summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest')
-rw-r--r--smoketest/configs/bgp-big-as-cloud1952
1 files changed, 1952 insertions, 0 deletions
diff --git a/smoketest/configs/bgp-big-as-cloud b/smoketest/configs/bgp-big-as-cloud
new file mode 100644
index 000000000..df3ae015c
--- /dev/null
+++ b/smoketest/configs/bgp-big-as-cloud
@@ -0,0 +1,1952 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group bgp-peers-4 {
+ address 192.0.68.3
+ address 192.0.68.2
+ address 192.0.176.193
+ address 192.0.52.0-192.0.52.255
+ address 192.0.53.0-192.0.53.255
+ address 192.0.16.209
+ address 192.0.192.0-192.0.192.255
+ address 192.0.193.0-192.0.193.255
+ address 192.0.194.0-192.0.194.255
+ address 192.0.195.0-192.0.195.255
+ address 192.0.196.0-192.0.196.255
+ address 192.0.197.0-192.0.197.255
+ address 192.0.198.0-192.0.198.255
+ address 192.0.199.0-192.0.199.255
+ }
+ address-group vrrp-peers-4 {
+ address 192.0.68.3
+ address 192.0.160.3
+ address 192.0.98.3
+ address 192.0.71.131
+ address 192.0.84.67
+ address 192.0.71.195
+ address 192.0.71.115
+ address 192.0.70.195
+ address 192.0.70.179
+ address 192.0.70.163
+ address 192.0.70.147
+ address 192.0.70.131
+ address 192.0.70.19
+ address 192.0.70.3
+ address 192.0.71.99
+ address 192.0.68.67
+ address 192.0.71.67
+ address 192.0.71.3
+ address 192.0.68.35
+ address 192.0.68.131
+ address 192.0.69.2
+ address 192.0.70.35
+ address 192.0.70.67
+ }
+ ipv6-address-group bgp-peers-6 {
+ address 2001:db8:c::3
+ address 2001:db8:1000::2e9
+ address 2001:db8:24::fb
+ address 2001:db8:24::fc
+ address 2001:db8:24::fd
+ address 2001:db8:24::2e
+ address 2001:db8:24::3d
+ address 2001:db8:24::4a
+ address 2001:db8:24::5e
+ address 2001:db8:24::7
+ address 2001:db8:24::11
+ address 2001:db8:24::18
+ address 2001:db8:24::20
+ address 2001:db8:24::22
+ address 2001:db8:24::31
+ address 2001:db8:24::58
+ address 2001:db8:24::64
+ address 2001:db8:24::a5
+ address 2001:db8:24::aa
+ address 2001:db8:24::ab
+ address 2001:db8:24::b0
+ address 2001:db8:24::b3
+ address 2001:db8:24::bd
+ address 2001:db8:24::c
+ address 2001:db8:24::d2
+ address 2001:db8:24::d3
+ address 2001:db8:838::1
+ address 2001:db8::1a27:5051:c09d
+ address 2001:db8::1a27:5051:c19d
+ address 2001:db8::20ad:0:1
+ address 2001:db8::2306:0:1
+ address 2001:db8::2ca:0:1
+ address 2001:db8::2ca:0:2
+ address 2001:db8::2ca:0:3
+ address 2001:db8::2ca:0:4
+ }
+ ipv6-address-group vrrp-peers-6 {
+ address fe80::fe89:15cf
+ }
+ ipv6-network-group AS64512-6 {
+ network 2001::/29
+ }
+ network-group AS64512-4 {
+ network 192.0.68.0/22
+ network 192.0.98.0/24
+ network 192.0.160.0/24
+ network 192.0.84.0/22
+ }
+ }
+ ipv6-name management-to-local-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name management-to-peers-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name management-to-servers-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name peers-to-local-6 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmpv6
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-6
+ }
+ }
+ }
+ rule 502 {
+ action accept
+ destination {
+ port bgp
+ }
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-6
+ }
+ }
+ }
+ rule 503 {
+ action accept
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-6
+ }
+ port bgp
+ }
+ }
+ }
+ ipv6-name peers-to-management-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name peers-to-servers-6 {
+ default-action reject
+ enable-default-log
+ rule 9990 {
+ action reject
+ source {
+ group {
+ network-group AS64512-6
+ }
+ }
+ }
+ rule 9999 {
+ action accept
+ destination {
+ group {
+ network-group AS64512-6
+ }
+ }
+ }
+ }
+ ipv6-name servers-to-local-6 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmpv6
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-6
+ }
+ }
+ }
+ rule 511 {
+ action accept
+ protocol tcp_udp
+ source {
+ port 53
+ }
+ }
+ }
+ ipv6-name servers-to-management-6 {
+ default-action reject
+ enable-default-log
+ }
+ ipv6-name servers-to-peers-6 {
+ default-action reject
+ enable-default-log
+ rule 51 {
+ action accept
+ source {
+ group {
+ network-group AS64512-6
+ }
+ }
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ name management-to-local-4 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmp
+ }
+ rule 501 {
+ action accept
+ destination {
+ port 22
+ }
+ protocol tcp
+ }
+ rule 502 {
+ action accept
+ destination {
+ port snmp
+ }
+ protocol udp
+ }
+ }
+ name management-to-peers-4 {
+ default-action reject
+ enable-default-log
+ }
+ name management-to-servers-4 {
+ default-action reject
+ enable-default-log
+ }
+ name peers-to-local-4 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmp
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-4
+ }
+ }
+ }
+ rule 502 {
+ action accept
+ destination {
+ port bgp
+ }
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-4
+ }
+ }
+ }
+ rule 503 {
+ action accept
+ protocol tcp
+ source {
+ group {
+ address-group bgp-peers-4
+ }
+ port bgp
+ }
+ }
+ }
+ name peers-to-management-4 {
+ default-action reject
+ enable-default-log
+ }
+ name peers-to-servers-4 {
+ default-action reject
+ enable-default-log
+ rule 9990 {
+ action reject
+ source {
+ group {
+ network-group AS64512-4
+ }
+ }
+ }
+ rule 9999 {
+ action accept
+ destination {
+ group {
+ network-group AS64512-4
+ }
+ }
+ }
+ }
+ name servers-to-local-4 {
+ default-action reject
+ enable-default-log
+ rule 500 {
+ action accept
+ protocol icmp
+ }
+ rule 501 {
+ action accept
+ protocol vrrp
+ source {
+ group {
+ address-group vrrp-peers-4
+ }
+ }
+ }
+ rule 511 {
+ action accept
+ protocol tcp_udp
+ source {
+ port 53
+ }
+ }
+ }
+ name servers-to-management-4 {
+ default-action reject
+ enable-default-log
+ }
+ name servers-to-peers-4 {
+ default-action reject
+ enable-default-log
+ rule 51 {
+ action accept
+ source {
+ group {
+ network-group AS64512-4
+ }
+ }
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
+high-availability {
+ vrrp {
+ group 11-4 {
+ interface eth0.11
+ priority 200
+ virtual-address 192.0.68.1/27
+ vrid 4
+ }
+ group 11-6 {
+ interface eth0.11
+ priority 200
+ virtual-address 2001:db8:c::1/64
+ vrid 6
+ }
+ group 102-4 {
+ interface eth0.102
+ priority 200
+ virtual-address 192.0.98.1/24
+ vrid 4
+ }
+ group 102-6 {
+ interface eth0.102
+ priority 200
+ virtual-address 2001:db8:0:102::1/64
+ vrid 6
+ }
+ group 105-4 {
+ interface eth0.105
+ priority 200
+ virtual-address 192.0.160.1/24
+ vrid 4
+ }
+ group 105-6 {
+ interface eth0.105
+ priority 200
+ virtual-address 2001:db8:0:105::1/64
+ vrid 6
+ }
+ group 1001-4 {
+ interface eth0.1001
+ priority 200
+ virtual-address 192.0.68.33/27
+ vrid 4
+ }
+ group 1001-6 {
+ interface eth0.1001
+ priority 200
+ virtual-address 2001:db8:0:1001::1/64
+ vrid 6
+ }
+ group 1002-4 {
+ interface eth0.1002
+ priority 200
+ virtual-address 192.0.68.65/26
+ vrid 4
+ }
+ group 1002-6 {
+ interface eth0.1002
+ priority 200
+ virtual-address 2001:db8:0:1002::1/64
+ vrid 6
+ }
+ group 1003-4 {
+ interface eth0.1003
+ priority 200
+ virtual-address 192.0.68.129/25
+ vrid 4
+ }
+ group 1003-6 {
+ interface eth0.1003
+ priority 200
+ virtual-address 2001:db8:0:1003::1/64
+ vrid 6
+ }
+ group 1004-4 {
+ interface eth0.1004
+ priority 200
+ virtual-address 192.0.69.1/24
+ vrid 4
+ }
+ group 1004-6 {
+ interface eth0.1004
+ priority 200
+ virtual-address 2001:db8:0:1004::1/64
+ vrid 6
+ }
+ group 1005-4 {
+ interface eth0.1005
+ priority 200
+ virtual-address 192.0.70.1/28
+ vrid 4
+ }
+ group 1005-6 {
+ interface eth0.1005
+ priority 200
+ virtual-address 2001:db8:0:1005::1/64
+ vrid 6
+ }
+ group 1006-4 {
+ interface eth0.1006
+ priority 200
+ virtual-address 192.0.70.17/28
+ vrid 4
+ }
+ group 1006-6 {
+ interface eth0.1006
+ priority 200
+ virtual-address 2001:db8:0:1006::1/64
+ vrid 6
+ }
+ group 1007-4 {
+ interface eth0.1007
+ priority 200
+ virtual-address 192.0.70.33/27
+ vrid 4
+ }
+ group 1007-6 {
+ interface eth0.1007
+ priority 200
+ virtual-address 2001:db8:0:1007::1/64
+ vrid 6
+ }
+ group 1008-4 {
+ interface eth0.1008
+ priority 200
+ virtual-address 192.0.70.65/26
+ vrid 4
+ }
+ group 1008-6 {
+ interface eth0.1008
+ priority 200
+ virtual-address 2001:db8:0:1008::1/64
+ vrid 6
+ }
+ group 1009-4 {
+ interface eth0.1009
+ priority 200
+ virtual-address 192.0.70.129/28
+ vrid 4
+ }
+ group 1009-6 {
+ interface eth0.1009
+ priority 200
+ virtual-address 2001:db8:0:1009::1/64
+ vrid 6
+ }
+ group 1010-4 {
+ interface eth0.1010
+ priority 200
+ virtual-address 192.0.70.145/28
+ vrid 4
+ }
+ group 1010-6 {
+ interface eth0.1010
+ priority 200
+ virtual-address 2001:db8:0:1010::1/64
+ vrid 6
+ }
+ group 1011-4 {
+ interface eth0.1011
+ priority 200
+ virtual-address 192.0.70.161/28
+ vrid 4
+ }
+ group 1011-6 {
+ interface eth0.1011
+ priority 200
+ virtual-address 2001:db8:0:1011::1/64
+ vrid 6
+ }
+ group 1012-4 {
+ interface eth0.1012
+ priority 200
+ virtual-address 192.0.70.177/28
+ vrid 4
+ }
+ group 1012-6 {
+ interface eth0.1012
+ priority 200
+ virtual-address 2001:db8:0:1012::1/64
+ vrid 6
+ }
+ group 1013-4 {
+ interface eth0.1013
+ priority 200
+ virtual-address 192.0.70.193/27
+ vrid 4
+ }
+ group 1013-6 {
+ interface eth0.1013
+ priority 200
+ virtual-address 2001:db8:0:1013::1/64
+ vrid 6
+ }
+ group 1014-4 {
+ interface eth0.1014
+ priority 200
+ virtual-address 192.0.84.65/26
+ vrid 4
+ }
+ group 1014-6 {
+ interface eth0.1014
+ priority 200
+ virtual-address 2001:db8:0:1014::1/64
+ vrid 6
+ }
+ group 1015-4 {
+ interface eth0.1015
+ priority 200
+ virtual-address 192.0.71.1/26
+ vrid 4
+ }
+ group 1015-6 {
+ interface eth0.1015
+ priority 200
+ virtual-address 2001:db8:0:1015::1/64
+ vrid 6
+ }
+ group 1016-4 {
+ interface eth0.1016
+ priority 200
+ virtual-address 192.0.71.65/27
+ vrid 4
+ }
+ group 1016-6 {
+ interface eth0.1016
+ priority 200
+ virtual-address 2001:db8:0:1016::1/64
+ vrid 6
+ }
+ group 1017-4 {
+ interface eth0.1017
+ priority 200
+ virtual-address 192.0.71.97/28
+ vrid 4
+ }
+ group 1017-6 {
+ interface eth0.1017
+ priority 200
+ virtual-address 2001:db8:0:1017::1/64
+ vrid 6
+ }
+ group 1018-4 {
+ interface eth0.1018
+ priority 200
+ virtual-address 192.0.71.113/28
+ vrid 4
+ }
+ group 1018-6 {
+ interface eth0.1018
+ priority 200
+ virtual-address 2001:db8:0:1018::1/64
+ vrid 6
+ }
+ group 1019-4 {
+ interface eth0.1019
+ priority 200
+ virtual-address 192.0.71.129/26
+ vrid 4
+ }
+ group 1019-6 {
+ interface eth0.1019
+ priority 200
+ virtual-address 2001:db8:0:1019::1/64
+ vrid 6
+ }
+ group 1020-4 {
+ interface eth0.1020
+ priority 200
+ virtual-address 192.0.71.193/26
+ vrid 4
+ }
+ group 1020-6 {
+ interface eth0.1020
+ priority 200
+ virtual-address 2001:db8:0:1020::1/64
+ vrid 6
+ }
+ }
+}
+interfaces {
+ ethernet eth0 {
+ address 192.0.0.11/16
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 11 {
+ address 192.0.68.2/27
+ address 2001:db8:c::2/64
+ }
+ vif 102 {
+ address 192.0.98.2/24
+ address 2001:db8:0:102::2/64
+ }
+ vif 105 {
+ address 192.0.160.2/24
+ address 2001:db8:0:105::2/64
+ }
+ vif 838 {
+ address 192.0.16.210/30
+ address 2001:db8:838::2/64
+ }
+ vif 886 {
+ address 192.0.193.224/21
+ address 2001:db8::3:669:0:1/64
+ }
+ vif 1001 {
+ address 192.0.68.34/27
+ address 2001:db8:0:1001::2/64
+ }
+ vif 1002 {
+ address 192.0.68.66/26
+ address 2001:db8:0:1002::2/64
+ }
+ vif 1003 {
+ address 192.0.68.130/25
+ address 2001:db8:0:1003::2/64
+ }
+ vif 1004 {
+ address 192.0.69.2/24
+ address 2001:db8:0:1004::2/64
+ }
+ vif 1005 {
+ address 192.0.70.2/28
+ address 2001:db8:0:1005::2/64
+ }
+ vif 1006 {
+ address 192.0.70.18/28
+ address 2001:db8:0:1006::2/64
+ }
+ vif 1007 {
+ address 192.0.70.34/27
+ address 2001:db8:0:1007::2/64
+ }
+ vif 1008 {
+ address 192.0.70.66/26
+ address 2001:db8:0:1008::2/64
+ }
+ vif 1009 {
+ address 192.0.70.130/28
+ address 2001:db8:0:1009::2/64
+ }
+ vif 1010 {
+ address 192.0.70.146/28
+ address 2001:db8:0:1010::2/64
+ }
+ vif 1011 {
+ address 192.0.70.162/28
+ address 2001:db8:0:1011::2/64
+ }
+ vif 1012 {
+ address 192.0.70.178/28
+ address 2001:db8:0:1012::2/64
+ }
+ vif 1013 {
+ address 192.0.70.194/27
+ address 2001:db8:0:1013::3/64
+ }
+ vif 1014 {
+ address 192.0.84.66/26
+ address 2001:db8:0:1014::2/64
+ }
+ vif 1015 {
+ address 192.0.71.2/26
+ address 2001:db8:0:1015::2/64
+ }
+ vif 1016 {
+ address 192.0.71.66/27
+ address 2001:db8:0:1016::2/64
+ }
+ vif 1017 {
+ address 192.0.71.98/28
+ address 2001:db8:0:1017::2/64
+ }
+ vif 1018 {
+ address 192.0.71.114/28
+ address 2001:db8:0:1018::2/64
+ }
+ vif 1019 {
+ address 192.0.71.130/26
+ address 2001:db8:0:1019::2/64
+ }
+ vif 1020 {
+ address 192.0.71.194/26
+ address 2001:db8:0:1020::2/64
+ }
+ vif 4088 {
+ address 2001:db8:24::c7/64
+ address 192.0.52.199/23
+ }
+ vif 4089 {
+ address 192.0.176.194/30
+ address 2001:db8:1000::2ea/126
+ }
+ }
+ loopback lo {
+ }
+}
+policy {
+ as-path-list AS64513-AS64514 {
+ rule 10 {
+ action permit
+ regex "^64513 64514$"
+ }
+ }
+ as-path-list AS64512 {
+ rule 10 {
+ action permit
+ regex ^$
+ }
+ }
+ prefix-list defaultV4 {
+ rule 10 {
+ action permit
+ prefix 0.0.0.0/0
+ }
+ }
+ prefix-list hostrouteV4 {
+ rule 10 {
+ action permit
+ ge 32
+ prefix 192.0.160.0/24
+ }
+ rule 20 {
+ action permit
+ ge 32
+ prefix 192.0.98.0/24
+ }
+ rule 30 {
+ action permit
+ ge 32
+ prefix 192.0.68.0/22
+ }
+ rule 40 {
+ action permit
+ ge 32
+ prefix 192.0.84.0/22
+ }
+ }
+ prefix-list vyosV4 {
+ rule 10 {
+ action permit
+ prefix 192.0.160.0/24
+ }
+ rule 20 {
+ action permit
+ prefix 192.0.98.0/24
+ }
+ rule 30 {
+ action permit
+ prefix 192.0.68.0/22
+ }
+ rule 40 {
+ action permit
+ prefix 192.0.84.0/22
+ }
+ }
+ prefix-list privateV4 {
+ rule 10 {
+ action permit
+ le 32
+ prefix 192.0.0.0/8
+ }
+ rule 20 {
+ action permit
+ le 32
+ prefix 192.0.0.0/12
+ }
+ rule 30 {
+ action permit
+ le 32
+ prefix 192.0.0.0/16
+ }
+ }
+ prefix-list6 all6 {
+ rule 10 {
+ action permit
+ ge 4
+ prefix 2000::/3
+ }
+ }
+ prefix-list6 hostrouteV6 {
+ rule 20 {
+ action permit
+ ge 128
+ prefix 2001:db8::/29
+ }
+ }
+ prefix-list6 vyosV6 {
+ rule 20 {
+ action permit
+ prefix 2001:db8::/29
+ }
+ }
+ prefix-list6 privateV6 {
+ rule 10 {
+ action permit
+ prefix fc00::/7
+ }
+ }
+ route-map ExportRouteMap {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64515 {
+ rule 10 {
+ action permit
+ match {
+ ipv6 {
+ address {
+ prefix-list all6
+ }
+ }
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list defaultV4
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64516 {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 65000:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64517 {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 64517:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 64517:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ExportRouteMapAS64513 {
+ rule 5 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list hostrouteV4
+ }
+ }
+ }
+ set {
+ community 64513:666
+ }
+ }
+ rule 10 {
+ action permit
+ match {
+ as-path AS64512
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list hostrouteV6
+ }
+ }
+ }
+ set {
+ community 64513:666
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ as-path AS64512
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 100 {
+ action deny
+ }
+ }
+ route-map ImportRouteMap {
+ rule 10 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list privateV4
+ }
+ }
+ }
+ }
+ rule 15 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list privateV6
+ }
+ }
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list vyosV4
+ }
+ }
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list vyosV6
+ }
+ }
+ }
+ }
+ rule 40 {
+ action deny
+ match {
+ as-path AS64512
+ }
+ }
+ rule 50 {
+ action permit
+ match {
+ as-path AS64513-AS64514
+ }
+ set {
+ weight 10001
+ }
+ }
+ rule 65535 {
+ action permit
+ }
+ }
+}
+protocols {
+ bgp 64500 {
+ address-family {
+ ipv4-unicast {
+ network 192.0.98.0/24 {
+ }
+ network 192.0.160.0/24 {
+ }
+ network 192.0.68.0/22 {
+ }
+ network 192.0.84.0/22 {
+ }
+ redistribute {
+ static {
+ route-map ExportRouteMap
+ }
+ }
+ }
+ ipv6-unicast {
+ network 2001:db8::/29 {
+ }
+ redistribute {
+ static {
+ route-map ExportRouteMap
+ }
+ }
+ }
+ }
+ neighbor 192.0.16.209 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMapAS64516
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64501
+ }
+ neighbor 192.0.192.6 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 100
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64502
+ }
+ neighbor 192.0.192.157 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 350000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64503
+ }
+ neighbor 192.0.192.228 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64504
+ }
+ neighbor 192.0.193.157 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 350000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64505
+ }
+ neighbor 192.0.193.202 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64506
+ }
+ neighbor 192.0.193.223 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64507
+ }
+ neighbor 192.0.194.161 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64508
+ }
+ neighbor 192.0.194.171 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64509
+ }
+ neighbor 192.0.176.193 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMapAS64516
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64510
+ }
+ neighbor 192.0.52.12 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 300
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64511
+ }
+ neighbor 192.0.52.17 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 75
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password vyosvyos
+ remote-as 64512
+ }
+ neighbor 192.0.52.24 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 300
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64513
+ }
+ neighbor 192.0.52.32 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password vyosfoooo
+ remote-as 64514
+ }
+ neighbor 192.0.52.34 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64515
+ }
+ neighbor 192.0.52.46 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64516
+ }
+ neighbor 192.0.52.49 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 75
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password secret
+ remote-as 64517
+ }
+ neighbor 192.0.52.74 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 15000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password secretvyos
+ remote-as 64518
+ }
+ neighbor 192.0.52.94 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 250
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64519
+ }
+ neighbor 192.0.52.100 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64520
+ }
+ neighbor 192.0.52.119 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 30
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64521
+ }
+ neighbor 192.0.52.165 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 50
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64522
+ }
+ neighbor 192.0.52.170 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 150000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64523
+ }
+ neighbor 192.0.52.171 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 10000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64524
+ }
+ neighbor 192.0.52.179 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 20
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64525
+ }
+ neighbor 192.0.52.189 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 1000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64526
+ }
+ neighbor 192.0.52.210 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 15
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64527
+ }
+ neighbor 192.0.52.211 {
+ address-family {
+ ipv4-unicast {
+ maximum-prefix 15
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64528
+ }
+ neighbor 192.0.52.251 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ weight 1010
+ }
+ }
+ remote-as 64529
+ }
+ neighbor 192.0.52.252 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMap
+ }
+ weight 1010
+ }
+ }
+ remote-as 64530
+ }
+ neighbor 192.0.52.253 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export ExportRouteMapAS64515
+ import ImportRouteMap
+ }
+ }
+ }
+ passive
+ remote-as 64531
+ }
+ neighbor 192.0.68.3 {
+ address-family {
+ ipv4-unicast {
+ nexthop-self
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ remote-as 64532
+ update-source 192.0.68.2
+ }
+ neighbor 2001:db8:838::1 {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export ExportRouteMapAS64516
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64533
+ }
+ neighbor 2001:db8:c::3 {
+ address-family {
+ ipv6-unicast {
+ nexthop-self
+ soft-reconfiguration {
+ inbound
+ }
+ }
+ }
+ remote-as 64534
+ update-source 2001:db8:c::2
+ }
+ neighbor 2001:db8:24::2e {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 5
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password vyossecret
+ remote-as 64535
+ }
+ neighbor 2001:db8:24::4a {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 1000
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64536
+ }
+ neighbor 2001:db8:24::5e {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 200
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64537
+ }
+ neighbor 2001:db8:24::11 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 20
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64538
+ }
+ neighbor 2001:db8:24::18 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 300
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64539
+ }
+ neighbor 2001:db8:24::20 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64540
+ }
+ neighbor 2001:db8:24::22 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 5
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64541
+ }
+ neighbor 2001:db8:24::31 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 20
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64542
+ }
+ neighbor 2001:db8:24::58 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 15
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64543
+ }
+ neighbor 2001:db8:24::64 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password geheim
+ remote-as 64544
+ }
+ neighbor 2001:db8:24::a5 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 10
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64545
+ }
+ neighbor 2001:db8:24::aa {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64546
+ }
+ neighbor 2001:db8:24::ab {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 1800
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ remote-as 64547
+ }
+ neighbor 2001:db8:24::b0 {
+ address-family {
+ ipv6-unicast {
+ maximum-prefix 5
+ route-map {
+ export ExportRouteMap
+ import ImportRouteMap
+ }
+ }
+ }
+ password secret123
+ remote-as 64548
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ log-neighbor-changes
+ router-id 192.0.68.2
+ }
+ }
+ static {
+ route 192.0.98.0/24 {
+ blackhole {
+ }
+ }
+ route 192.0.160.0/24 {
+ blackhole {
+ }
+ }
+ route 192.0.68.0/22 {
+ blackhole {
+ }
+ }
+ route 192.0.84.0/22 {
+ blackhole {
+ }
+ }
+ route6 2001:db8::/29 {
+ blackhole {
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ flow-accounting {
+ disable-imt
+ interface eth0.4088
+ interface eth0.4089
+ netflow {
+ engine-id 1
+ server 192.0.2.55 {
+ port 2055
+ }
+ version 9
+ }
+ syslog-facility daemon
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 2001:db8::1
+ name-server 2001:db8::2
+ name-server 192.0.2.1
+ name-server 192.0.2.2
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level all
+ }
+ preserve-fqdn
+ }
+ }
+ time-zone Europe/Zurich
+}
+zone-policy {
+ zone local {
+ default-action drop
+ from management {
+ firewall {
+ ipv6-name management-to-local-6
+ name management-to-local-4
+ }
+ }
+ from peers {
+ firewall {
+ ipv6-name peers-to-local-6
+ name peers-to-local-4
+ }
+ }
+ from servers {
+ firewall {
+ ipv6-name servers-to-local-6
+ name servers-to-local-4
+ }
+ }
+ local-zone
+ }
+ zone management {
+ default-action reject
+ from peers {
+ firewall {
+ ipv6-name peers-to-management-6
+ name peers-to-management-4
+ }
+ }
+ from servers {
+ firewall {
+ ipv6-name servers-to-management-6
+ name servers-to-management-4
+ }
+ }
+ interface eth0
+ }
+ zone peers {
+ default-action reject
+ from management {
+ firewall {
+ ipv6-name management-to-peers-6
+ name management-to-peers-4
+ }
+ }
+ from servers {
+ firewall {
+ ipv6-name servers-to-peers-6
+ name servers-to-peers-4
+ }
+ }
+ interface eth0.4088
+ interface eth0.4089
+ interface eth0.11
+ interface eth0.838
+ interface eth0.886
+ }
+ zone servers {
+ default-action reject
+ from management {
+ firewall {
+ ipv6-name management-to-servers-6
+ name management-to-servers-4
+ }
+ }
+ from peers {
+ firewall {
+ ipv6-name peers-to-servers-6
+ name peers-to-servers-4
+ }
+ }
+ interface eth0.1001
+ interface eth0.105
+ interface eth0.102
+ interface eth0.1019
+ interface eth0.1014
+ interface eth0.1020
+ interface eth0.1018
+ interface eth0.1013
+ interface eth0.1012
+ interface eth0.1011
+ interface eth0.1010
+ interface eth0.1009
+ interface eth0.1006
+ interface eth0.1005
+ interface eth0.1017
+ interface eth0.1016
+ interface eth0.1002
+ interface eth0.1015
+ interface eth0.1003
+ interface eth0.1004
+ interface eth0.1007
+ interface eth0.1008
+ }
+}
+
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.5 */