interfaces {
    ethernet eth0 {
        address 192.0.2.100/25
        address 2001:db8::ffff/64
    }
    loopback lo {
    }
}
policy {
    large-community-list ANYCAST_ALL {
        rule 10 {
            action permit
            description "Allow all anycast from anywhere"
            regex "4242420696:100:.*"
        }
    }
    large-community-list ANYCAST_INT {
        rule 10 {
            action permit
            description "Allow all anycast from int"
            regex 4242420696:100:1
        }
    }
    prefix-list BGP-BACKBONE-IN {
        description "Inbound backbone routes from other sites"
        rule 10 {
            action deny
            description "Block default route"
            prefix 0.0.0.0/0
        }
        rule 20 {
            action deny
            description "Block int primary"
            ge 21
            prefix 192.168.0.0/20
        }
        rule 30 {
            action deny
            description "Block loopbacks"
            ge 25
            prefix 192.168.253.0/24
        }
        rule 40 {
            action deny
            description "Block backbone peering"
            ge 25
            prefix 192.168.254.0/24
        }
        rule 999 {
            action permit
            description "Allow everything else"
            ge 1
            prefix 0.0.0.0/0
        }
    }
    prefix-list BGP-BACKBONE-OUT {
        description "Outbound backbone routes to other sites"
        rule 10 {
            action permit
            description "Int primary"
            ge 23
            prefix 192.168.0.0/20
        }
    }
    prefix-list GLOBAL {
        description "Globally redistributed routes"
        rule 10 {
            action permit
            prefix 192.168.100.1/32
        }
        rule 20 {
            action permit
            prefix 192.168.7.128/25
        }
    }
    prefix-list6 BGP-BACKBONE-IN-V6 {
        description "Inbound backbone routes from other sites"
        rule 10 {
            action deny
            description "Block default route"
            prefix ::/0
        }
        rule 20 {
            action deny
            description "Block int primary"
            ge 53
            prefix fd52:d62e:8011::/52
        }
        rule 30 {
            action deny
            description "Block peering and stuff"
            ge 53
            prefix fd52:d62e:8011:f000::/52
        }
        rule 999 {
            action permit
            description "Allow everything else"
            ge 1
            prefix ::/0
        }
    }
    prefix-list6 BGP-BACKBONE-OUT-V6 {
        description "Outbound backbone routes to other sites"
        rule 10 {
            action permit
            ge 64
            prefix fd52:d62e:8011::/52
        }
    }
    prefix-list6 GLOBAL-V6 {
        description "Globally redistributed routes"
        rule 10 {
            action permit
            ge 64
            prefix fd52:d62e:8011:2::/63
        }
    }
    route-map BGP-REDISTRIBUTE {
        rule 10 {
            action permit
            description "Prepend AS and allow VPN and modem"
            match {
                ip {
                    address {
                        prefix-list GLOBAL
                    }
                }
            }
            set {
                as-path-prepend 4242420666
            }
        }
        rule 20 {
            action permit
            description "Allow VPN"
            match {
                ipv6 {
                    address {
                        prefix-list GLOBAL-V6
                    }
                }
            }
        }
    }
    route-map BGP-BACKBONE-IN {
        rule 10 {
            action permit
            match {
                ip {
                    address {
                        prefix-list BGP-BACKBONE-IN
                    }
                }
            }
        }
        rule 20 {
            action permit
            match {
                ipv6 {
                    address {
                        prefix-list BGP-BACKBONE-IN-V6
                    }
                }
            }
        }
        rule 30 {
            action permit
            match {
                large-community {
                    large-community-list ANYCAST_ALL
                }
            }
        }
    }
    route-map BGP-BACKBONE-OUT {
        rule 10 {
            action permit
            match {
                ip {
                    address {
                        prefix-list BGP-BACKBONE-OUT
                    }
                }
            }
        }
        rule 20 {
            action permit
            match {
                ipv6 {
                    address {
                        prefix-list BGP-BACKBONE-OUT-V6
                    }
                }
            }
        }
        rule 30 {
            action permit
            match {
                large-community {
                    large-community-list ANYCAST_INT
                }
            }
            set {
                as-path-prepend 4242420666
            }
        }
    }
}
protocols {
    bfd {
        peer 192.168.253.1 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address 192.168.253.3
            }
        }
        peer 192.168.253.2 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address 192.168.253.3
            }
        }
        peer 192.168.253.6 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address 192.168.253.3
            }
        }
        peer 192.168.253.7 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address 192.168.253.3
            }
        }
        peer 192.168.253.12 {
            interval {
                receive 100
                transmit 100
            }
            multihop
            source {
                address 192.168.253.3
            }
        }
        peer fd52:d62e:8011:fffe:192:168:253:1 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address fd52:d62e:8011:fffe:192:168:253:3
            }
        }
        peer fd52:d62e:8011:fffe:192:168:253:2 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address fd52:d62e:8011:fffe:192:168:253:3
            }
        }
        peer fd52:d62e:8011:fffe:192:168:253:6 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address fd52:d62e:8011:fffe:192:168:253:3
            }
        }
        peer fd52:d62e:8011:fffe:192:168:253:7 {
            interval {
                receive 50
                transmit 50
            }
            multihop
            source {
                address fd52:d62e:8011:fffe:192:168:253:3
            }
        }
        peer fd52:d62e:8011:fffe:192:168:253:12 {
            interval {
                receive 100
                transmit 100
            }
            multihop
            source {
                address fd52:d62e:8011:fffe:192:168:253:3
            }
        }
    }
    bgp 4242420666 {
        address-family {
            ipv4-unicast {
                redistribute {
                    connected {
                        route-map BGP-REDISTRIBUTE
                    }
                    static {
                        route-map BGP-REDISTRIBUTE
                    }
                }
            }
            ipv6-unicast {
                redistribute {
                    connected {
                        route-map BGP-REDISTRIBUTE
                    }
                }
            }
        }
        neighbor 192.168.253.1 {
            peer-group INT
        }
        neighbor 192.168.253.2 {
            peer-group INT
        }
        neighbor 192.168.253.6 {
            peer-group DAL13
        }
        neighbor 192.168.253.7 {
            peer-group DAL13
        }
        neighbor 192.168.253.12 {
            address-family {
                ipv4-unicast {
                    route-map {
                        export BGP-BACKBONE-OUT
                        import BGP-BACKBONE-IN
                    }
                    soft-reconfiguration {
                        inbound
                    }
                }
            }
            bfd {
            }
            ebgp-multihop 2
            remote-as 4242420669
            update-source dum0
        }
        neighbor fd52:d62e:8011:fffe:192:168:253:1 {
            address-family {
                ipv6-unicast {
                    peer-group INTv6
                }
            }
        }
        neighbor fd52:d62e:8011:fffe:192:168:253:2 {
            address-family {
                ipv6-unicast {
                    peer-group INTv6
                }
            }
        }
        neighbor fd52:d62e:8011:fffe:192:168:253:6 {
            address-family {
                ipv6-unicast {
                    peer-group DAL13v6
                }
            }
        }
        neighbor fd52:d62e:8011:fffe:192:168:253:7 {
            address-family {
                ipv6-unicast {
                    peer-group DAL13v6
                }
            }
        }
        neighbor fd52:d62e:8011:fffe:192:168:253:12 {
            address-family {
                ipv6-unicast {
                    route-map {
                        export BGP-BACKBONE-OUT
                        import BGP-BACKBONE-IN
                    }
                    soft-reconfiguration {
                        inbound
                    }
                }
            }
            bfd {
            }
            ebgp-multihop 2
            remote-as 4242420669
            update-source dum0
        }
        parameters {
            confederation {
                identifier 4242420696
                peers 4242420668
                peers 4242420669
            }
            default {
                no-ipv4-unicast
            }
            distance {
                global {
                    external 220
                    internal 220
                    local 220
                }
            }
            graceful-restart {
            }
        }
        peer-group DAL13 {
            address-family {
                ipv4-unicast {
                    route-map {
                        export BGP-BACKBONE-OUT
                        import BGP-BACKBONE-IN
                    }
                    soft-reconfiguration {
                        inbound
                    }
                }
            }
            bfd
            ebgp-multihop 2
            remote-as 4242420668
            update-source dum0
        }
        peer-group DAL13v6 {
            address-family {
                ipv6-unicast {
                    route-map {
                        export BGP-BACKBONE-OUT
                        import BGP-BACKBONE-IN
                    }
                    soft-reconfiguration {
                        inbound
                    }
                }
            }
            bfd
            ebgp-multihop 2
            remote-as 4242420668
            update-source dum0
        }
        peer-group INT {
            address-family {
                ipv4-unicast {
                    default-originate {
                    }
                    soft-reconfiguration {
                        inbound
                    }
                }
            }
            bfd
            remote-as 4242420666
            update-source dum0
        }
        peer-group INTv6 {
            address-family {
                ipv6-unicast {
                    default-originate {
                    }
                    soft-reconfiguration {
                        inbound
                    }
                }
            }
            bfd
            remote-as 4242420666
            update-source dum0
        }
    }
}
system {
    config-management {
        commit-revisions 200
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
                plaintext-password ""
            }
            level admin
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Berlin
}

/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
/* Release version: 1.2.6-S1 */