action permit
+ description "Prepend AS and allow VPN and modem"
+ match {
+ ip {
+ address {
+ prefix-list GLOBAL
+ }
+ }
+ }
+ set {
+ as-path-prepend 4242420666
+ }
+ }
+ rule 20 {
+ action permit
+ description "Allow VPN"
+ match {
+ ipv6 {
+ address {
+ prefix-list GLOBAL-V6
+ }
+ }
+ }
+ }
+ }
+ route-map BGP-BACKBONE-IN {
+ rule 10 {
+ action permit
+ match {
+ ip {
+ address {
+ prefix-list BGP-BACKBONE-IN
+ }
+ }
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ ipv6 {
+ address {
+ prefix-list BGP-BACKBONE-IN-V6
+ }
+ }
+ }
+ }
+ rule 30 {
+ action permit
+ match {
+ large-community {
+ large-community-list ANYCAST_ALL
+ }
+ }
+ }
+ }
+ route-map BGP-BACKBONE-OUT {
+ rule 10 {
+ action permit
+ match {
+ ip {
+ address {
+ prefix-list BGP-BACKBONE-OUT
+ }
+ }
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ ipv6 {
+ address {
+ prefix-list BGP-BACKBONE-OUT-V6
+ }
+ }
+ }
+ }
+ rule 30 {
+ action permit
+ match {
+ large-community {
+ large-community-list ANYCAST_INT
+ }
+ }
+ set {
+ as-path-prepend 4242420666
+ }
+ }
+ }
+}
+protocols {
+ bfd {
+ peer 192.168.253.1 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address 192.168.253.3
+ }
+ }
+ peer 192.168.253.2 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address 192.168.253.3
+ }
+ }
+ peer 192.168.253.6 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address 192.168.253.3
+ }
+ }
+ peer 192.168.253.7 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address 192.168.253.3
+ }
+ }
+ peer 192.168.253.12 {
+ interval {
+ receive 100
+ transmit 100
+ }
+ multihop
+ source {
+ address 192.168.253.3
+ }
+ }
+ peer fd52:d62e:8011:fffe:192:168:253:1 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address fd52:d62e:8011:fffe:192:168:253:3
+ }
+ }
+ peer fd52:d62e:8011:fffe:192:168:253:2 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address fd52:d62e:8011:fffe:192:168:253:3
+ }
+ }
+ peer fd52:d62e:8011:fffe:192:168:253:6 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address fd52:d62e:8011:fffe:192:168:253:3
+ }
+ }
+ peer fd52:d62e:8011:fffe:192:168:253:7 {
+ interval {
+ receive 50
+ transmit 50
+ }
+ multihop
+ source {
+ address fd52:d62e:8011:fffe:192:168:253:3
+ }
+ }
+ peer fd52:d62e:8011:fffe:192:168:253:12 {
+ interval {
+ receive 100
+ transmit 100
+ }
+ multihop
+ source {
+ address fd52:d62e:8011:fffe:192:168:253:3
+ }
+ }
+ }
+ bgp 4242420666 {
+ address-family {
+ ipv4-unicast {
+ redistribute {
+ connected {
+ route-map BGP-REDISTRIBUTE
+ }
+ static {
+ route-map BGP-REDISTRIBUTE
+ }
+ }
+ }
+ ipv6-unicast {
+ redistribute {
+ connected {
+ route-map BGP-REDISTRIBUTE
+ }
+ }
+ }
+ }
+ neighbor 192.168.253.1 {
+ peer-group INT
+ }
+ neighbor 192.168.253.2 {
+ peer-group INT
+ }
+ neighbor 192.168.253.6 {
+ peer-group DAL13
+ }
+ neighbor 192.168.253.7 {
+ peer-group DAL13
+ }
+ neighbor 192.168.253.12 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export BGP-BACKBONE-OUT
+ import BGP-BACKBONE-IN
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ bfd {
+ }
+ ebgp-multihop 2
+ remote-as 4242420669
+ update-source dum0
+ }
+ neighbor fd52:d62e:8011:fffe:192:168:253:1 {
+ address-family {
+ ipv6-unicast {
+ peer-group INTv6
+ }
+ }
+ }
+ neighbor fd52:d62e:8011:fffe:192:168:253:2 {
+ address-family {
+ ipv6-unicast {
+ peer-group INTv6
+ }
+ }
+ }
+ neighbor fd52:d62e:8011:fffe:192:168:253:6 {
+ address-family {
+ ipv6-unicast {
+ peer-group DAL13v6
+ }
+ }
+ }
+ neighbor fd52:d62e:8011:fffe:192:168:253:7 {
+ address-family {
+ ipv6-unicast {
+ peer-group DAL13v6
+ }
+ }
+ }
+ neighbor fd52:d62e:8011:fffe:192:168:253:12 {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export BGP-BACKBONE-OUT
+ import BGP-BACKBONE-IN
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ bfd {
+ }
+ ebgp-multihop 2
+ remote-as 4242420669
+ update-source dum0
+ }
+ parameters {
+ confederation {
+ identifier 4242420696
+ peers 4242420668
+ peers 4242420669
+ }
+ default {
+ no-ipv4-unicast
+ }
+ distance {
+ global {
+ external 220
+ internal 220
+ local 220
+ }
+ }
+ graceful-restart {
+ }
+ }
+ peer-group DAL13 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export BGP-BACKBONE-OUT
+ import BGP-BACKBONE-IN
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ bfd
+ ebgp-multihop 2
+ remote-as 4242420668
+ update-source dum0
+ }
+ peer-group DAL13v6 {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export BGP-BACKBONE-OUT
+ import BGP-BACKBONE-IN
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ bfd
+ ebgp-multihop 2
+ remote-as 4242420668
+ update-source dum0
+ }
+ peer-group INT {
+ address-family {
+ ipv4-unicast {
+ default-originate {
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ bfd
+ remote-as 4242420666
+ update-source dum0
+ }
+ peer-group INTv6 {
+ address-family {
+ ipv6-unicast {
+ default-originate {
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ bfd
+ remote-as 4242420666
+ update-source dum0
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ level admin
+ }
+ }
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6-S1 */
diff --git a/smoketest/configs/bgp-big-as-cloud b/smoketest/configs/bgp-big-as-cloud
new file mode 100644
index 000000000..694243d1e
--- /dev/null
+++ b/smoketest/configs/bgp-big-as-cloud
@@ -0,0 +1,1956 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group bgp-peers-4 {
+ address 192.0.68.3
+ address 192.0.68.2
+ address 192.0.176.193
+ address 192.0.52.0-192.0.52.255
+ address 192.0.53.0-192.0.53.255
+ address 192.0.16.209
+ address 192.0.192.0-192.0.192.255
+ address 192.0.193.0-192.0.193.255
+ address 192.0.194.0-192.0.194.255
+ address 192.0.195.0-192.0.195.255
+ address 192.0.196.0-192.0.196.255
+ address 192.0.197.0-192.0.197.255
+ address 192.0.198.0-192.0.198.255
+ address 192.0.199.0-192.0.199.255
+ }
+ address-group vrrp-peers-4 {
+ address 192.0.68.3
+ address 192.0.160.3
+ address 192.0.98.3
+ address 192.0.71.131
+ address 192.0.84.67
+ address 192.0.71.195
+ address 192.0.71.115
+ address 192.0.70.195
+ address 192.0.70.179
+ address 192.0.70.163
+ address 192.0.70.147
+ address 192.0.70.131
+ address 192.0.70.19
+ address 192.0.70.3
+ address 192.0.71.99
+ address 192.0.68.67
+ address 192.0.71.67
+ address 192.0.71.3
+ address 192.0.68.35
+ address 192.0.68.131
+ address 192.0.69.2
+ address 192.0.70.35
+ address 192.0.70.67
+ }
+ ipv6-address-group bgp-peers-6 {
+ address 2001:db8:c::3
+ address 2001:db8:1000::2e9
+ address 2001:db8:24::fb
+ address 2001:db8:24::fc
+ address 2001:db8:24::fd
+ address 2001:db8:24::2e
+ address 2001:db8:24::3d
+ address 2001:db8:24::4a
+ address 2001:db8:24::5e
+ address 2001:db8:24::7
+ address 2001:db8:24::11
+ address 2001:db8:24::18
+ address 2001:db8:24::20
+ address 2001:db8:24::22
+ address 2001:db8:24::31
+ address 2001:db8:24::58
+ address 2001:db8:24::64
+ address 2001:db8:24::a5
+ address 2001:db8:24::aa
+ address 2001:db8:24::ab
+ address 2001:db8:24::b0
+ address 2001:db8:24::b3
+ address 2001:db8:24::bd
+ address 2001:db8:24::c
+ address 2001:db8:24::d2
+ address 2001:db8:24::d3
+ address 2001:db8:838::1
+ address 2001:db8::1a27:5051:c09d
+ address 2001:db8::1a27:5051:c19d
+ address 2001:db8::20ad:0:1
+ address 2001:db8::2306:0:1
+ address 2001:db8::2ca:0:1
+ address 2001:db8::2ca:0:2
+ address 2001:db8::2ca:0:3
+ address 2001:db8::2ca:0:4
+ }
+ ipv6-address-group vrrp-peers-6 {
+ address fe80::fe89:15cf
+ }
+ ipv6-network-group AS64512-6 {
+ network 2001::/29
+ }
+ network-group AS64512-4 {
+ network 192.0.68.0/22
+ network 192.0.98.0/24
+ network 192.0.160.0/24
+ network 192.0.84.0/22
+ }
+ }
+ ipv6-name management-to-local-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name management-to-peers-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name management-to-servers-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name peers-to-local-6 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmpv6
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-6
+ }
+ }
+ }
+ rule 502 {
+ action accept
+ destination {
+ port bgp
+ }
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-6
+ }
+ }
+ }
+ rule 503 {
+ action accept
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-6
+ }
+ port bgp
+ }
+ }
+ }
+ ipv6-name peers-to-management-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name peers-to-servers-6 {
+ default-action reject
+ enable-default-log
+ rule 9990 {
+ action reject
+ source {
+ group {
+ network-group AS64512-6
+ }
+ }
+ }
+ rule 9999 {
+ action accept
+ destination {
+ group {
+ network-group AS64512-6
+ }
+ }
+ }
+ }
+ ipv6-name servers-to-local-6 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmpv6
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-6
+ }
+ }
+ }
+ rule 511 {
+ action accept
+ protocol tcp_udp
+ source {
+ port 53
+ }
+ }
+ }
+ ipv6-name servers-to-management-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name servers-to-peers-6 {
+ default-action reject
+ enable-default-log
+ rule 51 {
+ action accept
+ source {
+ group {
+ network-group AS64512-6
+ }
+ }
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ name management-to-local-4 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmp
+ }
+ rule 501 {
+ action accept
+ destination {
+ port 22
+ }
+ protocol tcp
+ }
+ rule 502 {
+ action accept
+ destination {
+ port snmp
+ }
+ protocol udp
+ }
+ }
+ name management-to-peers-4 {
+ default-action reject
+ enable-default-log
+ }
+ name management-to-servers-4 {
+ default-action reject
+ enable-default-log
+ }
+ name peers-to-local-4 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmp
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-4
+ }
+ }
+ }
+ rule 502 {
+ action accept
+ destination {
+ port bgp
+ }
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-4
+ }
+ }
+ }
+ rule 503 {
+ action accept
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-4
+ }
+ port bgp
+ }
+ }
+ }
+ name peers-to-management-4 {
+ default-action reject
+ enable-default-log
+ }
+ name peers-to-servers-4 {
+ default-action reject
+ enable-default-log
+ rule 9990 {
+ action reject
+ source {
+ group {
+ network-group AS64512-4
+ }
+ }
+ }
+ rule 9999 {
+ action accept
+ destination {
+ group {
+ network-group AS64512-4
+ }
+ }
+ }
+ }
+ name servers-to-local-4 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmp
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-4
+ }
+ }
+ }
+ rule 511 {
+ action accept
+ protocol tcp_udp
+ source {
+ port 53
+ }
+ }
+ }
+ name servers-to-management-4 {
+ default-action reject
+ enable-default-log
+ }
+ name servers-to-peers-4 {
+ default-action reject
+ enable-default-log
+ rule 51 {
+ action accept
+ source {
+ group {
+ network-group AS64512-4
+ }
+ }
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
+high-availability {
+ vrrp {
+ group 11-4 {
+ interface eth0.11
+ priority 200
+ virtual-address 192.0.68.1/27
+ vrid 4
+ }
+ group 11-6 {
+ interface eth0.11
+ priority 200
+ virtual-address 2001:db8:c::1/64
+ vrid 6
+ }
+ group 102-4 {
+ interface eth0.102
+ priority 200
+ virtual-address 192.0.98.1/24
+ vrid 4
+ }
+ group 102-6 {
+ interface eth0.102
+ priority 200
+ virtual-address 2001:db8:0:102::1/64
+ vrid 6
+ }
+ group 105-4 {
+ interface eth0.105
+ priority 200
+ virtual-address 192.0.160.1/24
+ vrid 4
+ }
+ group 105-6 {
+ interface eth0.105
+ priority 200
+ virtual-address 2001:db8:0:105::1/64
+ vrid 6
+ }
+ group 1001-4 {
+ interface eth0.1001
+ priority 200
+ virtual-address 192.0.68.33/27
+ vrid 4
+ }
+ group 1001-6 {
+ interface eth0.1001
+ priority 200
+ virtual-address 2001:db8:0:1001::1/64
+ vrid 6
+ }
+ group 1002-4 {
+ interface eth0.1002
+ priority 200
+ virtual-address 192.0.68.65/26
+ vrid 4
+ }
+ group 1002-6 {
+ interface eth0.1002
+ priority 200
+ virtual-address 2001:db8:0:1002::1/64
+ vrid 6
+ }
+ group 1003-4 {
+ interface eth0.1003
+ priority 200
+ virtual-address 192.0.68.129/25
+ vrid 4
+ }
+ group 1003-6 {
+ interface eth0.1003
+ priority 200
+ virtual-address 2001:db8:0:1003::1/64
+ vrid 6
+ }
+ group 1004-4 {
+ interface eth0.1004
+ priority 200
+ virtual-address 192.0.69.1/24
+ vrid 4
+ }
+ group 1004-6 {
+ interface eth0.1004
+ priority 200
+ virtual-address 2001:db8:0:1004::1/64
+ vrid 6
+ }
+ group 1005-4 {
+ interface eth0.1005
+ priority 200
+ virtual-address 192.0.70.1/28
+ vrid 4
+ }
+ group 1005-6 {
+ interface eth0.1005
+ priority 200
+ virtual-address 2001:db8:0:1005::1/64
+ vrid 6
+ }
+ group 1006-4 {
+ interface eth0.1006
+ priority 200
+ virtual-address 192.0.70.17/28
+ vrid 4
+ }
+ group 1006-6 {
+ interface eth0.1006
+ priority 200
+ virtual-address 2001:db8:0:1006::1/64
+ vrid 6
+ }
+ group 1007-4 {
+ interface eth0.1007
+ priority 200
+ virtual-address 192.0.70.33/27
+ vrid 4
+ }
+ group 1007-6 {
+ interface eth0.1007
+ priority 200
+ virtual-address 2001:db8:0:1007::1/64
+ vrid 6
+ }
+ group 1008-4 {
+ interface eth0.1008
+ priority 200
+ virtual-address 192.0.70.65/26
+ vrid 4
+ }
+ group 1008-6 {
+ interface eth0.1008
+ priority 200
+ virtual-address 2001:db8:0:1008::1/64
+ vrid 6
+ }
+ group 1009-4 {
+ interface eth0.1009
+ priority 200
+ virtual-address 192.0.70.129/28
+ vrid 4
+ }
+ group 1009-6 {
+ interface eth0.1009
+ priority 200
+ virtual-address 2001:db8:0:1009::1/64
+ vrid 6
+ }
+ group 1010-4 {
+ interface eth0.1010
+ priority 200
+ virtual-address 192.0.70.145/28
+ vrid 4
+ }
+ group 1010-6 {
+ interface eth0.1010
+ priority 200
+ virtual-address 2001:db8:0:1010::1/64
+ vrid 6
+ }
+ group 1011-4 {
+ interface eth0.1011
+ priority 200
+ virtual-address 192.0.70.161/28
+ vrid 4
+ }
+ group 1011-6 {
+ interface eth0.1011
+ priority 200
+ virtual-address 2001:db8:0:1011::1/64
+ vrid 6
+ }
+ group 1012-4 {
+ interface eth0.1012
+ priority 200
+ virtual-address 192.0.70.177/28
+ vrid 4
+ }
+ group 1012-6 {
+ interface eth0.1012
+ priority 200
+ virtual-address 2001:db8:0:1012::1/64
+ vrid 6
+ }
+ group 1013-4 {
+ interface eth0.1013
+ priority 200
+ virtual-address 192.0.70.193/27
+ vrid 4
+ }
+ group 1013-6 {
+ interface eth0.1013
+ priority 200
+ virtual-address 2001:db8:0:1013::1/64
+ vrid 6
+ }
+ group 1014-4 {
+ interface eth0.1014
+ priority 200
+ virtual-address 192.0.84.65/26
+ vrid 4
+ }
+ group 1014-6 {
+ interface eth0.1014
+ priority 200
+ virtual-address 2001:db8:0:1014::1/64
+ vrid 6
+ }
+ group 1015-4 {
+ interface eth0.1015
+ priority 200
+ virtual-address 192.0.71.1/26
+ vrid 4
+ }
+ group 1015-6 {
+ interface eth0.1015
+ priority 200
+ virtual-address 2001:db8:0:1015::1/64
+ vrid 6
+ }
+ group 1016-4 {
+ interface eth0.1016
+ priority 200
+ virtual-address 192.0.71.65/27
+ vrid 4
+ }
+ group 1016-6 {
+ interface eth0.1016
+ priority 200
+ virtual-address 2001:db8:0:1016::1/64
+ vrid 6
+ }
+ group 1017-4 {
+ interface eth0.1017
+ priority 200
+ virtual-address 192.0.71.97/28
+ vrid 4
+ }
+ group 1017-6 {
+ interface eth0.1017
+ priority 200
+ virtual-address 2001:db8:0:1017::1/64
+ vrid 6
+ }
+ group 1018-4 {
+ interface eth0.1018
+ priority 200
+ virtual-address 192.0.71.113/28
+ vrid 4
+ }
+ group 1018-6 {
+ interface eth0.1018
+ priority 200
+ virtual-address 2001:db8:0:1018::1/64
+ vrid 6
+ }
+ group 1019-4 {
+ interface eth0.1019
+ priority 200
+ virtual-address 192.0.71.129/26
+ vrid 4
+ }
+ group 1019-6 {
+ interface eth0.1019
+ priority 200
+ virtual-address 2001:db8:0:1019::1/64
+ vrid 6
+ }
+ group 1020-4 {
+ interface eth0.1020
+ priority 200
+ virtual-address 192.0.71.193/26
+ vrid 4
+ }
+ group 1020-6 {
+ interface eth0.1020
+ priority 200
+ virtual-address 2001:db8:0:1020::1/64
+ vrid 6
+ }
+ }
+}
+interfaces {
+ ethernet eth0 {
+ address 192.0.0.11/16
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 11 {
+ address 192.0.68.2/27
+ address 2001:db8:c::2/64
+ }
+ vif 102 {
+ address 192.0.98.2/24
+ address 2001:db8:0:102::2/64
+ }
+ vif 105 {
+ address 192.0.160.2/24
+ address 2001:db8:0:105::2/64
+ }
+ vif 838 {
+ address 192.0.16.210/30
+ address 2001:db8:838::2/64
+ }
+ vif 886 {
+ address 192.0.193.224/21
+ address 2001:db8::3:669:0:1/64
+ }
+ vif 1001 {
+ address 192.0.68.34/27
+ address 2001:db8:0:1001::2/64
+ }
+ vif 1002 {
+ address 192.0.68.66/26
+ address 2001:db8:0:1002::2/64
+ }
+ vif 1003 {
+ address 192.0.68.130/25
+ address 2001:db8:0:1003::2/64
+ }
+ vif 1004 {
+ address 192.0.69.2/24
+ address 2001:db8:0:1004::2/64
+ }
+ vif 1005 {
+ address 192.0.70.2/28
+ address 2001:db8:0:1005::2/64
+ }
+ vif 1006 {
+ address 192.0.70.18/28
+ address 2001:db8:0:1006::2/64
+ }
+ vif 1007 {
+ address 192.0.70.34/27
+ address 2001:db8:0:1007::2/64
+ }
+ vif 1008 {
+ address 192.0.70.66/26
+ address 2001:db8:0:1008::2/64
+ }
+ vif 1009 {
+ address 192.0.70.130/28
+ address 2001:db8:0:1009::2/64
+ }
+ vif 1010 {
+ address 192.0.70.146/28
+ address 2001:db8:0:1010::2/64
+ }
+ vif 1011 {
+ address 192.0.70.162/28
+ address 2001:db8:0:1011::2/64
+ }
+ vif 1012 {
+ address 192.0.70.178/28
+ address 2001:db8:0:1012::2/64
+ }
+ vif 1013 {
+ address 192.0.70.194/27
+ address 2001:db8:0:1013::3/64
+ }
+ vif 1014 {
+ address 192.0.84.66/26
+ address 2001:db8:0:1014::2/64
+ }
+ vif 1015 {
+ address 192.0.71.2/26
+ address 2001:db8:0:1015::2/64
+ }
+ vif 1016 {
+ address 192.0.71.66/27
+ address 2001:db8:0:1016::2/64
+ }
+ vif 1017 {
+ address 192.0.71.98/28
+ address 2001:db8:0:1017::2/64
+ }
+ vif 1018 {
+ address 192.0.71.114/28
+ address 2001:db8:0:1018::2/64
+ }
+ vif 1019 {
+ address 192.0.71.130/26
+ address 2001:db8:0:1019::2/64
+ }
+ vif 1020 {
+ address 192.0.71.194/26
+ address 2001:db8:0:1020::2/64
+ }
+ vif 4088 {
+ address 2001:db8:24::c7/64
+ address 192.0.52.199/23
+ }
+ vif 4089 {
+ address 192.0.176.194/30
+ address 2001:db8:1000::2ea/126
+ }
+ }
+ loopback lo {
+ }
+}
+policy {
+ as-path-list AS64513-AS64514 {
+ rule 10 {
+ action permit
+ regex "^64513 64514$"
+ }
+ }
+ as-path-list AS64512 {
+ rule 10 {
+ action permit
+ regex ^$
+ }
+ }
+ prefix-list defaultV4 {
+ rule 10 {
+ action permit
+ prefix 0.0.0.0/0
+ }
+ }
+ prefix-list hostrouteV4 {
+ rule 10 {
+ action permit
+ ge 32
+ prefix 192.0.160.0/24
+ }
+ rule 20 {
+ action permit
+ ge 32
+ prefix 192.0.98.0/24
+ }
+ rule 30 {
+ action permit
+ ge 32
+ prefix 192.0.68.0/22
+ }
+ rule 40 {
+ action permit
+ ge 32
+ prefix 192.0.84.0/22
+ }
+ }
+ prefix-list vyosV4 {
+ rule 10 {
+ action permit
+ prefix 192.0.160.0/24
+ }
+ rule 20 {
+ action permit
+ prefix 192.0.98.0/24
+ }
+ rule 30 {
+ action permit
+ prefix 192.0.68.0/22
+ }
+ rule 40 {
+ action permit
+ prefix 192.0.84.0/22
+ }
+ }
+ prefix-list privateV4 {
+ rule 10 {
+ action permit
+ le 32
+ prefix 192.0.0.0/8
+ }
+ rule 20 {
+ action permit
+ le 32
+ prefix 192.0.0.0/12
+ }
+ rule 30 {
+ action permit
+ le 32
+ prefix 192.0.0.0/16
+ }
+ }
+ prefix-list6 all6 {
+ rule 10 {
+ action permit
+ ge 4
+ prefix 2000::/3
+ }
+ }
+ prefix-list6 hostrouteV6 {
+ rule 20 {
+ action permit
+ ge 128
+ prefix 2001:db8::/29
+ }
+ }
+ prefix-list6 vyosV6 {
+ rule 20 {
+ action permit
+ prefix 2001:db8::/29
+ }
+ }
+ prefix-list6 privateV6 {
+ rule 10 {
+ action permit
+ prefix fc00::/7
+ }
+ }
+ route-map ExportRouteMap {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64515 {
+ rule 10 {
+ action permit
+ match {
+ ipv6 {
+ address {
+ prefix-list all6
+ }
+ }
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list defaultV4
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64516 {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64517 {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 64517:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 64517:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64513 {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 64513:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 64513:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ImportRouteMap {
+ rule 10 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list privateV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list privateV6
+ }
+ }
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 40 {
+ action deny
+ match {
+ as-path AS64512
+ }
+ }
+ rule 50 {
+ action permit
+ match {
+ as-path AS64513-AS64514
+ }
+ set {
+ weight 10001
+ }
+ }
+ rule 65535 {
+ action permit
+ }
+ }
+}
+protocols {
+ bgp 64500 {
+ address-family {
+ ipv4-unicast {
+ network 192.0.98.0/24 {
+ }
+ network 192.0.160.0/24 {
+ }
+ network 192.0.68.0/22 {
+ }
+ network 192.0.84.0/22 {
+ }
+ redistribute {
+ static {
+ route-map ExportRouteMap
+ }
+ }
+ }
+ ipv6-unicast {
+ network 2001:db8::/29 {
+ }
+ redistribute {
+ static {
+ route-map ExportRouteMap
+ }
+ }
+ }
+ }
+ maximum-paths {
+ ebgp 8
+ ibgp 16
+ }
+ neighbor 192.0.16.209 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMapAS64516
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64501
+ }
+ neighbor 192.0.192.6 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 100
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64502
+ }
+ neighbor 192.0.192.157 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 350000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64503
+ }
+ neighbor 192.0.192.228 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64504
+ }
+ neighbor 192.0.193.157 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 350000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64505
+ }
+ neighbor 192.0.193.202 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64506
+ }
+ neighbor 192.0.193.223 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64507
+ }
+ neighbor 192.0.194.161 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64508
+ }
+ neighbor 192.0.194.171 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64509
+ }
+ neighbor 192.0.176.193 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMapAS64516
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64510
+ }
+ neighbor 192.0.52.12 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 300
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64511
+ }
+ neighbor 192.0.52.17 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 75
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password vyosvyos
+ remote-as 64512
+ }
+ neighbor 192.0.52.24 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 300
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64513
+ }
+ neighbor 192.0.52.32 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password vyosfoooo
+ remote-as 64514
+ }
+ neighbor 192.0.52.34 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64515
+ }
+ neighbor 192.0.52.46 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64516
+ }
+ neighbor 192.0.52.49 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 75
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password secret
+ remote-as 64517
+ }
+ neighbor 192.0.52.74 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 15000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password secretvyos
+ remote-as 64518
+ }
+ neighbor 192.0.52.94 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 250
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64519
+ }
+ neighbor 192.0.52.100 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64520
+ }
+ neighbor 192.0.52.119 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 30
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64521
+ }
+ neighbor 192.0.52.165 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64522
+ }
+ neighbor 192.0.52.170 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 150000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64523
+ }
+ neighbor 192.0.52.171 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64524
+ }
+ neighbor 192.0.52.179 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 20
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64525
+ }
+ neighbor 192.0.52.189 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 1000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64526
+ }
+ neighbor 192.0.52.210 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 15
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64527
+ }
+ neighbor 192.0.52.211 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 15
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64528
+ }
+ neighbor 192.0.52.251 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ weight 1010
+ }
+ }
+ remote-as 64529
+ }
+ neighbor 192.0.52.252 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMap
+ }
+ weight 1010
+ }
+ }
+ remote-as 64530
+ }
+ neighbor 192.0.52.253 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMapAS64515
+ import ImportRouteMap
+ }
+ }
+ }
+ passive
+ remote-as 64531
+ }
+ neighbor 192.0.68.3 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ remote-as 64532
+ update-source 192.0.68.2
+ }
+ neighbor 2001:db8:838::1 {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export ExportRouteMapAS64516
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64533
+ }
+ neighbor 2001:db8:c::3 {
+ address-family {
+ ipv6-unicast {
+ nexthop-self
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ remote-as 64534
+ update-source 2001:db8:c::2
+ }
+ neighbor 2001:db8:24::2e {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 5
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password vyossecret
+ remote-as 64535
+ }
+ neighbor 2001:db8:24::4a {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 1000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64536
+ }
+ neighbor 2001:db8:24::5e {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 200
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64537
+ }
+ neighbor 2001:db8:24::11 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 20
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64538
+ }
+ neighbor 2001:db8:24::18 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 300
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64539
+ }
+ neighbor 2001:db8:24::20 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64540
+ }
+ neighbor 2001:db8:24::22 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 5
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64541
+ }
+ neighbor 2001:db8:24::31 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 20
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64542
+ }
+ neighbor 2001:db8:24::58 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 15
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64543
+ }
+ neighbor 2001:db8:24::64 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password geheim
+ remote-as 64544
+ }
+ neighbor 2001:db8:24::a5 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64545
+ }
+ neighbor 2001:db8:24::aa {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64546
+ }
+ neighbor 2001:db8:24::ab {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 1800
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64547
+ }
+ neighbor 2001:db8:24::b0 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 5
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password secret123
+ remote-as 64548
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ log-neighbor-changes
+ router-id 192.0.68.2
+ }
+ }
+ static {
+ route 192.0.98.0/24 {
+ blackhole {
+ }
+ }
+ route 192.0.160.0/24 {
+ blackhole {
+ }
+ }
+ route 192.0.68.0/22 {
+ blackhole {
+ }
+ }
+ route 192.0.84.0/22 {
+ blackhole {
+ }
+ }
+ route6 2001:db8::/29 {
+ blackhole {
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ flow-accounting {
+ disable-imt
+ interface eth0.4088
+ interface eth0.4089
+ netflow {
+ engine-id 1
+ server 192.0.2.55 {
+ port 2055
+ }
+ version 9
+ }
+ syslog-facility daemon
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 2001:db8::1
+ name-server 2001:db8::2
+ name-server 192.0.2.1
+ name-server 192.0.2.2
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level all
+ }
+ preserve-fqdn
+ }
+ }
+ time-zone Europe/Zurich
+}
+zone-policy {
+ zone local {
+ default-action drop
+ from management {
+ firewall {
+ ipv6-name management-to-local-6
+ name management-to-local-4
+ }
+ }
+ from peers {
+ firewall {
+ ipv6-name peers-to-local-6
+ name peers-to-local-4
+ }
+ }
+ from servers {
+ firewall {
+ ipv6-name servers-to-local-6
+ name servers-to-local-4
+ }
+ }
+ local-zone
+ }
+ zone management {
+ default-action reject
+ from peers {
+ firewall {
+ ipv6-name peers-to-management-6
+ name peers-to-management-4
+ }
+ }
+ from servers {
+ firewall {
+ ipv6-name servers-to-management-6
+ name servers-to-management-4
+ }
+ }
+ interface eth0
+ }
+ zone peers {
+ default-action reject
+ from management {
+ firewall {
+ ipv6-name management-to-peers-6
+ name management-to-peers-4
+ }
+ }
+ from servers {
+ firewall {
+ ipv6-name servers-to-peers-6
+ name servers-to-peers-4
+ }
+ }
+ interface eth0.4088
+ interface eth0.4089
+ interface eth0.11
+ interface eth0.838
+ interface eth0.886
+ }
+ zone servers {
+ default-action reject
+ from management {
+ firewall {
+ ipv6-name management-to-servers-6
+ name management-to-servers-4
+ }
+ }
+ from peers {
+ firewall {
+ ipv6-name peers-to-servers-6
+ name peers-to-servers-4
+ }
+ }
+ interface eth0.1001
+ interface eth0.105
+ interface eth0.102
+ interface eth0.1019
+ interface eth0.1014
+ interface eth0.1020
+ interface eth0.1018
+ interface eth0.1013
+ interface eth0.1012
+ interface eth0.1011
+ interface eth0.1010
+ interface eth0.1009
+ interface eth0.1006
+ interface eth0.1005
+ interface eth0.1017
+ interface eth0.1016
+ interface eth0.1002
+ interface eth0.1015
+ interface eth0.1003
+ interface eth0.1004
+ interface eth0.1007
+ interface eth0.1008
+ }
+}
+
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.5 */
diff --git a/smoketest/configs/bgp-evpn-leaf b/smoketest/configs/bgp-evpn-leaf
new file mode 100644
index 000000000..73d658de8
--- /dev/null
+++ b/smoketest/configs/bgp-evpn-leaf
@@ -0,0 +1,148 @@
+interfaces {
+ bridge br100 {
+ member {
+ interface eth3 {
+ }
+ interface vxlan100 {
+ }
+ }
+ }
+ dummy dum0 {
+ address 172.29.0.1/32
+ }
+ ethernet eth0 {
+ description "Out-of-Band Managament Port"
+ address 2001:db8::41/64
+ address 192.0.2.41/27
+ vrf MGMT
+ }
+ ethernet eth1 {
+ address 172.29.1.1/31
+ mtu 1600
+ }
+ ethernet eth2 {
+ address 172.29.2.1/31
+ mtu 1600
+ }
+ ethernet eth3 {
+ }
+ loopback lo {
+ }
+ vxlan vxlan100 {
+ parameters {
+ nolearning
+ }
+ port 4789
+ source-address 172.29.0.1
+ vni 100
+ }
+}
+protocols {
+ bgp 65010 {
+ address-family {
+ ipv4-unicast {
+ maximum-paths {
+ ibgp 4
+ }
+ redistribute {
+ connected {
+ }
+ }
+ }
+ l2vpn-evpn {
+ advertise-all-vni
+ }
+ }
+ neighbor 172.29.1.0 {
+ peer-group evpn
+ }
+ neighbor 172.29.2.0 {
+ peer-group evpn
+ }
+ parameters {
+ log-neighbor-changes
+ }
+ peer-group evpn {
+ address-family {
+ ipv4-unicast {
+ nexthop-self {
+ }
+ }
+ l2vpn-evpn {
+ nexthop-self {
+ }
+ }
+ }
+ remote-as 65010
+ }
+ }
+ vrf MGMT {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 192.0.2.62 {
+ }
+ }
+ route6 ::/0 {
+ next-hop 2001:db8::1 {
+ }
+ }
+ }
+ }
+}
+service {
+ lldp {
+ interface all {
+ }
+ }
+ ssh {
+ disable-host-validation
+ vrf MGMT
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ listen-address 192.0.2.41
+ listen-address 2001:db8::41
+ server 0.de.pool.ntp.org {
+ prefer
+ }
+ vrf MGMT
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+vrf {
+ name MGMT {
+ table 1000
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202103091038
diff --git a/smoketest/configs/bgp-evpn-spine b/smoketest/configs/bgp-evpn-spine
new file mode 100644
index 000000000..5dafc2f77
--- /dev/null
+++ b/smoketest/configs/bgp-evpn-spine
@@ -0,0 +1,128 @@
+interfaces {
+ ethernet eth0 {
+ description "Out-of-Band Managament Port"
+ address 192.0.2.51/27
+ address 2001:db8::51/64
+ vrf MGMT
+ }
+ ethernet eth1 {
+ address 172.29.1.0/31
+ mtu 1600
+ }
+ ethernet eth2 {
+ address 172.29.1.2/31
+ mtu 1600
+ }
+ ethernet eth3 {
+ address 172.29.1.4/31
+ mtu 1600
+ }
+ loopback lo {
+ }
+}
+protocols {
+ bgp 65010 {
+ address-family {
+ ipv4-unicast {
+ maximum-paths {
+ ibgp 4
+ }
+ redistribute {
+ connected {
+ }
+ }
+ }
+ }
+ listen {
+ range 172.29.1.0/24 {
+ peer-group evpn
+ }
+ }
+ parameters {
+ log-neighbor-changes
+ }
+ peer-group evpn {
+ address-family {
+ ipv4-unicast {
+ route-reflector-client
+ }
+ l2vpn-evpn {
+ route-reflector-client
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65010
+ }
+ }
+ vrf MGMT {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 192.0.2.62 {
+ }
+ }
+ route6 ::/0 {
+ next-hop 2001:db8::1 {
+ }
+ }
+ }
+ }
+}
+service {
+ lldp {
+ interface all {
+ }
+ }
+ ssh {
+ disable-host-validation
+ vrf MGMT
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ listen-address 192.0.2.51
+ listen-address 2001:db8::51
+ server 0.de.pool.ntp.org {
+ prefer
+ }
+ vrf MGMT
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+vrf {
+ name MGMT {
+ table 1000
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202103091038
diff --git a/smoketest/configs/pppoe-client b/smoketest/configs/bgp-rpki
index ef6a26423..e11ec9e72 100644
--- a/smoketest/configs/pppoe-client
+++ b/smoketest/configs/bgp-rpki
@@ -1,17 +1,71 @@
interfaces {
ethernet eth0 {
+ address 192.0.2.100/25
+ address 2001:db8::ffff/64
+ }
+ ethernet eth1 {
}
loopback lo {
}
- pppoe pppoe0 {
- authentication {
- password bar
- user foo
+}
+policy {
+ route-map ebgp-transit-rpki {
+ rule 10 {
+ action deny
+ match {
+ rpki invalid
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ rpki notfound
+ }
+ set {
+ local-preference 20
+ }
+ }
+ rule 30 {
+ action permit
+ match {
+ rpki valid
+ }
+ set {
+ local-preference 100
+ }
+ }
+ }
+}
+protocols {
+ bgp 64500 {
+ neighbor 1.2.3.4 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self {
+ }
+ route-map {
+ import ebgp-transit-rpki
+ }
+ }
+ }
+ remote-as 10
+ }
+ }
+ rpki {
+ cache routinator {
+ address 192.0.2.10
+ port 3323
+ }
+ }
+ static {
+ route 0.0.0.0/0 {
+ next-hop 192.0.2.1 {
+ }
+ }
+ route6 ::/0 {
+ next-hop 2001:db8::1 {
+ }
}
- connect-on-demand
- default-route auto
- mtu 1492
- source-interface eth0
}
}
service {
diff --git a/smoketest/configs/bgp-small-as b/smoketest/configs/bgp-small-as
new file mode 100644
index 000000000..6b953a3f6
--- /dev/null
+++ b/smoketest/configs/bgp-small-as
@@ -0,0 +1,687 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group NET-VYOS-HTTPS-4 {
+ address 10.0.150.73
+ }
+ ipv6-network-group NET-VYOS-6 {
+ network 2001:db8:200::/40
+ }
+ network-group NET-VYOS-4 {
+ network 10.0.150.0/23
+ network 192.168.189.0/24
+ }
+ port-group MY-NAS-PORTS {
+ port 80
+ port 5000
+ port 5001
+ port 6022
+ port 9443
+ }
+ }
+ ipv6-name WAN-TO-VLAN15-6 {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ source {
+ group {
+ network-group NET-VYOS-6
+ }
+ }
+ }
+ rule 1010 {
+ action accept
+ destination {
+ address 2001:db8:200:15::a
+ group {
+ port-group MY-NAS-PORTS
+ }
+ }
+ protocol tcp
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ name WAN-TO-VLAN15-4 {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ source {
+ group {
+ network-group NET-VYOS-4
+ }
+ }
+ }
+ rule 1000 {
+ action accept
+ destination {
+ group {
+ address-group NET-VYOS-HTTPS-4
+ }
+ port 80,443
+ }
+ protocol tcp
+ }
+ rule 1010 {
+ action accept
+ destination {
+ address 10.0.150.74
+ group {
+ port-group MY-NAS-PORTS
+ }
+ }
+ protocol tcp
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
+high-availability {
+ vrrp {
+ group VLAN5-IPv4 {
+ interface eth0.5
+ preempt-delay 180
+ priority 250
+ virtual-address 10.0.150.120/28
+ vrid 5
+ }
+ group VLAN5-IPv6 {
+ interface eth0.5
+ preempt-delay 180
+ priority 250
+ virtual-address 2001:db8:200:f0::ffff/64
+ vrid 6
+ }
+ group VLAN10-IPv4 {
+ interface eth0.10
+ preempt-delay 180
+ priority 250
+ virtual-address 10.0.150.62/26
+ vrid 10
+ }
+ group VLAN10-IPv6 {
+ interface eth0.10
+ preempt-delay 180
+ priority 250
+ virtual-address 2001:db8:200:10::ffff/64
+ virtual-address 2001:db8:200::ffff/64
+ vrid 11
+ }
+ group VLAN15-IPv4 {
+ interface eth0.15
+ preempt-delay 180
+ priority 250
+ virtual-address 10.0.150.78/28
+ vrid 15
+ }
+ group VLAN15-IPv6 {
+ interface eth0.15
+ preempt-delay 180
+ priority 250
+ virtual-address 2001:db8:200:15::ffff/64
+ vrid 16
+ }
+ group VLAN500-IPv4 {
+ interface eth0.500
+ preempt-delay 180
+ priority 250
+ virtual-address 10.0.151.238/28
+ vrid 238
+ }
+ group VLAN500-IPv6 {
+ interface eth0.500
+ preempt-delay 180
+ priority 250
+ virtual-address 2001:db8:200:50::ffff/64
+ vrid 239
+ }
+ group VLAN520-IPv4 {
+ interface eth0.520
+ preempt-delay 180
+ priority 250
+ virtual-address 10.0.150.190/28
+ vrid 52
+ }
+ group VLAN520-IPv6 {
+ interface eth0.520
+ preempt-delay 180
+ priority 250
+ virtual-address 2001:db8:200:520::ffff/64
+ vrid 53
+ }
+ group VLAN810-IPv4 {
+ interface eth0.810
+ preempt-delay 180
+ priority 250
+ virtual-address 10.0.151.30/27
+ vrid 80
+ }
+ group VLAN810-IPv6 {
+ interface eth0.810
+ preempt-delay 180
+ priority 250
+ virtual-address 2001:db8:200:102::ffff/64
+ vrid 81
+ }
+ sync-group VYOS {
+ member VLAN5-IPv4
+ member VLAN5-IPv6
+ member VLAN10-IPv4
+ member VLAN10-IPv6
+ member VLAN500-IPv4
+ member VLAN500-IPv6
+ member VLAN15-IPv4
+ member VLAN15-IPv6
+ member VLAN810-IPv6
+ member VLAN810-IPv4
+ member VLAN520-IPv4
+ member VLAN520-IPv6
+ }
+ }
+}
+interfaces {
+ dummy dum0 {
+ address 2001:db8:200:ffff::2/128
+ address 10.0.151.251/32
+ }
+ ethernet eth0 {
+ vif 5 {
+ address 10.0.150.121/28
+ address 2001:db8:200:f0::4/64
+ ip {
+ ospf {
+ authentication {
+ md5 {
+ key-id 10 {
+ md5-key vyosospfkey
+ }
+ }
+ }
+ cost 10
+ dead-interval 40
+ hello-interval 10
+ network broadcast
+ priority 200
+ retransmit-interval 5
+ transmit-delay 5
+ }
+ }
+ }
+ vif 10 {
+ address 2001:db8:200:10::1:ffff/64
+ address 2001:db8:200::1:ffff/64
+ address 10.0.150.60/26
+ }
+ vif 15 {
+ address 10.0.150.76/28
+ address 2001:db8:200:15::1:ffff/64
+ firewall {
+ out {
+ ipv6-name WAN-TO-VLAN15-6
+ name WAN-TO-VLAN15-4
+ }
+ }
+ }
+ vif 50 {
+ address 192.168.189.2/24
+ }
+ vif 110 {
+ address 2001:db8:200:101::ffff/64
+ address 10.0.151.190/27
+ address 10.0.151.158/28
+ }
+ vif 410 {
+ address 10.0.151.206/28
+ address 2001:db8:200:104::ffff/64
+ }
+ vif 450 {
+ address 2001:db8:200:103::ffff/64
+ address 10.0.151.142/29
+ disable
+ }
+ vif 500 {
+ address 10.0.151.236/28
+ address 2001:db8:200:50::1:ffff/64
+ }
+ vif 520 {
+ address 10.0.150.188/26
+ address 2001:db8:200:520::1:ffff/64
+ }
+ vif 800 {
+ address 2001:db8:200:ff::104:1/112
+ address 10.0.151.212/31
+ }
+ vif 810 {
+ address 10.0.151.28/27
+ address 2001:db8:200:102::1:ffff/64
+ }
+ }
+ ethernet eth1 {
+ }
+ loopback lo {
+ }
+}
+policy {
+ prefix-list as65000-origin-v4 {
+ rule 10 {
+ action permit
+ prefix 10.0.150.0/23
+ }
+ rule 100 {
+ action permit
+ prefix 0.0.0.0/0
+ }
+ }
+ prefix-list6 as65000-origin-v6 {
+ rule 10 {
+ action permit
+ prefix 2001:db8:200::/40
+ }
+ }
+ route-map as65010-in {
+ rule 10 {
+ action permit
+ set {
+ local-preference 30
+ }
+ }
+ }
+ route-map as65010-out {
+ rule 10 {
+ action permit
+ set {
+ as-path-prepend "65000 65000"
+ }
+ }
+ }
+}
+protocols {
+ bgp 65000 {
+ address-family {
+ ipv4-unicast {
+ network 10.0.150.0/23 {
+ }
+ }
+ ipv6-unicast {
+ network 2001:db8:200::/40 {
+ }
+ }
+ }
+ neighbor 10.0.151.222 {
+ disable-send-community {
+ extended
+ standard
+ }
+ address-family {
+ ipv4-unicast {
+ default-originate {
+ }
+ prefix-list {
+ export as65000-origin-v4
+ }
+ route-map {
+ export as65010-out
+ import as65010-in
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65010
+ }
+ neighbor 10.0.151.252 {
+ peer-group VYOSv4
+ }
+ neighbor 10.0.151.254 {
+ peer-group VYOSv4
+ }
+ neighbor 2001:db8:200:ffff::3 {
+ peer-group VYOSv6
+ }
+ neighbor 2001:db8:200:ffff::a {
+ peer-group VYOSv6
+ }
+ neighbor 2001:db8:200:ff::101:2 {
+ address-family {
+ ipv6-unicast {
+ capability {
+ dynamic
+ }
+ prefix-list {
+ export as65000-origin-v6
+ }
+ route-map {
+ import as65010-in
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ remote-as 65010
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ log-neighbor-changes
+ router-id 10.0.151.251
+ }
+ peer-group VYOSv4 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self {
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65000
+ update-source dum0
+ }
+ peer-group VYOSv6 {
+ address-family {
+ ipv6-unicast {
+ nexthop-self {
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65000
+ update-source dum0
+ }
+ timers {
+ holdtime 30
+ keepalive 10
+ }
+ }
+ ospf {
+ area 0 {
+ area-type {
+ normal
+ }
+ authentication md5
+ network 10.0.151.251/32
+ network 10.0.151.208/31
+ network 10.0.150.112/28
+ }
+ parameters {
+ abr-type cisco
+ router-id 10.0.151.251
+ }
+ passive-interface default
+ passive-interface-exclude dum0
+ passive-interface-exclude eth0.5
+ redistribute {
+ connected {
+ metric-type 2
+ }
+ static {
+ metric-type 2
+ }
+ }
+ }
+ ospfv3 {
+ area 0.0.0.0 {
+ interface dum0
+ interface eth0.5
+ }
+ parameters {
+ router-id 10.0.151.251
+ }
+ redistribute {
+ connected {
+ }
+ static {
+ }
+ }
+ }
+ static {
+ route 10.0.0.0/8 {
+ MY-NAS {
+ distance 254
+ }
+ }
+ route 172.16.0.0/12 {
+ MY-NAS {
+ distance 254
+ }
+ }
+ route 192.168.0.0/16 {
+ MY-NAS {
+ distance 254
+ }
+ }
+ route 193.148.249.144/32 {
+ next-hop 192.168.189.1 {
+ }
+ }
+ route 10.0.150.0/23 {
+ MY-NAS {
+ distance 254
+ }
+ }
+ route 10.0.151.32/27 {
+ next-hop 10.0.151.5 {
+ }
+ }
+ route6 2001:db8:2fe:ffff::/64 {
+ next-hop 2001:db8:200:102::4 {
+ }
+ }
+ route6 2001:db8:2ff::/48 {
+ next-hop 2001:db8:200:101::1 {
+ }
+ }
+ route6 2001:db8:200::/40 {
+ MY-NAS {
+ distance 254
+ }
+ }
+ }
+}
+service {
+ dhcp-server {
+ shared-network-name NET-VYOS-DHCP-1 {
+ subnet 10.0.151.224/28 {
+ default-router 10.0.151.238
+ dns-server 10.0.150.2
+ dns-server 10.0.150.1
+ domain-name vyos.net
+ failover {
+ local-address 10.0.151.236
+ name NET-VYOS-DHCP-1
+ peer-address 10.0.151.237
+ status primary
+ }
+ lease 1800
+ range 0 {
+ start 10.0.151.225
+ stop 10.0.151.237
+ }
+ }
+ }
+ shared-network-name NET-VYOS-HOSTING-1 {
+ subnet 10.0.150.128/26 {
+ default-router 10.0.150.190
+ dns-server 10.0.150.2
+ dns-server 10.0.150.1
+ domain-name vyos.net
+ failover {
+ local-address 10.0.150.188
+ name NET-VYOS-HOSTING-1
+ peer-address 10.0.150.189
+ status primary
+ }
+ lease 604800
+ range 0 {
+ start 10.0.150.129
+ stop 10.0.150.187
+ }
+ }
+ }
+ }
+ lldp {
+ interface all {
+ }
+ management-address 10.0.151.251
+ snmp {
+ enable
+ }
+ }
+ router-advert {
+ interface eth4.500 {
+ default-preference high
+ name-server 2001:db8:200::1
+ name-server 2001:db8:200::2
+ prefix 2001:db8:200:50::/64 {
+ valid-lifetime infinity
+ }
+ }
+ interface eth4.520 {
+ default-preference high
+ name-server 2001:db8:200::1
+ name-server 2001:db8:200::2
+ prefix 2001:db8:200:520::/64 {
+ valid-lifetime infinity
+ }
+ }
+ }
+ snmp {
+ community public {
+ network 10.0.150.0/26
+ network 2001:db8:200:10::/64
+ }
+ contact noc@vyos.net
+ listen-address 10.0.151.251 {
+ }
+ listen-address 2001:db8:200:ffff::2 {
+ }
+ location "Jenkins"
+ }
+ ssh {
+ disable-host-validation
+ listen-address 10.0.151.251
+ listen-address 2001:db8:200:ffff::2
+ listen-address 192.168.189.2
+ loglevel fatal
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.net
+ host-name vyos
+ login {
+ banner {
+ pre-login "VyOS - Network\n"
+ }
+ radius {
+ server 192.0.2.1 {
+ key SuperS3cretRADIUSkey
+ timeout 1
+ }
+ server 192.0.2.2 {
+ key SuperS3cretRADIUSkey
+ timeout 1
+ }
+ source-address 192.0.2.254
+ }
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 192.0.2.1
+ name-server 192.0.2.2
+ name-server 2001:db8:200::1
+ name-server 2001:db8:200::2
+ ntp {
+ allow-clients {
+ address 10.0.150.0/23
+ address 2001:db8:200::/40
+ }
+ listen-address 10.0.151.251
+ listen-address 2001:db8:200:ffff::2
+ server 0.de.pool.ntp.org {
+ }
+ server 1.de.pool.ntp.org {
+ }
+ server 2.de.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level notice
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ host 10.0.150.26 {
+ facility all {
+ level all
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3-beta-202101151942
diff --git a/smoketest/configs/bgp-small-internet-exchange b/smoketest/configs/bgp-small-internet-exchange
new file mode 100644
index 000000000..d51f87c4a
--- /dev/null
+++ b/smoketest/configs/bgp-small-internet-exchange
@@ -0,0 +1,488 @@
+interfaces {
+ ethernet eth0 {
+ address 192.0.2.100/25
+ address 2001:db8:aaaa::ffff/64
+ }
+ ethernet eth1 {
+ address 192.0.2.200/25
+ address 2001:db8:bbbb::ffff/64
+ }
+ loopback lo {
+ }
+}
+policy {
+ as-path-list bogon-asns {
+ rule 10 {
+ action permit
+ description "RFC 7607"
+ regex _0_
+ }
+ rule 20 {
+ action permit
+ description "RFC 4893"
+ regex _23456_
+ }
+ rule 30 {
+ action permit
+ description "RFC 5398/6996/7300"
+ regex _6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_
+ }
+ rule 40 {
+ action permit
+ description "IANA reserved"
+ regex _6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_
+ }
+ }
+ prefix-list bogon-v4 {
+ rule 10 {
+ action permit
+ le 32
+ prefix 0.0.0.0/8
+ }
+ rule 20 {
+ action permit
+ le 32
+ prefix 10.0.0.0/8
+ }
+ rule 30 {
+ action permit
+ le 32
+ prefix 100.64.0.0/10
+ }
+ rule 40 {
+ action permit
+ le 32
+ prefix 127.0.0.0/8
+ }
+ rule 50 {
+ action permit
+ le 32
+ prefix 169.254.0.0/16
+ }
+ rule 60 {
+ action permit
+ le 32
+ prefix 172.16.0.0/12
+ }
+ rule 70 {
+ action permit
+ le 32
+ prefix 192.0.2.0/24
+ }
+ rule 80 {
+ action permit
+ le 32
+ prefix 192.88.99.0/24
+ }
+ rule 90 {
+ action permit
+ le 32
+ prefix 192.168.0.0/16
+ }
+ rule 100 {
+ action permit
+ le 32
+ prefix 198.18.0.0/15
+ }
+ rule 110 {
+ action permit
+ le 32
+ prefix 198.51.100.0/24
+ }
+ rule 120 {
+ action permit
+ le 32
+ prefix 203.0.113.0/24
+ }
+ rule 130 {
+ action permit
+ le 32
+ prefix 224.0.0.0/4
+ }
+ rule 140 {
+ action permit
+ le 32
+ prefix 240.0.0.0/4
+ }
+ }
+ prefix-list IX-out-v4 {
+ rule 10 {
+ action permit
+ prefix 10.0.0.0/23
+ }
+ rule 20 {
+ action permit
+ prefix 10.0.128.0/23
+ }
+ }
+ prefix-list prefix-filter-v4 {
+ rule 10 {
+ action permit
+ ge 25
+ prefix 0.0.0.0/0
+ }
+ }
+ prefix-list6 bogon-v6 {
+ rule 10 {
+ action permit
+ description "RFC 4291 IPv4-compatible, loopback, et al"
+ le 128
+ prefix ::/8
+ }
+ rule 20 {
+ action permit
+ description "RFC 6666 Discard-Only"
+ le 128
+ prefix 0100::/64
+ }
+ rule 30 {
+ action permit
+ description "RFC 5180 BMWG"
+ le 128
+ prefix 2001:2::/48
+ }
+ rule 40 {
+ action permit
+ description "RFC 4843 ORCHID"
+ le 128
+ prefix 2001:10::/28
+ }
+ rule 50 {
+ action permit
+ description "RFC 3849 documentation"
+ le 128
+ prefix 2001:db8::/32
+ }
+ rule 60 {
+ action permit
+ description "RFC 7526 6to4 anycast relay"
+ le 128
+ prefix 2002::/16
+ }
+ rule 70 {
+ action permit
+ description "RFC 3701 old 6bone"
+ le 128
+ prefix 3ffe::/16
+ }
+ rule 80 {
+ action permit
+ description "RFC 4193 unique local unicast"
+ le 128
+ prefix fc00::/7
+ }
+ rule 90 {
+ action permit
+ description "RFC 4291 link local unicast"
+ le 128
+ prefix fe80::/10
+ }
+ rule 100 {
+ action permit
+ description "RFC 3879 old site local unicast"
+ le 128
+ prefix fec0::/10
+ }
+ rule 110 {
+ action permit
+ description "RFC 4291 multicast"
+ le 128
+ prefix ff00::/8
+ }
+ }
+ prefix-list6 prefix-filter-v6 {
+ rule 10 {
+ action permit
+ ge 49
+ prefix ::/0
+ }
+ }
+ prefix-list6 IX-out-v6 {
+ rule 10 {
+ action permit
+ prefix 2001:db8:100::/40
+ }
+ rule 20 {
+ action permit
+ prefix 2001:db8:200::/40
+ }
+ }
+ route-map eBGP-IN-v4 {
+ rule 10 {
+ action deny
+ match {
+ as-path bogon-asns
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list bogon-v4
+ }
+ }
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list prefix-filter-v4
+ }
+ }
+ }
+ }
+ rule 40 {
+ action permit
+ set {
+ local-preference 100
+ metric 0
+ }
+ }
+ }
+ route-map eBGP-IN-v6 {
+ rule 10 {
+ action deny
+ match {
+ as-path bogon-asns
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list bogon-v6
+ }
+ }
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list prefix-filter-v6
+ }
+ }
+ }
+ }
+ rule 40 {
+ action permit
+ set {
+ local-preference 100
+ metric 0
+ }
+ }
+ }
+ route-map IX-in-v4 {
+ rule 5 {
+ action permit
+ call eBGP-IN-v4
+ on-match {
+ next
+ }
+ }
+ rule 10 {
+ action permit
+ }
+ }
+ route-map IX-out-v4 {
+ rule 10 {
+ action permit
+ match {
+ ip {
+ address {
+ prefix-list IX-out-v4
+ }
+ }
+ }
+ }
+ }
+ route-map IX-in-v6 {
+ rule 5 {
+ action permit
+ call eBGP-IN-v6
+ on-match {
+ next
+ }
+ }
+ rule 10 {
+ action permit
+ }
+ }
+ route-map IX-out-v6 {
+ rule 10 {
+ action permit
+ match {
+ ipv6 {
+ address {
+ prefix-list IX-out-v6
+ }
+ }
+ }
+ }
+ }
+}
+protocols {
+ bgp 65000 {
+ address-family {
+ ipv4-unicast {
+ network 10.0.0.0/23 {
+ }
+ network 10.0.128.0/23 {
+ }
+ }
+ ipv6-unicast {
+ network 2001:db8:100::/40 {
+ }
+ network 2001:db8:200::/40 {
+ }
+ }
+ }
+ neighbor 192.0.2.1 {
+ description "Peering: IX-1 (Route Server)"
+ peer-group IXPeeringIPv4
+ remote-as 65020
+ }
+ neighbor 192.0.2.2 {
+ description "Peering: IX-1 (Route Server)"
+ peer-group IXPeeringIPv4
+ remote-as 65020
+ }
+ neighbor 192.0.2.3 {
+ description "Peering: IX-1 (Route Server)"
+ peer-group IXPeeringIPv4
+ remote-as 65020
+ }
+ neighbor 192.0.2.129 {
+ description "Peering: IX-2 (Route Server)"
+ peer-group IXPeeringIPv4
+ remote-as 65030
+ }
+ neighbor 192.0.2.130 {
+ description "Peering: IX-2 (Route Server)"
+ peer-group IXPeeringIPv4
+ remote-as 65030
+ }
+ neighbor 2001:db8:aaaa::1 {
+ description "Peering: IX-1 (Route Server)"
+ peer-group IXPeeringIPv6
+ remote-as 65020
+ }
+ neighbor 2001:db8:aaaa::2 {
+ description "Peering: IX-1 (Route Server)"
+ peer-group IXPeeringIPv6
+ remote-as 65020
+ }
+ neighbor 2001:db8:bbbb::1 {
+ description "Peering: IX-2 (Route Server)"
+ peer-group IXPeeringIPv6
+ remote-as 65030
+ }
+ neighbor 2001:db8:bbbb::2 {
+ description "Peering: IX-2 (Route Server)"
+ peer-group IXPeeringIPv6
+ remote-as 65030
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ }
+ peer-group IXPeeringIPv4 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export IX-out-v4
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ }
+ peer-group IXPeeringIPv6 {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export IX-out-v6
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ }
+ }
+ static {
+ route 10.0.0.0/23 {
+ blackhole {
+ distance 250
+ }
+ }
+ route 10.0.128.0/23 {
+ blackhole {
+ distance 250
+ }
+ }
+ route6 2001:db8:100::/40 {
+ blackhole {
+ distance 250
+ }
+ }
+ route6 2001:db8:200::/40 {
+ blackhole {
+ distance 250
+ }
+ }
+ }
+}
+service {
+ ssh {
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@13:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@19:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1"
+// Release version: 1.3-rolling-202010241631
diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
new file mode 100644
index 000000000..fef79ea56
--- /dev/null
+++ b/smoketest/configs/dialup-router-complex
@@ -0,0 +1,1662 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group MEDIA-STREAMING-CLIENTS {
+ address 172.16.35.241
+ address 172.16.35.242
+ address 172.16.35.243
+ }
+ address-group DMZ-WEBSERVER {
+ address 172.16.36.10
+ address 172.16.36.40
+ address 172.16.36.20
+ }
+ address-group DMZ-RDP-SERVER {
+ address 172.16.33.40
+ }
+ address-group DOMAIN-CONTROLLER {
+ address 172.16.100.10
+ address 172.16.100.20
+ }
+ address-group AUDIO-STREAM {
+ address 172.16.35.20
+ address 172.16.35.21
+ address 172.16.35.22
+ address 172.16.35.23
+ }
+ ipv6-network-group LOCAL-ADDRESSES {
+ network ff02::/64
+ network fe80::/10
+ }
+ network-group SSH-IN-ALLOW {
+ network 192.0.2.0/24
+ network 10.0.0.0/8
+ network 172.16.0.0/12
+ network 192.168.0.0/16
+ }
+ port-group SMART-TV-PORTS {
+ port 5005-5006
+ port 80
+ port 443
+ port 3722
+ }
+ }
+ ipv6-name ALLOW-ALL-6 {
+ default-action accept
+ }
+ ipv6-name ALLOW-BASIC-6 {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ state {
+ invalid enable
+ }
+ }
+ rule 10 {
+ action accept
+ protocol icmpv6
+ }
+ }
+ ipv6-name ALLOW-ESTABLISHED-6 {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ state {
+ invalid enable
+ }
+ }
+ rule 10 {
+ action accept
+ destination {
+ group {
+ network-group LOCAL-ADDRESSES
+ }
+ }
+ protocol icmpv6
+ source {
+ address fe80::/10
+ }
+ }
+ rule 20 {
+ action accept
+ icmpv6 {
+ type echo-request
+ }
+ protocol icmpv6
+ }
+ rule 21 {
+ action accept
+ icmpv6 {
+ type destination-unreachable
+ }
+ protocol icmpv6
+ }
+ rule 22 {
+ action accept
+ icmpv6 {
+ type packet-too-big
+ }
+ protocol icmpv6
+ }
+ rule 23 {
+ action accept
+ icmpv6 {
+ type time-exceeded
+ }
+ protocol icmpv6
+ }
+ rule 24 {
+ action accept
+ icmpv6 {
+ type parameter-problem
+ }
+ protocol icmpv6
+ }
+ }
+ ipv6-name WAN-LOCAL-6 {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ state {
+ invalid enable
+ }
+ }
+ rule 10 {
+ action accept
+ destination {
+ address ff02::/64
+ }
+ protocol icmpv6
+ source {
+ address fe80::/10
+ }
+ }
+ rule 50 {
+ action accept
+ description DHCPv6
+ destination {
+ address fe80::/10
+ port 546
+ }
+ protocol udp
+ source {
+ address fe80::/10
+ port 547
+ }
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ name DMZ-GUEST {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ }
+ name DMZ-LAN {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ description "NTP and LDAP to AD DC"
+ destination {
+ group {
+ address-group DOMAIN-CONTROLLER
+ }
+ port 123,389,636
+ }
+ protocol tcp_udp
+ }
+ rule 300 {
+ action accept
+ destination {
+ group {
+ address-group DMZ-RDP-SERVER
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 172.16.36.20
+ }
+ }
+ }
+ name DMZ-LOCAL {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 50 {
+ action accept
+ destination {
+ address 172.16.254.30
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 123 {
+ action accept
+ destination {
+ port 123
+ }
+ protocol udp
+ }
+ }
+ name DMZ-WAN {
+ default-action accept
+ }
+ name GUEST-DMZ {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ destination {
+ port 80,443
+ }
+ protocol tcp
+ }
+ }
+ name GUEST-IOT {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ description "MEDIA-STREAMING-CLIENTS Devices to GUEST"
+ destination {
+ group {
+ address-group MEDIA-STREAMING-CLIENTS
+ }
+ }
+ protocol tcp_udp
+ }
+ rule 110 {
+ action accept
+ description "AUDIO-STREAM Devices to GUEST"
+ destination {
+ group {
+ address-group AUDIO-STREAM
+ }
+ }
+ protocol tcp_udp
+ }
+ rule 200 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 224.0.0.251
+ port 5353
+ }
+ protocol udp
+ }
+ rule 300 {
+ action accept
+ description "BCAST relay"
+ destination {
+ port 1900
+ }
+ protocol udp
+ }
+ }
+ name GUEST-LAN {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ }
+ name GUEST-LOCAL {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 10 {
+ action accept
+ description DNS
+ destination {
+ address 172.31.0.254
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 11 {
+ action accept
+ description DHCP
+ destination {
+ port 67
+ }
+ protocol udp
+ }
+ rule 15 {
+ action accept
+ destination {
+ address 172.31.0.254
+ }
+ protocol icmp
+ }
+ rule 200 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 224.0.0.251
+ port 5353
+ }
+ protocol udp
+ }
+ rule 210 {
+ action accept
+ description "AUDIO-STREAM Broadcast"
+ destination {
+ port 1900
+ }
+ protocol udp
+ }
+ }
+ name GUEST-WAN {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 25 {
+ action accept
+ description SMTP
+ destination {
+ port 25,587
+ }
+ protocol tcp
+ }
+ rule 53 {
+ action accept
+ destination {
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 60 {
+ action accept
+ source {
+ address 172.31.0.200
+ }
+ }
+ rule 80 {
+ action accept
+ source {
+ address 172.31.0.200
+ }
+ }
+ rule 100 {
+ action accept
+ protocol icmp
+ }
+ rule 110 {
+ action accept
+ description POP3
+ destination {
+ port 110,995
+ }
+ protocol tcp
+ }
+ rule 123 {
+ action accept
+ description "NTP Client"
+ destination {
+ port 123
+ }
+ protocol udp
+ }
+ rule 143 {
+ action accept
+ description IMAP
+ destination {
+ port 143,993
+ }
+ protocol tcp
+ }
+ rule 200 {
+ action accept
+ destination {
+ port 80,443
+ }
+ protocol tcp
+ }
+ rule 500 {
+ action accept
+ description "L2TP IPSec"
+ destination {
+ port 500,4500
+ }
+ protocol udp
+ }
+ rule 600 {
+ action accept
+ destination {
+ port 5222-5224
+ }
+ protocol tcp
+ }
+ rule 601 {
+ action accept
+ destination {
+ port 3478-3497,4500,16384-16387,16393-16402
+ }
+ protocol udp
+ }
+ rule 1000 {
+ action accept
+ source {
+ address 172.31.0.184
+ }
+ }
+ }
+ name IOT-GUEST {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ description "MEDIA-STREAMING-CLIENTS Devices to IOT"
+ protocol tcp_udp
+ source {
+ group {
+ address-group MEDIA-STREAMING-CLIENTS
+ }
+ }
+ }
+ rule 110 {
+ action accept
+ description "AUDIO-STREAM Devices to IOT"
+ protocol tcp_udp
+ source {
+ group {
+ address-group AUDIO-STREAM
+ }
+ }
+ }
+ rule 200 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 224.0.0.251
+ port 5353
+ }
+ protocol udp
+ }
+ rule 300 {
+ action accept
+ description "BCAST relay"
+ destination {
+ port 1900
+ }
+ protocol udp
+ }
+ }
+ name IOT-LAN {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ description "AppleTV to LAN"
+ destination {
+ group {
+ port-group SMART-TV-PORTS
+ }
+ }
+ protocol tcp_udp
+ source {
+ group {
+ address-group MEDIA-STREAMING-CLIENTS
+ }
+ }
+ }
+ rule 110 {
+ action accept
+ description "AUDIO-STREAM Devices to LAN"
+ protocol tcp_udp
+ source {
+ group {
+ address-group AUDIO-STREAM
+ }
+ }
+ }
+ }
+ name IOT-LOCAL {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 10 {
+ action accept
+ description DNS
+ destination {
+ address 172.16.254.30
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 11 {
+ action accept
+ description DHCP
+ destination {
+ port 67
+ }
+ protocol udp
+ }
+ rule 15 {
+ action accept
+ destination {
+ address 172.16.35.254
+ }
+ protocol icmp
+ }
+ rule 200 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 224.0.0.251
+ port 5353
+ }
+ protocol udp
+ }
+ rule 201 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 172.16.35.254
+ port 5353
+ }
+ protocol udp
+ }
+ rule 210 {
+ action accept
+ description "AUDIO-STREAM Broadcast"
+ destination {
+ port 1900,1902,6969
+ }
+ protocol udp
+ }
+ }
+ name IOT-WAN {
+ default-action accept
+ }
+ name LAN-DMZ {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 22 {
+ action accept
+ description "SSH into DMZ"
+ destination {
+ port 22
+ }
+ protocol tcp
+ }
+ rule 100 {
+ action accept
+ destination {
+ group {
+ address-group DMZ-WEBSERVER
+ }
+ port 22,80,443
+ }
+ protocol tcp
+ }
+ }
+ name LAN-GUEST {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ }
+ name LAN-IOT {
+ default-action accept
+ }
+ name LAN-LOCAL {
+ default-action accept
+ }
+ name LAN-WAN {
+ default-action accept
+ }
+ name LOCAL-DMZ {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ }
+ name LOCAL-GUEST {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 5 {
+ action accept
+ protocol icmp
+ }
+ rule 200 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 224.0.0.251
+ port 5353
+ }
+ protocol udp
+ }
+ rule 300 {
+ action accept
+ description "BCAST relay"
+ destination {
+ port 1900
+ }
+ protocol udp
+ }
+ }
+ name LOCAL-IOT {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 5 {
+ action accept
+ protocol icmp
+ }
+ rule 200 {
+ action accept
+ description "MCAST relay"
+ destination {
+ address 224.0.0.251
+ port 5353
+ }
+ protocol udp
+ }
+ rule 300 {
+ action accept
+ description "BCAST relay"
+ destination {
+ port 1900,6969
+ }
+ protocol udp
+ }
+ }
+ name LOCAL-LAN {
+ default-action accept
+ }
+ name LOCAL-WAN {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 10 {
+ action accept
+ protocol icmp
+ }
+ rule 50 {
+ action accept
+ description DNS
+ destination {
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 80 {
+ action accept
+ destination {
+ port 80,443
+ }
+ protocol tcp
+ }
+ rule 123 {
+ action accept
+ description NTP
+ destination {
+ port 123
+ }
+ protocol udp
+ }
+ }
+ name WAN-DMZ {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 100 {
+ action accept
+ destination {
+ address 172.16.36.10
+ port 80,443
+ }
+ protocol tcp
+ }
+ }
+ name WAN-GUEST {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 1000 {
+ action accept
+ destination {
+ address 172.31.0.184
+ }
+ }
+ rule 8000 {
+ action accept
+ destination {
+ address 172.31.0.200
+ port 10000
+ }
+ protocol udp
+ }
+ }
+ name WAN-IOT {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ }
+ name WAN-LAN {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 1000 {
+ action accept
+ destination {
+ address 172.16.33.40
+ port 3389
+ }
+ protocol tcp
+ source {
+ group {
+ network-group SSH-IN-ALLOW
+ }
+ }
+ }
+ }
+ name WAN-LOCAL {
+ default-action drop
+ enable-default-log
+ rule 1 {
+ action accept
+ state {
+ established enable
+ related enable
+ }
+ }
+ rule 2 {
+ action drop
+ log enable
+ state {
+ invalid enable
+ }
+ }
+ rule 22 {
+ action accept
+ destination {
+ port 22
+ }
+ protocol tcp
+ source {
+ group {
+ network-group SSH-IN-ALLOW
+ }
+ }
+ }
+ }
+ options {
+ interface pppoe0 {
+ adjust-mss 1452
+ adjust-mss6 1432
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
+interfaces {
+ dummy dum0 {
+ address 172.16.254.30/32
+ }
+ ethernet eth0 {
+ duplex auto
+ speed auto
+ vif 5 {
+ address 172.16.37.254/24
+ }
+ vif 10 {
+ address 172.16.33.254/24
+ }
+ vif 20 {
+ address 172.31.0.254/24
+ }
+ vif 35 {
+ address 172.16.35.254/24
+ }
+ vif 50 {
+ address 172.16.36.254/24
+ }
+ vif 100 {
+ address 172.16.100.254/24
+ }
+ vif 201 {
+ address 172.18.201.254/24
+ }
+ vif 202 {
+ address 172.18.202.254/24
+ }
+ vif 203 {
+ address 172.18.203.254/24
+ }
+ vif 204 {
+ address 172.18.204.254/24
+ }
+ }
+ ethernet eth1 {
+ vif 7 {
+ description FTTH-PPPoE
+ }
+ }
+ loopback lo {
+ address 172.16.254.30/32
+ }
+ pppoe pppoe0 {
+ authentication {
+ password vyos
+ user vyos
+ }
+ default-route auto
+ description "FTTH 100/50MBit"
+ dhcpv6-options {
+ pd 0 {
+ interface eth0.10 {
+ address 1
+ sla-id 10
+ }
+ interface eth0.20 {
+ address 1
+ sla-id 20
+ }
+ length 56
+ }
+ }
+ ipv6 {
+ address {
+ autoconf
+ }
+ }
+ mtu 1492
+ no-peer-dns
+ source-interface eth1.7
+ }
+}
+nat {
+ destination {
+ rule 100 {
+ description HTTP(S)
+ destination {
+ port 80,443
+ }
+ inbound-interface pppoe0
+ log
+ protocol tcp
+ translation {
+ address 172.16.36.10
+ }
+ }
+ rule 1000 {
+ destination {
+ port 3389
+ }
+ disable
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 172.16.33.40
+ }
+ }
+ rule 8000 {
+ destination {
+ port 10000
+ }
+ inbound-interface pppoe0
+ log
+ protocol udp
+ translation {
+ address 172.31.0.200
+ }
+ }
+ }
+ source {
+ rule 100 {
+ log
+ outbound-interface pppoe0
+ source {
+ address 172.16.32.0/19
+ }
+ translation {
+ address masquerade
+ }
+ }
+ rule 200 {
+ outbound-interface pppoe0
+ source {
+ address 172.16.100.0/24
+ }
+ translation {
+ address masquerade
+ }
+ }
+ rule 300 {
+ outbound-interface pppoe0
+ source {
+ address 172.31.0.0/24
+ }
+ translation {
+ address masquerade
+ }
+ }
+ rule 400 {
+ outbound-interface pppoe0
+ source {
+ address 172.18.200.0/21
+ }
+ translation {
+ address masquerade
+ }
+ }
+ }
+}
+protocols {
+ static {
+ interface-route6 2000::/3 {
+ next-hop-interface pppoe0 {
+ }
+ }
+ route 10.0.0.0/8 {
+ blackhole {
+ distance 254
+ }
+ }
+ route 169.254.0.0/16 {
+ blackhole {
+ distance 254
+ }
+ }
+ route 172.16.0.0/12 {
+ blackhole {
+ distance 254
+ }
+ }
+ route 192.168.0.0/16 {
+ blackhole {
+ distance 254
+ }
+ }
+ }
+}
+service {
+ dhcp-server {
+ shared-network-name BACKBONE {
+ authoritative
+ subnet 172.16.37.0/24 {
+ default-router 172.16.37.254
+ dns-server 172.16.254.30
+ domain-name vyos.net
+ domain-search vyos.net
+ lease 86400
+ ntp-server 172.16.254.30
+ range 0 {
+ start 172.16.37.120
+ stop 172.16.37.149
+ }
+ static-mapping AP1.wue3 {
+ ip-address 172.16.37.231
+ mac-address 18:e8:29:6c:c3:a5
+ }
+ }
+ }
+ shared-network-name GUEST {
+ authoritative
+ subnet 172.31.0.0/24 {
+ default-router 172.31.0.254
+ dns-server 172.31.0.254
+ domain-name vyos.net
+ domain-search vyos.net
+ lease 86400
+ range 0 {
+ start 172.31.0.100
+ stop 172.31.0.199
+ }
+ static-mapping host01 {
+ ip-address 172.31.0.200
+ mac-address 00:50:00:00:00:01
+ }
+ static-mapping host02 {
+ ip-address 172.31.0.184
+ mac-address 00:50:00:00:00:02
+ }
+ }
+ }
+ shared-network-name IOT {
+ authoritative
+ subnet 172.16.35.0/24 {
+ default-router 172.16.35.254
+ dns-server 172.16.254.30
+ domain-name vyos.net
+ domain-search vyos.net
+ lease 86400
+ ntp-server 172.16.254.30
+ range 0 {
+ start 172.16.35.101
+ stop 172.16.35.149
+ }
+ }
+ }
+ shared-network-name LAN {
+ authoritative
+ subnet 172.16.33.0/24 {
+ default-router 172.16.33.254
+ dns-server 172.16.254.30
+ domain-name vyos.net
+ domain-search vyos.net
+ lease 86400
+ ntp-server 172.16.254.30
+ range 0 {
+ start 172.16.33.100
+ stop 172.16.33.189
+ }
+ }
+ }
+ }
+ dns {
+ forwarding {
+ allow-from 172.16.0.0/12
+ cache-size 0
+ domain 16.172.in-addr.arpa {
+ addnta
+ recursion-desired
+ server 172.16.100.10
+ server 172.16.100.20
+ server 172.16.110.30
+ }
+ domain 18.172.in-addr.arpa {
+ addnta
+ recursion-desired
+ server 172.16.100.10
+ server 172.16.100.20
+ server 172.16.110.30
+ }
+ domain vyos.net {
+ addnta
+ recursion-desired
+ server 172.16.100.20
+ server 172.16.100.10
+ server 172.16.110.30
+ }
+ ignore-hosts-file
+ listen-address 172.16.254.30
+ listen-address 172.31.0.254
+ negative-ttl 60
+ }
+ }
+ lldp {
+ legacy-protocols {
+ cdp
+ }
+ snmp {
+ enable
+ }
+ }
+ mdns {
+ repeater {
+ interface eth0.35
+ interface eth0.10
+ }
+ }
+ router-advert {
+ interface eth0.10 {
+ prefix ::/64 {
+ preferred-lifetime 2700
+ valid-lifetime 5400
+ }
+ }
+ interface eth0.20 {
+ prefix ::/64 {
+ preferred-lifetime 2700
+ valid-lifetime 5400
+ }
+ }
+ }
+ snmp {
+ community fooBar {
+ authorization ro
+ network 172.16.100.0/24
+ }
+ contact "VyOS maintainers and contributors <maintainers@vyos.io>"
+ listen-address 172.16.254.30 {
+ port 161
+ }
+ location "The Internet"
+ }
+ ssh {
+ disable-host-validation
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ conntrack {
+ expect-table-size 2048
+ hash-size 32768
+ modules {
+ sip {
+ disable
+ }
+ }
+ table-size 262144
+ timeout {
+ icmp 30
+ other 600
+ udp {
+ other 300
+ stream 300
+ }
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.net
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 172.16.254.30
+ ntp {
+ allow-clients {
+ address 172.16.0.0/12
+ }
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ option {
+ ctrl-alt-delete ignore
+ reboot-on-panic
+ startup-beep
+ }
+ syslog {
+ global {
+ facility all {
+ level debug
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ host 172.16.100.1 {
+ facility all {
+ level warning
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+traffic-policy {
+ shaper QoS {
+ bandwidth 50mbit
+ default {
+ bandwidth 100%
+ burst 15k
+ queue-limit 1000
+ queue-type fq-codel
+ }
+ }
+}
+zone-policy {
+ zone DMZ {
+ default-action drop
+ from GUEST {
+ firewall {
+ name GUEST-DMZ
+ }
+ }
+ from LAN {
+ firewall {
+ name LAN-DMZ
+ }
+ }
+ from LOCAL {
+ firewall {
+ name LOCAL-DMZ
+ }
+ }
+ from WAN {
+ firewall {
+ name WAN-DMZ
+ }
+ }
+ interface eth0.50
+ }
+ zone GUEST {
+ default-action drop
+ from DMZ {
+ firewall {
+ name DMZ-GUEST
+ }
+ }
+ from IOT {
+ firewall {
+ name IOT-GUEST
+ }
+ }
+ from LAN {
+ firewall {
+ name LAN-GUEST
+ }
+ }
+ from LOCAL {
+ firewall {
+ ipv6-name ALLOW-ALL-6
+ name LOCAL-GUEST
+ }
+ }
+ from WAN {
+ firewall {
+ ipv6-name ALLOW-ESTABLISHED-6
+ name WAN-GUEST
+ }
+ }
+ interface eth0.20
+ }
+ zone IOT {
+ default-action drop
+ from GUEST {
+ firewall {
+ name GUEST-IOT
+ }
+ }
+ from LAN {
+ firewall {
+ name LAN-IOT
+ }
+ }
+ from LOCAL {
+ firewall {
+ name LOCAL-IOT
+ }
+ }
+ from WAN {
+ firewall {
+ name WAN-IOT
+ }
+ }
+ interface eth0.35
+ }
+ zone LAN {
+ default-action drop
+ from DMZ {
+ firewall {
+ name DMZ-LAN
+ }
+ }
+ from GUEST {
+ firewall {
+ name GUEST-LAN
+ }
+ }
+ from IOT {
+ firewall {
+ name IOT-LAN
+ }
+ }
+ from LOCAL {
+ firewall {
+ ipv6-name ALLOW-ALL-6
+ name LOCAL-LAN
+ }
+ }
+ from WAN {
+ firewall {
+ ipv6-name ALLOW-ESTABLISHED-6
+ name WAN-LAN
+ }
+ }
+ interface eth0.5
+ interface eth0.10
+ interface eth0.100
+ interface eth0.201
+ interface eth0.202
+ interface eth0.203
+ interface eth0.204
+ }
+ zone LOCAL {
+ default-action drop
+ from DMZ {
+ firewall {
+ name DMZ-LOCAL
+ }
+ }
+ from GUEST {
+ firewall {
+ ipv6-name ALLOW-ESTABLISHED-6
+ name GUEST-LOCAL
+ }
+ }
+ from IOT {
+ firewall {
+ name IOT-LOCAL
+ }
+ }
+ from LAN {
+ firewall {
+ ipv6-name ALLOW-ALL-6
+ name LAN-LOCAL
+ }
+ }
+ from WAN {
+ firewall {
+ ipv6-name WAN-LOCAL-6
+ name WAN-LOCAL
+ }
+ }
+ local-zone
+ }
+ zone WAN {
+ default-action drop
+ from DMZ {
+ firewall {
+ name DMZ-WAN
+ }
+ }
+ from GUEST {
+ firewall {
+ ipv6-name ALLOW-ALL-6
+ name GUEST-WAN
+ }
+ }
+ from IOT {
+ firewall {
+ name IOT-WAN
+ }
+ }
+ from LAN {
+ firewall {
+ ipv6-name ALLOW-ALL-6
+ name LAN-WAN
+ }
+ }
+ from LOCAL {
+ firewall {
+ ipv6-name ALLOW-ALL-6
+ name LOCAL-WAN
+ }
+ }
+ interface pppoe0
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3-beta-202101091250
diff --git a/smoketest/configs/dialup-router-medium-vpn b/smoketest/configs/dialup-router-medium-vpn
new file mode 100644
index 000000000..dfb3d9621
--- /dev/null
+++ b/smoketest/configs/dialup-router-medium-vpn
@@ -0,0 +1,707 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ options {
+ interface vtun0 {
+ adjust-mss 1380
+ }
+ interface vtun1 {
+ adjust-mss 1380
+ }
+ interface vtun2 {
+ adjust-mss 1380
+ }
+ interface wg0 {
+ adjust-mss 1380
+ }
+ interface wg1 {
+ adjust-mss 1380
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies disable
+ twa-hazards-protection enable
+}
+high-availability {
+ vrrp {
+ group LAN {
+ hello-source-address 192.168.0.250
+ interface eth1
+ peer-address 192.168.0.251
+ priority 200
+ virtual-address 192.168.0.1/24
+ vrid 1
+ }
+ sync-group failover-group {
+ member LAN
+ }
+ }
+}
+interfaces {
+ ethernet eth0 {
+ duplex auto
+ mtu 9000
+ offload-options {
+ generic-receive on
+ generic-segmentation on
+ scatter-gather on
+ tcp-segmentation on
+ }
+ pppoe 0 {
+ default-route auto
+ mtu 1500
+ name-server auto
+ password password
+ traffic-policy {
+ out shape-17mbit
+ }
+ user-id vyos
+ password vyos
+ }
+ smp-affinity auto
+ speed auto
+ }
+ ethernet eth1 {
+ address 192.168.0.250/24
+ duplex auto
+ ip {
+ source-validation strict
+ }
+ mtu 9000
+ offload-options {
+ generic-receive on
+ generic-segmentation on
+ scatter-gather on
+ tcp-segmentation on
+ }
+ policy {
+ route LAN-POLICY-BASED-ROUTING
+ }
+ smp-affinity auto
+ speed auto
+ traffic-policy {
+ out shape-94mbit
+ }
+ }
+ loopback lo {
+ }
+ openvpn vtun0 {
+ encryption aes256
+ hash sha512
+ ip {
+ source-validation strict
+ }
+ keep-alive {
+ failure-count 3
+ interval 30
+ }
+ mode client
+ openvpn-option "comp-lzo adaptive"
+ openvpn-option fast-io
+ openvpn-option persist-key
+ openvpn-option "reneg-sec 86400"
+ persistent-tunnel
+ remote-host 192.0.2.10
+ tls {
+ ca-cert-file /config/auth/ovpn_test_ca.pem
+ cert-file /config/auth/ovpn_test_server.pem
+ key-file /config/auth/ovpn_test_server.key
+ auth-file /config/auth/ovpn_test_tls_auth.key
+ }
+ }
+ openvpn vtun1 {
+ authentication {
+ password vyos1
+ username vyos1
+ }
+ encryption aes256
+ hash sha1
+ keep-alive {
+ failure-count 3
+ interval 30
+ }
+ mode client
+ openvpn-option "comp-lzo adaptive"
+ openvpn-option "tun-mtu 1500"
+ openvpn-option "tun-mtu-extra 32"
+ openvpn-option "mssfix 1300"
+ openvpn-option persist-key
+ openvpn-option "mute 10"
+ openvpn-option route-nopull
+ openvpn-option fast-io
+ openvpn-option "reneg-sec 86400"
+ persistent-tunnel
+ protocol udp
+ remote-host 01.foo.com
+ remote-port 1194
+ tls {
+ ca-cert-file /config/auth/ovpn_test_ca.pem
+ auth-file /config/auth/ovpn_test_tls_auth.key
+ }
+ }
+ openvpn vtun2 {
+ authentication {
+ password vyos2
+ username vyos2
+ }
+ disable
+ encryption aes256
+ hash sha512
+ keep-alive {
+ failure-count 3
+ interval 30
+ }
+ mode client
+ openvpn-option "tun-mtu 1500"
+ openvpn-option "tun-mtu-extra 32"
+ openvpn-option "mssfix 1300"
+ openvpn-option persist-key
+ openvpn-option "mute 10"
+ openvpn-option route-nopull
+ openvpn-option fast-io
+ openvpn-option remote-random
+ openvpn-option "reneg-sec 86400"
+ persistent-tunnel
+ protocol udp
+ remote-host 01.myvpn.com
+ remote-host 02.myvpn.com
+ remote-host 03.myvpn.com
+ remote-port 1194
+ tls {
+ ca-cert-file /config/auth/ovpn_test_ca.pem
+ auth-file /config/auth/ovpn_test_tls_auth.key
+ }
+ }
+ wireguard wg0 {
+ address 192.168.10.1/24
+ peer red {
+ allowed-ips 192.168.10.4/32
+ persistent-keepalive 20
+ preshared-key CumyXX7osvUT9AwnS+m2TEfCaL0Ptc2LfuZ78Sujuk8=
+ pubkey ALGWvMJCKpHF2tVH3hEIHqUe9iFfAmZATUUok/WQzks=
+ }
+ peer green {
+ allowed-ips 192.168.10.21/32
+ persistent-keepalive 25
+ preshared-key LQ9qmlTh9G4nZu4UgElxRUwg7JB/qoV799aADJOijnY=
+ pubkey 5iQUD3VoCDBTPXAPHOwUJ0p7xzKGHEY/wQmgvBVmaFI=
+ }
+ peer blue {
+ allowed-ips 192.168.10.3/32
+ persistent-keepalive 20
+ preshared-key ztFDOY9UyaDvn8N3X97SFMDwIfv7EEfuUIPP2yab6UI=
+ pubkey G4pZishpMRrLmd96Kr6V7LIuNGdcUb81gWaYZ+FWkG0=
+ }
+ peer pink {
+ allowed-ips 192.168.10.14/32
+ allowed-ips 192.168.10.16/32
+ persistent-keepalive 25
+ preshared-key Qi9Odyx0/5itLPN5C5bEy3uMX+tmdl15QbakxpKlWqQ=
+ pubkey i4qNPmxyy9EETL4tIoZOLKJF4p7IlVmpAE15gglnAk4=
+ }
+ port 7777
+ }
+ wireguard wg1 {
+ address 10.89.90.2/30
+ peer sam {
+ allowed-ips 10.1.1.0/24
+ allowed-ips 10.89.90.1/32
+ endpoint 192.0.2.45:1200
+ persistent-keepalive 20
+ preshared-key XpFtzx2Z+nR8pBv9/sSf7I94OkZkVYTz0AeU5Q/QQUE=
+ pubkey v5zfKGvH6W/lfDXJ0en96lvKo1gfFxMUWxe02+Fj5BU=
+ }
+ port 7778
+ }
+}
+nat {
+ destination {
+ rule 50 {
+ destination {
+ port 49371
+ }
+ inbound-interface pppoe0
+ protocol tcp_udp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 51 {
+ destination {
+ port 58050-58051
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 52 {
+ destination {
+ port 22067-22070
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 53 {
+ destination {
+ port 34342
+ }
+ inbound-interface pppoe0
+ protocol tcp_udp
+ translation {
+ address 192.168.0.121
+ }
+ }
+ rule 54 {
+ destination {
+ port 45459
+ }
+ inbound-interface pppoe0
+ protocol tcp_udp
+ translation {
+ address 192.168.0.120
+ }
+ }
+ rule 55 {
+ destination {
+ port 22
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 56 {
+ destination {
+ port 8920
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 60 {
+ destination {
+ port 80,443
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 70 {
+ destination {
+ port 5001
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 80 {
+ destination {
+ port 25
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.5
+ }
+ }
+ rule 90 {
+ destination {
+ port 8123
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.7
+ }
+ }
+ rule 91 {
+ destination {
+ port 1880
+ }
+ inbound-interface pppoe0
+ protocol tcp
+ translation {
+ address 192.168.0.7
+ }
+ }
+ rule 500 {
+ destination {
+ address !192.168.0.0/24
+ port 53
+ }
+ inbound-interface eth1
+ protocol tcp_udp
+ source {
+ address !192.168.0.1-192.168.0.5
+ }
+ translation {
+ address 192.168.0.1
+ }
+ }
+ }
+ source {
+ rule 1000 {
+ outbound-interface pppoe0
+ translation {
+ address masquerade
+ }
+ }
+ rule 2000 {
+ outbound-interface vtun0
+ source {
+ address 192.168.0.0/16
+ }
+ translation {
+ address masquerade
+ }
+ }
+ rule 3000 {
+ outbound-interface vtun1
+ translation {
+ address masquerade
+ }
+ }
+ }
+}
+policy {
+ prefix-list user2-routes {
+ rule 1 {
+ action permit
+ prefix 10.1.1.0/24
+ }
+ }
+ prefix-list user1-routes {
+ rule 1 {
+ action permit
+ prefix 192.168.0.0/24
+ }
+ }
+ route LAN-POLICY-BASED-ROUTING {
+ rule 10 {
+ destination {
+ }
+ disable
+ set {
+ table 10
+ }
+ source {
+ address 192.168.0.119/32
+ }
+ }
+ rule 20 {
+ destination {
+ }
+ set {
+ table 100
+ }
+ source {
+ address 192.168.0.240
+ }
+ }
+ }
+ route-map rm-static-to-bgp {
+ rule 10 {
+ action permit
+ match {
+ ip {
+ address {
+ prefix-list user1-routes
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+}
+protocols {
+ bgp 64590 {
+ address-family {
+ ipv4-unicast {
+ redistribute {
+ connected {
+ route-map rm-static-to-bgp
+ }
+ }
+ }
+ }
+ neighbor 10.89.90.1 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self
+ prefix-list {
+ export user1-routes
+ import user2-routes
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ password ericandre2020
+ remote-as 64589
+ }
+ parameters {
+ log-neighbor-changes
+ router-id 10.89.90.2
+ }
+ }
+ static {
+ interface-route 100.64.160.23/32 {
+ next-hop-interface pppoe0 {
+ }
+ }
+ interface-route 100.64.165.25/32 {
+ next-hop-interface pppoe0 {
+ }
+ }
+ interface-route 100.64.165.26/32 {
+ next-hop-interface pppoe0 {
+ }
+ }
+ interface-route 100.64.198.0/24 {
+ next-hop-interface vtun0 {
+ }
+ }
+ table 10 {
+ interface-route 0.0.0.0/0 {
+ next-hop-interface vtun1 {
+ }
+ }
+ }
+ table 100 {
+ route 0.0.0.0/0 {
+ next-hop 192.168.10.5 {
+ }
+ }
+ }
+ }
+}
+service {
+ conntrack-sync {
+ accept-protocol tcp,udp,icmp
+ disable-external-cache
+ event-listen-queue-size 8
+ expect-sync all
+ failover-mechanism {
+ vrrp {
+ sync-group failover-group
+ }
+ }
+ interface eth1 {
+ peer 192.168.0.251
+ }
+ sync-queue-size 8
+ }
+ dhcp-server {
+ shared-network-name LAN {
+ authoritative
+ subnet 192.168.0.0/24 {
+ default-router 192.168.0.1
+ dns-server 192.168.0.1
+ domain-name vyos.net
+ domain-search vyos.net
+ failover {
+ local-address 192.168.0.250
+ name DHCP02
+ peer-address 192.168.0.251
+ status primary
+ }
+ lease 86400
+ range LANDynamic {
+ start 192.168.0.200
+ stop 192.168.0.240
+ }
+ static-mapping IPTV {
+ ip-address 192.168.0.104
+ mac-address 00:50:01:31:b5:f6
+ }
+ static-mapping McPrintus {
+ ip-address 192.168.0.60
+ mac-address 00:50:01:58:ac:95
+ static-mapping-parameters "option domain-name-servers 192.168.0.6,192.168.0.17;"
+ }
+ static-mapping Audio {
+ ip-address 192.168.0.107
+ mac-address 00:50:01:dc:91:14
+ }
+ static-mapping Mobile01 {
+ ip-address 192.168.0.109
+ mac-address 00:50:01:bc:ac:51
+ static-mapping-parameters "option domain-name-servers 192.168.0.6,192.168.0.17;"
+ }
+ static-mapping sand {
+ ip-address 192.168.0.110
+ mac-address 00:50:01:af:c5:d2
+ }
+ static-mapping pearTV {
+ ip-address 192.168.0.101
+ mac-address 00:50:01:ba:62:79
+ }
+ static-mapping camera1 {
+ ip-address 192.168.0.11
+ mac-address 00:50:01:70:b9:4d
+ static-mapping-parameters "option domain-name-servers 192.168.0.6,192.168.0.17;"
+ }
+ static-mapping camera2 {
+ ip-address 192.168.0.12
+ mac-address 00:50:01:70:b7:4f
+ static-mapping-parameters "option domain-name-servers 192.168.0.6,192.168.0.17;"
+ }
+ }
+ }
+ }
+ dns {
+ forwarding {
+ allow-from 192.168.0.0/16
+ cache-size 8192
+ dnssec off
+ listen-address 192.168.0.1
+ name-server 100.64.0.1
+ name-server 100.64.0.2
+ }
+ }
+ snmp {
+ community AwesomeCommunity {
+ authorization ro
+ client 127.0.0.1
+ network 192.168.0.0/24
+ }
+ }
+ ssh {
+ access-control {
+ allow {
+ user vyos
+ }
+ }
+ client-keepalive-interval 60
+ listen-address 192.168.0.1
+ listen-address 192.168.10.1
+ listen-address 192.168.0.250
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ ip {
+ arp {
+ table-size 1024
+ }
+ }
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 192.168.0.1
+ ntp {
+ allow-clients {
+ address 192.168.0.0/16
+ }
+ listen-address 192.168.0.1
+ listen-address 192.168.0.250
+ server nz.pool.ntp.org {
+ prefer
+ }
+ }
+ options {
+ beep-if-fully-booted
+ ctrl-alt-del-action ignore
+ reboot-on-panic true
+ }
+ static-host-mapping {
+ host-name host104.vyos.net {
+ inet 192.168.0.104
+ }
+ host-name host60.vyos.net {
+ inet 192.168.0.60
+ }
+ host-name host107.vyos.net {
+ inet 192.168.0.107
+ }
+ host-name host109.vyos.net {
+ inet 192.168.0.109
+ }
+ }
+ sysctl {
+ custom net.core.default_qdisc {
+ value fq
+ }
+ custom net.ipv4.tcp_congestion_control {
+ value bbr
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ }
+ host 192.168.0.252 {
+ facility all {
+ level debug
+ protocol udp
+ }
+ }
+ }
+ task-scheduler {
+ task Update-Blacklists {
+ executable {
+ path /config/scripts/vyos-foo-update.script
+ }
+ interval 3h
+ }
+ }
+ time-zone Pacific/Auckland
+}
+traffic-policy {
+ shaper shape-17mbit {
+ bandwidth 17mbit
+ default {
+ bandwidth 100%
+ burst 15k
+ queue-type fq-codel
+ }
+ }
+ shaper shape-94mbit {
+ bandwidth 94mbit
+ default {
+ bandwidth 100%
+ burst 15k
+ queue-type fq-codel
+ }
+ }
+}
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6 */
diff --git a/smoketest/configs/isis-small b/smoketest/configs/isis-small
new file mode 100644
index 000000000..2c42ac9c4
--- /dev/null
+++ b/smoketest/configs/isis-small
@@ -0,0 +1,105 @@
+interfaces {
+ dummy dum0 {
+ address 203.0.113.1/24
+ }
+ ethernet eth0 {
+ duplex auto
+ speed auto
+ }
+ ethernet eth1 {
+ address 192.0.2.1/24
+ duplex auto
+ speed auto
+ }
+ ethernet eth2 {
+ duplex auto
+ speed auto
+ }
+ ethernet eth3 {
+ duplex auto
+ speed auto
+ }
+}
+policy {
+ prefix-list EXPORT-ISIS {
+ rule 10 {
+ action permit
+ prefix 203.0.113.0/24
+ }
+ }
+ route-map EXPORT-ISIS {
+ rule 10 {
+ action permit
+ match {
+ ip {
+ address {
+ prefix-list EXPORT-ISIS
+ }
+ }
+ }
+ }
+ }
+}
+protocols {
+ isis FOO {
+ interface eth1 {
+ bfd
+ }
+ net 49.0001.1921.6800.1002.00
+ redistribute {
+ ipv4 {
+ connected {
+ level-2 {
+ route-map EXPORT-ISIS
+ }
+ }
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.io
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ level admin
+ }
+ }
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@7:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.0-rc1
+
diff --git a/smoketest/configs/ospf-small b/smoketest/configs/ospf-small
new file mode 100644
index 000000000..d95ba4ea4
--- /dev/null
+++ b/smoketest/configs/ospf-small
@@ -0,0 +1,142 @@
+interfaces {
+ dummy dum0 {
+ address 172.18.254.201/32
+ }
+ ethernet eth0 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 201 {
+ address 172.18.201.10/24
+ ip {
+ ospf {
+ authentication {
+ md5 {
+ key-id 10 {
+ md5-key OSPFVyOSNET
+ }
+ }
+ }
+ dead-interval 40
+ hello-interval 10
+ priority 1
+ retransmit-interval 5
+ transmit-delay 1
+ }
+ }
+ ipv6 {
+ ospfv3 {
+ bfd
+ cost 40
+ }
+ }
+ }
+ }
+ ethernet eth1 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ ipv6 {
+ ospfv3 {
+ bfd
+ cost 60
+ mtu-ignore
+ network broadcast
+ priority 20
+ }
+ }
+ }
+}
+protocols {
+ ospf {
+ area 0 {
+ network 172.18.201.0/24
+ network 172.18.254.201/32
+ }
+ log-adjacency-changes {
+ }
+ parameters {
+ abr-type cisco
+ router-id 172.18.254.201
+ }
+ passive-interface default
+ passive-interface-exclude eth0.201
+ }
+ ospfv3 {
+ area 0.0.0.0 {
+ interface eth0
+ interface eth1
+ interface eth2
+ }
+ }
+ static {
+ route 0.0.0.0/0 {
+ next-hop 172.18.201.254 {
+ distance 10
+ }
+ }
+ }
+}
+service {
+ lldp {
+ interface all {
+ }
+ }
+ snmp {
+ community public {
+ authorization ro
+ network 172.16.100.0/24
+ }
+ contact "VyOS maintainers and contributors <maintainers@vyos.io>"
+ location "Jenkins"
+ }
+ ssh {
+ disable-host-validation
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.net
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ level admin
+ }
+ }
+ name-server 172.16.254.30
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6 */
diff --git a/smoketest/configs/rip-router b/smoketest/configs/rip-router
new file mode 100644
index 000000000..09cb11a45
--- /dev/null
+++ b/smoketest/configs/rip-router
@@ -0,0 +1,267 @@
+interfaces {
+ dummy dum0 {
+ address 192.0.2.0/32
+ }
+ ethernet eth0 {
+ duplex auto
+ ip {
+ rip {
+ authentication {
+ md5 1 {
+ password VyOSsecure
+ }
+ }
+ split-horizon {
+ poison-reverse
+ }
+ }
+ }
+ ipv6 {
+ ripng {
+ split-horizon {
+ poison-reverse
+ }
+ }
+ }
+ smp-affinity auto
+ speed auto
+ address 172.18.202.10/24
+ }
+ ethernet eth1 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 20 {
+ ip {
+ rip {
+ authentication {
+ plaintext-password VyOSsecure
+ }
+ split-horizon {
+ poison-reverse
+ }
+ }
+ }
+ ipv6 {
+ ripng {
+ split-horizon {
+ disable
+ }
+ }
+ }
+ }
+ vif-s 200 {
+ ip {
+ rip {
+ authentication {
+ md5 1 {
+ password VyOSsecure
+ }
+ }
+ split-horizon {
+ disable
+ }
+ }
+ }
+ ipv6 {
+ ripng {
+ split-horizon {
+ poison-reverse
+ }
+ }
+ }
+ vif-c 2000 {
+ ip {
+ rip {
+ authentication {
+ md5 1 {
+ password VyOSsecure
+ }
+ }
+ }
+ }
+ }
+ vif-c 3000 {
+ ip {
+ rip {
+ split-horizon {
+ disable
+ }
+ }
+ }
+ ipv6 {
+ ripng {
+ split-horizon {
+ poison-reverse
+ }
+ }
+ }
+ }
+ }
+ }
+}
+policy {
+ access-list6 198 {
+ rule 10 {
+ action permit
+ source {
+ any
+ }
+ }
+ }
+ access-list6 199 {
+ rule 20 {
+ action deny
+ source {
+ any
+ }
+ }
+ }
+ prefix-list6 bar-prefix {
+ rule 200 {
+ action deny
+ prefix 2001:db8::/32
+ }
+ }
+ prefix-list6 foo-prefix {
+ rule 100 {
+ action permit
+ prefix 2001:db8::/32
+ }
+ }
+ route-map FooBar123 {
+ rule 10 {
+ action permit
+ }
+ }
+}
+protocols {
+ rip {
+ default-distance 20
+ default-information {
+ originate
+ }
+ interface eth0
+ interface eth1.20
+ interface eth1.200
+ interface eth1.200.2000
+ interface eth1.200.3000
+ network 192.168.0.0/24
+ redistribute {
+ connected {
+ }
+ }
+ }
+ ripng {
+ aggregate-address 2001:db8:1000::/48
+ default-information {
+ originate
+ }
+ default-metric 8
+ distribute-list {
+ access-list {
+ in 198
+ out 199
+ }
+ interface eth0 {
+ access-list {
+ in 198
+ out 199
+ }
+ prefix-list {
+ in foo-prefix
+ out bar-prefix
+ }
+ }
+ interface eth1 {
+ access-list {
+ in 198
+ out 199
+ }
+ prefix-list {
+ in foo-prefix
+ out bar-prefix
+ }
+ }
+ interface eth2 {
+ access-list {
+ in 198
+ out 199
+ }
+ prefix-list {
+ in foo-prefix
+ out bar-prefix
+ }
+ }
+ prefix-list {
+ in foo-prefix
+ out bar-prefix
+ }
+ }
+ interface eth0
+ interface eth1
+ interface eth2
+ network 2001:db8:1000::/64
+ network 2001:db8:1001::/64
+ network 2001:db8:2000::/64
+ network 2001:db8:2001::/64
+ passive-interface default
+ redistribute {
+ connected {
+ metric 8
+ route-map FooBar123
+ }
+ static {
+ metric 8
+ route-map FooBar123
+ }
+ }
+ route 2001:db8:1000::/64
+ }
+}
+service {
+ ssh {
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6-S1 */
diff --git a/smoketest/configs/tunnel-broker b/smoketest/configs/tunnel-broker
new file mode 100644
index 000000000..b52ba2541
--- /dev/null
+++ b/smoketest/configs/tunnel-broker
@@ -0,0 +1,142 @@
+interfaces {
+ dummy dum0 {
+ address 192.0.2.0/32
+ }
+ dummy dum1 {
+ address 192.0.2.1/32
+ }
+ dummy dum2 {
+ address 192.0.2.2/32
+ }
+ dummy dum3 {
+ address 192.0.2.3/32
+ }
+ dummy dum4 {
+ address 192.0.2.4/32
+ }
+ ethernet eth0 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ address 172.18.202.10/24
+ }
+ l2tpv3 l2tpeth10 {
+ description "L2 VPN Tunnel"
+ destination-port 5010
+ encapsulation ip
+ local-ip 172.18.202.10
+ mtu 1500
+ peer-session-id 110
+ peer-tunnel-id 10
+ remote-ip 172.18.254.201
+ session-id 110
+ source-port 5010
+ tunnel-id 10
+ }
+ l2tpv3 l2tpeth20 {
+ description "L2 VPN Tunnel"
+ destination-port 5020
+ encapsulation ip
+ local-ip 172.18.202.10
+ mtu 1500
+ peer-session-id 120
+ peer-tunnel-id 20
+ remote-ip 172.18.254.202
+ session-id 120
+ source-port 5020
+ tunnel-id 20
+ }
+ l2tpv3 l2tpeth30 {
+ description "L2 VPN Tunnel"
+ destination-port 5030
+ encapsulation ip
+ local-ip 172.18.202.10
+ mtu 1500
+ peer-session-id 130
+ peer-tunnel-id 30
+ remote-ip 172.18.254.203
+ session-id 130
+ source-port 5030
+ tunnel-id 30
+ }
+ tunnel tun100 {
+ address 172.16.0.1/30
+ encapsulation gre-bridge
+ local-ip 192.0.2.0
+ remote-ip 192.0.2.100
+ }
+ tunnel tun200 {
+ address 172.16.0.5/30
+ encapsulation gre
+ local-ip 192.0.2.1
+ remote-ip 192.0.2.101
+ }
+ tunnel tun300 {
+ address 172.16.0.9/30
+ encapsulation ipip
+ local-ip 192.0.2.2
+ remote-ip 192.0.2.102
+ }
+ tunnel tun400 {
+ address 172.16.0.13/30
+ encapsulation gre-bridge
+ local-ip 192.0.2.3
+ remote-ip 192.0.2.103
+ }
+ tunnel tun500 {
+ address 172.16.0.17/30
+ encapsulation gre
+ local-ip 192.0.2.4
+ remote-ip 192.0.2.104
+ }
+}
+protocols {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 172.18.202.1 {
+ distance 10
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6-S1 */
diff --git a/smoketest/configs/vrf-basic b/smoketest/configs/vrf-basic
new file mode 100644
index 000000000..ded33f683
--- /dev/null
+++ b/smoketest/configs/vrf-basic
@@ -0,0 +1,231 @@
+interfaces {
+ ethernet eth0 {
+ address 192.0.2.1/24
+ }
+ ethernet eth1 {
+ duplex auto
+ speed auto
+ vrf green
+ }
+ ethernet eth2 {
+ vrf red
+ }
+}
+protocols {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 192.0.2.254 {
+ distance 10
+ }
+ }
+ table 10 {
+ interface-route 1.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 20
+ }
+ }
+ interface-route 2.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 20
+ }
+ }
+ interface-route 3.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 20
+ }
+ }
+ }
+ table 20 {
+ interface-route 4.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 20
+ }
+ }
+ interface-route 5.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 50
+ }
+ }
+ interface-route 6.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 60
+ }
+ }
+ interface-route6 2001:db8:100::/40 {
+ next-hop-interface eth1 {
+ distance 20
+ }
+ }
+ interface-route6 2001:db8::/40 {
+ next-hop-interface eth1 {
+ distance 10
+ }
+ }
+ route 11.0.0.0/8 {
+ next-hop 1.1.1.1 {
+ next-hop-interface eth0
+ }
+ }
+ route 12.0.0.0/8 {
+ next-hop 1.1.1.1 {
+ next-hop-interface eth0
+ }
+ }
+ route 13.0.0.0/8 {
+ next-hop 1.1.1.1 {
+ next-hop-interface eth0
+ }
+ }
+ }
+ table 30 {
+ interface-route6 2001:db8:200::/40 {
+ next-hop-interface eth1 {
+ distance 20
+ }
+ }
+ route 14.0.0.0/8 {
+ next-hop 2.2.1.1 {
+ next-hop-interface eth1
+ }
+ }
+ route 15.0.0.0/8 {
+ next-hop 2.2.1.1 {
+ next-hop-interface eth1
+ }
+ }
+ }
+ }
+ vrf green {
+ static {
+ interface-route 100.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 200
+ next-hop-vrf default
+ }
+ }
+ interface-route 101.0.0.0/8 {
+ next-hop-interface eth0 {
+ next-hop-vrf default
+ }
+ next-hop-interface eth1 {
+ }
+ }
+ interface-route6 2001:db8:300::/40 {
+ next-hop-interface eth1 {
+ distance 20
+ next-hop-vrf default
+ }
+ }
+ route 20.0.0.0/8 {
+ next-hop 1.1.1.1 {
+ next-hop-interface eth1
+ next-hop-vrf default
+ }
+ }
+ route 21.0.0.0/8 {
+ next-hop 2.2.1.1 {
+ next-hop-interface eth1
+ next-hop-vrf default
+ }
+ }
+ route6 2001:db8:100::/40 {
+ next-hop fe80::1 {
+ interface eth0
+ next-hop-vrf default
+ }
+ }
+ }
+ }
+ vrf red {
+ static {
+ interface-route 103.0.0.0/8 {
+ next-hop-interface eth0 {
+ distance 201
+ next-hop-vrf default
+ }
+ }
+ interface-route 104.0.0.0/8 {
+ next-hop-interface eth0 {
+ next-hop-vrf default
+ }
+ next-hop-interface eth1 {
+ next-hop-vrf default
+ }
+ }
+ interface-route6 2001:db8:400::/40 {
+ next-hop-interface eth1 {
+ distance 24
+ next-hop-vrf default
+ }
+ }
+ route 30.0.0.0/8 {
+ next-hop 1.1.1.1 {
+ next-hop-interface eth1
+ }
+ }
+ route 40.0.0.0/8 {
+ next-hop 2.2.1.1 {
+ next-hop-interface eth1
+ next-hop-vrf default
+ }
+ }
+ route6 2001:db8:100::/40 {
+ next-hop fe80::1 {
+ interface eth0
+ next-hop-vrf default
+ }
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ nt
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+vrf {
+ name green {
+ table 1000
+ }
+ name red {
+ table 2000
+ }
+}
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3-beta-202101231023
diff --git a/smoketest/configs/vrf-bgp b/smoketest/configs/vrf-bgp
new file mode 100644
index 000000000..4ad372a36
--- /dev/null
+++ b/smoketest/configs/vrf-bgp
@@ -0,0 +1,166 @@
+interfaces {
+ ethernet eth0 {
+ address 192.0.2.1/24
+ }
+ ethernet eth1 {
+ vrf black
+ }
+ ethernet eth2 {
+ vrf black
+ }
+}
+protocols {
+ ospf {
+ area 0 {
+ network 192.0.2.0/24
+ }
+ interface eth0 {
+ authentication {
+ md5 {
+ key-id 10 {
+ md5-key ospfkey
+ }
+ }
+ }
+ }
+ log-adjacency-changes {
+ }
+ parameters {
+ abr-type cisco
+ router-id 1.2.3.4
+ }
+ passive-interface default
+ passive-interface-exclude eth0
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ nt
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+vrf {
+ name black {
+ protocols {
+ bgp 65000 {
+ address-family {
+ ipv4-unicast {
+ network 10.0.150.0/23 {
+ }
+ }
+ ipv6-unicast {
+ network 2001:db8:200::/40 {
+ }
+ }
+ }
+ neighbor 10.0.151.222 {
+ disable-send-community {
+ extended
+ standard
+ }
+ address-family {
+ ipv4-unicast {
+ default-originate {
+ }
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65010
+ }
+ neighbor 10.0.151.252 {
+ peer-group VYOSv4
+ }
+ neighbor 10.0.151.254 {
+ peer-group VYOSv4
+ }
+ neighbor 2001:db8:200:ffff::3 {
+ peer-group VYOSv6
+ }
+ neighbor 2001:db8:200:ffff::a {
+ peer-group VYOSv6
+ }
+ neighbor 2001:db8:200:ff::101:2 {
+ remote-as 65010
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ log-neighbor-changes
+ router-id 10.0.151.251
+ }
+ peer-group VYOSv4 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self {
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65000
+ update-source dum0
+ }
+ peer-group VYOSv6 {
+ address-family {
+ ipv6-unicast {
+ nexthop-self {
+ }
+ }
+ }
+ capability {
+ dynamic
+ }
+ remote-as 65000
+ update-source dum0
+ }
+ }
+
+ }
+ table 2000
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202103130218
diff --git a/smoketest/configs/vrf-ospf b/smoketest/configs/vrf-ospf
new file mode 100644
index 000000000..7855e86bf
--- /dev/null
+++ b/smoketest/configs/vrf-ospf
@@ -0,0 +1,145 @@
+interfaces {
+ ethernet eth0 {
+ address 192.0.2.1/24
+ }
+ ethernet eth1 {
+ vrf red
+ }
+ ethernet eth2 {
+ vrf blue
+ }
+}
+protocols {
+ ospf {
+ area 0 {
+ network 192.0.2.0/24
+ }
+ interface eth0 {
+ authentication {
+ md5 {
+ key-id 10 {
+ md5-key ospfkey
+ }
+ }
+ }
+ }
+ log-adjacency-changes {
+ }
+ parameters {
+ abr-type cisco
+ router-id 1.2.3.4
+ }
+ passive-interface default
+ passive-interface-exclude eth0
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ nt
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+vrf {
+ name blue {
+ protocols {
+ ospf {
+ area 0 {
+ network 172.18.201.0/24
+ }
+ interface eth2 {
+ authentication {
+ md5 {
+ key-id 30 {
+ md5-key vyoskey456
+ }
+ }
+ }
+ dead-interval 40
+ hello-interval 10
+ priority 1
+ retransmit-interval 5
+ transmit-delay 1
+ }
+ log-adjacency-changes {
+ }
+ parameters {
+ abr-type cisco
+ router-id 5.6.7.8
+ }
+ passive-interface default
+ passive-interface-exclude eth2
+ }
+ }
+ table 2000
+ }
+ name red {
+ protocols {
+ ospf {
+ area 0 {
+ network 172.18.202.0/24
+ }
+ interface eth1 {
+ authentication {
+ md5 {
+ key-id 20 {
+ md5-key vyoskey123
+ }
+ }
+ }
+ dead-interval 40
+ hello-interval 10
+ priority 1
+ retransmit-interval 5
+ transmit-delay 1
+ }
+ log-adjacency-changes {
+ }
+ parameters {
+ abr-type cisco
+ router-id 9.10.11.12
+ }
+ passive-interface default
+ passive-interface-exclude eth1
+ }
+ }
+ table 1000
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202103130218
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 03:31:14 +0000