firewall { all-ping enable broadcast-ping disable config-trap disable group { address-group bgp-peers-4 { address 192.0.68.3 address 192.0.68.2 address 192.0.176.193 address 192.0.52.0-192.0.52.255 address 192.0.53.0-192.0.53.255 address 192.0.16.209 address 192.0.192.0-192.0.192.255 address 192.0.193.0-192.0.193.255 address 192.0.194.0-192.0.194.255 address 192.0.195.0-192.0.195.255 address 192.0.196.0-192.0.196.255 address 192.0.197.0-192.0.197.255 address 192.0.198.0-192.0.198.255 address 192.0.199.0-192.0.199.255 } address-group vrrp-peers-4 { address 192.0.68.3 address 192.0.160.3 address 192.0.98.3 address 192.0.71.131 address 192.0.84.67 address 192.0.71.195 address 192.0.71.115 address 192.0.70.195 address 192.0.70.179 address 192.0.70.163 address 192.0.70.147 address 192.0.70.131 address 192.0.70.19 address 192.0.70.3 address 192.0.71.99 address 192.0.68.67 address 192.0.71.67 address 192.0.71.3 address 192.0.68.35 address 192.0.68.131 address 192.0.69.2 address 192.0.70.35 address 192.0.70.67 } ipv6-address-group bgp-peers-6 { address 2001:db8:c::3 address 2001:db8:1000::2e9 address 2001:db8:24::fb address 2001:db8:24::fc address 2001:db8:24::fd address 2001:db8:24::2e address 2001:db8:24::3d address 2001:db8:24::4a address 2001:db8:24::5e address 2001:db8:24::7 address 2001:db8:24::11 address 2001:db8:24::18 address 2001:db8:24::20 address 2001:db8:24::22 address 2001:db8:24::31 address 2001:db8:24::58 address 2001:db8:24::64 address 2001:db8:24::a5 address 2001:db8:24::aa address 2001:db8:24::ab address 2001:db8:24::b0 address 2001:db8:24::b3 address 2001:db8:24::bd address 2001:db8:24::c address 2001:db8:24::d2 address 2001:db8:24::d3 address 2001:db8:838::1 address 2001:db8::1a27:5051:c09d address 2001:db8::1a27:5051:c19d address 2001:db8::20ad:0:1 address 2001:db8::2306:0:1 address 2001:db8::2ca:0:1 address 2001:db8::2ca:0:2 address 2001:db8::2ca:0:3 address 2001:db8::2ca:0:4 } ipv6-address-group vrrp-peers-6 { address fe80::fe89:15cf } ipv6-network-group AS64512-6 { network 2001::/29 } network-group AS64512-4 { network 192.0.68.0/22 network 192.0.98.0/24 network 192.0.160.0/24 network 192.0.84.0/22 } } ipv6-name management-to-local-6 { default-action reject enable-default-log } ipv6-name management-to-peers-6 { default-action reject enable-default-log } ipv6-name management-to-servers-6 { default-action reject enable-default-log } ipv6-name peers-to-local-6 { default-action reject enable-default-log rule 500 { action accept protocol icmpv6 } rule 501 { action accept protocol vrrp source { group { address-group vrrp-peers-6 } } } rule 502 { action accept destination { port bgp } protocol tcp source { group { address-group bgp-peers-6 } } } rule 503 { action accept protocol tcp source { group { address-group bgp-peers-6 } port bgp } } } ipv6-name peers-to-management-6 { default-action reject enable-default-log } ipv6-name peers-to-servers-6 { default-action reject enable-default-log rule 9990 { action reject source { group { network-group AS64512-6 } } } rule 9999 { action accept destination { group { network-group AS64512-6 } } } } ipv6-name servers-to-local-6 { default-action reject enable-default-log rule 500 { action accept protocol icmpv6 } rule 501 { action accept protocol vrrp source { group { address-group vrrp-peers-6 } } } rule 511 { action accept protocol tcp_udp source { port 53 } } } ipv6-name servers-to-management-6 { default-action reject enable-default-log } ipv6-name servers-to-peers-6 { default-action reject enable-default-log rule 51 { action accept source { group { network-group AS64512-6 } } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name management-to-local-4 { default-action reject enable-default-log rule 500 { action accept protocol icmp } rule 501 { action accept destination { port 22 } protocol tcp } rule 502 { action accept destination { port snmp } protocol udp } } name management-to-peers-4 { default-action reject enable-default-log } name management-to-servers-4 { default-action reject enable-default-log } name peers-to-local-4 { default-action reject enable-default-log rule 500 { action accept protocol icmp } rule 501 { action accept protocol vrrp source { group { address-group vrrp-peers-4 } } } rule 502 { action accept destination { port bgp } protocol tcp source { group { address-group bgp-peers-4 } } } rule 503 { action accept protocol tcp source { group { address-group bgp-peers-4 } port bgp } } } name peers-to-management-4 { default-action reject enable-default-log } name peers-to-servers-4 { default-action reject enable-default-log rule 9990 { action reject source { group { network-group AS64512-4 } } } rule 9999 { action accept destination { group { network-group AS64512-4 } } } } name servers-to-local-4 { default-action reject enable-default-log rule 500 { action accept protocol icmp } rule 501 { action accept protocol vrrp source { group { address-group vrrp-peers-4 } } } rule 511 { action accept protocol tcp_udp source { port 53 } } } name servers-to-management-4 { default-action reject enable-default-log } name servers-to-peers-4 { default-action reject enable-default-log rule 51 { action accept source { group { network-group AS64512-4 } } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable twa-hazards-protection disable } high-availability { vrrp { group 11-4 { interface eth0.11 priority 200 virtual-address 192.0.68.1/27 vrid 4 } group 11-6 { interface eth0.11 priority 200 virtual-address 2001:db8:c::1/64 vrid 6 } group 102-4 { interface eth0.102 priority 200 virtual-address 192.0.98.1/24 vrid 4 } group 102-6 { interface eth0.102 priority 200 virtual-address 2001:db8:0:102::1/64 vrid 6 } group 105-4 { interface eth0.105 priority 200 virtual-address 192.0.160.1/24 vrid 4 } group 105-6 { interface eth0.105 priority 200 virtual-address 2001:db8:0:105::1/64 vrid 6 } group 1001-4 { interface eth0.1001 priority 200 virtual-address 192.0.68.33/27 vrid 4 } group 1001-6 { interface eth0.1001 priority 200 virtual-address 2001:db8:0:1001::1/64 vrid 6 } group 1002-4 { interface eth0.1002 priority 200 virtual-address 192.0.68.65/26 vrid 4 } group 1002-6 { interface eth0.1002 priority 200 virtual-address 2001:db8:0:1002::1/64 vrid 6 } group 1003-4 { interface eth0.1003 priority 200 virtual-address 192.0.68.129/25 vrid 4 } group 1003-6 { interface eth0.1003 priority 200 virtual-address 2001:db8:0:1003::1/64 vrid 6 } group 1004-4 { interface eth0.1004 priority 200 virtual-address 192.0.69.1/24 vrid 4 } group 1004-6 { interface eth0.1004 priority 200 virtual-address 2001:db8:0:1004::1/64 vrid 6 } group 1005-4 { interface eth0.1005 priority 200 virtual-address 192.0.70.1/28 vrid 4 } group 1005-6 { interface eth0.1005 priority 200 virtual-address 2001:db8:0:1005::1/64 vrid 6 } group 1006-4 { interface eth0.1006 priority 200 virtual-address 192.0.70.17/28 vrid 4 } group 1006-6 { interface eth0.1006 priority 200 virtual-address 2001:db8:0:1006::1/64 vrid 6 } group 1007-4 { interface eth0.1007 priority 200 virtual-address 192.0.70.33/27 vrid 4 } group 1007-6 { interface eth0.1007 priority 200 virtual-address 2001:db8:0:1007::1/64 vrid 6 } group 1008-4 { interface eth0.1008 priority 200 virtual-address 192.0.70.65/26 vrid 4 } group 1008-6 { interface eth0.1008 priority 200 virtual-address 2001:db8:0:1008::1/64 vrid 6 } group 1009-4 { interface eth0.1009 priority 200 virtual-address 192.0.70.129/28 vrid 4 } group 1009-6 { interface eth0.1009 priority 200 virtual-address 2001:db8:0:1009::1/64 vrid 6 } group 1010-4 { interface eth0.1010 priority 200 virtual-address 192.0.70.145/28 vrid 4 } group 1010-6 { interface eth0.1010 priority 200 virtual-address 2001:db8:0:1010::1/64 vrid 6 } group 1011-4 { interface eth0.1011 priority 200 virtual-address 192.0.70.161/28 vrid 4 } group 1011-6 { interface eth0.1011 priority 200 virtual-address 2001:db8:0:1011::1/64 vrid 6 } group 1012-4 { interface eth0.1012 priority 200 virtual-address 192.0.70.177/28 vrid 4 } group 1012-6 { interface eth0.1012 priority 200 virtual-address 2001:db8:0:1012::1/64 vrid 6 } group 1013-4 { interface eth0.1013 priority 200 virtual-address 192.0.70.193/27 vrid 4 } group 1013-6 { interface eth0.1013 priority 200 virtual-address 2001:db8:0:1013::1/64 vrid 6 } group 1014-4 { interface eth0.1014 priority 200 virtual-address 192.0.84.65/26 vrid 4 } group 1014-6 { interface eth0.1014 priority 200 virtual-address 2001:db8:0:1014::1/64 vrid 6 } group 1015-4 { interface eth0.1015 priority 200 virtual-address 192.0.71.1/26 vrid 4 } group 1015-6 { interface eth0.1015 priority 200 virtual-address 2001:db8:0:1015::1/64 vrid 6 } group 1016-4 { interface eth0.1016 priority 200 virtual-address 192.0.71.65/27 vrid 4 } group 1016-6 { interface eth0.1016 priority 200 virtual-address 2001:db8:0:1016::1/64 vrid 6 } group 1017-4 { interface eth0.1017 priority 200 virtual-address 192.0.71.97/28 vrid 4 } group 1017-6 { interface eth0.1017 priority 200 virtual-address 2001:db8:0:1017::1/64 vrid 6 } group 1018-4 { interface eth0.1018 priority 200 virtual-address 192.0.71.113/28 vrid 4 } group 1018-6 { interface eth0.1018 priority 200 virtual-address 2001:db8:0:1018::1/64 vrid 6 } group 1019-4 { interface eth0.1019 priority 200 virtual-address 192.0.71.129/26 vrid 4 } group 1019-6 { interface eth0.1019 priority 200 virtual-address 2001:db8:0:1019::1/64 vrid 6 } group 1020-4 { interface eth0.1020 priority 200 virtual-address 192.0.71.193/26 vrid 4 } group 1020-6 { interface eth0.1020 priority 200 virtual-address 2001:db8:0:1020::1/64 vrid 6 } } } interfaces { ethernet eth0 { address 192.0.0.11/16 duplex auto smp-affinity auto speed auto vif 11 { address 192.0.68.2/27 address 2001:db8:c::2/64 } vif 102 { address 192.0.98.2/24 address 2001:db8:0:102::2/64 } vif 105 { address 192.0.160.2/24 address 2001:db8:0:105::2/64 } vif 838 { address 192.0.16.210/30 address 2001:db8:838::2/64 } vif 886 { address 192.0.193.224/21 address 2001:db8::3:669:0:1/64 } vif 1001 { address 192.0.68.34/27 address 2001:db8:0:1001::2/64 } vif 1002 { address 192.0.68.66/26 address 2001:db8:0:1002::2/64 } vif 1003 { address 192.0.68.130/25 address 2001:db8:0:1003::2/64 } vif 1004 { address 192.0.69.2/24 address 2001:db8:0:1004::2/64 } vif 1005 { address 192.0.70.2/28 address 2001:db8:0:1005::2/64 } vif 1006 { address 192.0.70.18/28 address 2001:db8:0:1006::2/64 } vif 1007 { address 192.0.70.34/27 address 2001:db8:0:1007::2/64 } vif 1008 { address 192.0.70.66/26 address 2001:db8:0:1008::2/64 } vif 1009 { address 192.0.70.130/28 address 2001:db8:0:1009::2/64 } vif 1010 { address 192.0.70.146/28 address 2001:db8:0:1010::2/64 } vif 1011 { address 192.0.70.162/28 address 2001:db8:0:1011::2/64 } vif 1012 { address 192.0.70.178/28 address 2001:db8:0:1012::2/64 } vif 1013 { address 192.0.70.194/27 address 2001:db8:0:1013::3/64 } vif 1014 { address 192.0.84.66/26 address 2001:db8:0:1014::2/64 } vif 1015 { address 192.0.71.2/26 address 2001:db8:0:1015::2/64 } vif 1016 { address 192.0.71.66/27 address 2001:db8:0:1016::2/64 } vif 1017 { address 192.0.71.98/28 address 2001:db8:0:1017::2/64 } vif 1018 { address 192.0.71.114/28 address 2001:db8:0:1018::2/64 } vif 1019 { address 192.0.71.130/26 address 2001:db8:0:1019::2/64 } vif 1020 { address 192.0.71.194/26 address 2001:db8:0:1020::2/64 } vif 4088 { address 2001:db8:24::c7/64 address 192.0.52.199/23 } vif 4089 { address 192.0.176.194/30 address 2001:db8:1000::2ea/126 } } loopback lo { } } policy { as-path-list AS64513-AS64514 { rule 10 { action permit regex "^64513 64514$" } } as-path-list AS64512 { rule 10 { action permit regex ^$ } } prefix-list defaultV4 { rule 10 { action permit prefix 0.0.0.0/0 } } prefix-list hostrouteV4 { rule 10 { action permit ge 32 prefix 192.0.160.0/24 } rule 20 { action permit ge 32 prefix 192.0.98.0/24 } rule 30 { action permit ge 32 prefix 192.0.68.0/22 } rule 40 { action permit ge 32 prefix 192.0.84.0/22 } } prefix-list vyosV4 { rule 10 { action permit prefix 192.0.160.0/24 } rule 20 { action permit prefix 192.0.98.0/24 } rule 30 { action permit prefix 192.0.68.0/22 } rule 40 { action permit prefix 192.0.84.0/22 } } prefix-list privateV4 { rule 10 { action permit le 32 prefix 192.0.0.0/8 } rule 20 { action permit le 32 prefix 192.0.0.0/12 } rule 30 { action permit le 32 prefix 192.0.0.0/16 } } prefix-list6 all6 { rule 10 { action permit ge 4 prefix 2000::/3 } } prefix-list6 hostrouteV6 { rule 20 { action permit ge 128 prefix 2001:db8::/29 } } prefix-list6 vyosV6 { rule 20 { action permit prefix 2001:db8::/29 } } prefix-list6 privateV6 { rule 10 { action permit prefix fc00::/7 } } route-map ExportRouteMap { rule 5 { action permit match { as-path AS64512 ip { address { prefix-list hostrouteV4 } } } set { community 65000:666 } } rule 10 { action permit match { as-path AS64512 ip { address { prefix-list vyosV4 } } } } rule 15 { action permit match { as-path AS64512 ipv6 { address { prefix-list hostrouteV6 } } } set { community 65000:666 } } rule 20 { action permit match { as-path AS64512 ipv6 { address { prefix-list vyosV6 } } } } rule 100 { action deny } } route-map ExportRouteMapAS64515 { rule 10 { action permit match { ipv6 { address { prefix-list all6 } } } } rule 20 { action deny match { ip { address { prefix-list defaultV4 } } } } rule 100 { action deny } } route-map ExportRouteMapAS64516 { rule 5 { action permit match { as-path AS64512 ip { address { prefix-list hostrouteV4 } } } set { community 65000:666 } } rule 10 { action permit match { as-path AS64512 ip { address { prefix-list vyosV4 } } } } rule 15 { action permit match { as-path AS64512 ipv6 { address { prefix-list hostrouteV6 } } } set { community 65000:666 } } rule 20 { action permit match { as-path AS64512 ipv6 { address { prefix-list vyosV6 } } } set { as-path-exclude "100 200 300" as-path-prepend "64512 64512 64512" } } rule 100 { action deny } } route-map ExportRouteMapAS64517 { rule 5 { action permit match { as-path AS64512 ip { address { prefix-list hostrouteV4 } } } set { community 64517:666 } } rule 10 { action permit match { as-path AS64512 ip { address { prefix-list vyosV4 } } } } rule 15 { action permit match { as-path AS64512 ipv6 { address { prefix-list hostrouteV6 } } } set { community 64517:666 } } rule 20 { action permit match { as-path AS64512 ipv6 { address { prefix-list vyosV6 } } } } rule 100 { action deny } } route-map ExportRouteMapAS64513 { rule 5 { action permit match { as-path AS64512 ip { address { prefix-list hostrouteV4 } } } set { community 64513:666 } } rule 10 { action permit match { as-path AS64512 ip { address { prefix-list vyosV4 } } } } rule 15 { action permit match { as-path AS64512 ipv6 { address { prefix-list hostrouteV6 } } } set { community 64513:666 } } rule 20 { action permit match { as-path AS64512 ipv6 { address { prefix-list vyosV6 } } } } rule 100 { action deny } } route-map ImportRouteMap { rule 10 { action deny match { ip { address { prefix-list privateV4 } } } } rule 15 { action deny match { ipv6 { address { prefix-list privateV6 } } } } rule 20 { action deny match { ip { address { prefix-list vyosV4 } } } } rule 30 { action deny match { ipv6 { address { prefix-list vyosV6 } } } } rule 40 { action deny match { as-path AS64512 } } rule 50 { action permit match { as-path AS64513-AS64514 } set { weight 10001 } } rule 65535 { action permit } } } protocols { bgp 64500 { address-family { ipv4-unicast { network 192.0.98.0/24 { } network 192.0.160.0/24 { } network 192.0.68.0/22 { } network 192.0.84.0/22 { } redistribute { static { route-map ExportRouteMap } } } ipv6-unicast { network 2001:db8::/29 { } redistribute { static { route-map ExportRouteMap } } } } maximum-paths { ebgp 8 ibgp 16 } neighbor 192.0.16.209 { address-family { ipv4-unicast { route-map { export ExportRouteMapAS64516 import ImportRouteMap } } } remote-as 64501 } neighbor 192.0.192.6 { address-family { ipv4-unicast { maximum-prefix 100 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64502 } neighbor 192.0.192.157 { address-family { ipv4-unicast { maximum-prefix 350000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64503 } neighbor 192.0.192.228 { address-family { ipv4-unicast { maximum-prefix 10000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64504 } neighbor 192.0.193.157 { address-family { ipv4-unicast { maximum-prefix 350000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64505 } neighbor 192.0.193.202 { address-family { ipv4-unicast { maximum-prefix 10000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64506 } neighbor 192.0.193.223 { address-family { ipv4-unicast { maximum-prefix 10000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64507 } neighbor 192.0.194.161 { address-family { ipv4-unicast { maximum-prefix 10000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64508 } neighbor 192.0.194.171 { address-family { ipv4-unicast { maximum-prefix 10000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64509 } neighbor 192.0.176.193 { address-family { ipv4-unicast { route-map { export ExportRouteMapAS64516 import ImportRouteMap } } } remote-as 64510 } neighbor 192.0.52.12 { address-family { ipv4-unicast { maximum-prefix 300 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64511 } neighbor 192.0.52.17 { address-family { ipv4-unicast { maximum-prefix 75 route-map { export ExportRouteMap import ImportRouteMap } } } password vyosvyos remote-as 64512 } neighbor 192.0.52.24 { address-family { ipv4-unicast { maximum-prefix 300 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64513 } neighbor 192.0.52.32 { address-family { ipv4-unicast { maximum-prefix 50 route-map { export ExportRouteMap import ImportRouteMap } } } password vyosfoooo remote-as 64514 } neighbor 192.0.52.34 { address-family { ipv4-unicast { maximum-prefix 10 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64515 } neighbor 192.0.52.46 { address-family { ipv4-unicast { maximum-prefix 10 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64516 } neighbor 192.0.52.49 { address-family { ipv4-unicast { maximum-prefix 75 route-map { export ExportRouteMap import ImportRouteMap } } } password secret remote-as 64517 } neighbor 192.0.52.74 { address-family { ipv4-unicast { maximum-prefix 15000 route-map { export ExportRouteMap import ImportRouteMap } } } password secretvyos remote-as 64518 } neighbor 192.0.52.94 { address-family { ipv4-unicast { maximum-prefix 250 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64519 } neighbor 192.0.52.100 { address-family { ipv4-unicast { maximum-prefix 50 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64520 } neighbor 192.0.52.119 { address-family { ipv4-unicast { maximum-prefix 30 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64521 } neighbor 192.0.52.165 { address-family { ipv4-unicast { maximum-prefix 50 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64522 } neighbor 192.0.52.170 { address-family { ipv4-unicast { maximum-prefix 150000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64523 } neighbor 192.0.52.171 { address-family { ipv4-unicast { maximum-prefix 10000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64524 } neighbor 192.0.52.179 { address-family { ipv4-unicast { maximum-prefix 20 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64525 } neighbor 192.0.52.189 { address-family { ipv4-unicast { maximum-prefix 1000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64526 } neighbor 192.0.52.210 { address-family { ipv4-unicast { maximum-prefix 15 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64527 } neighbor 192.0.52.211 { address-family { ipv4-unicast { maximum-prefix 15 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64528 } neighbor 192.0.52.251 { address-family { ipv4-unicast { route-map { export ExportRouteMap import ImportRouteMap } weight 1010 } } remote-as 64529 } neighbor 192.0.52.252 { address-family { ipv4-unicast { route-map { export ExportRouteMap } weight 1010 } } remote-as 64530 } neighbor 192.0.52.253 { address-family { ipv4-unicast { route-map { export ExportRouteMapAS64515 import ImportRouteMap } } } passive remote-as 64531 } neighbor 192.0.68.3 { address-family { ipv4-unicast { nexthop-self soft-reconfiguration { inbound } } } remote-as 64532 update-source 192.0.68.2 } neighbor 2001:db8:838::1 { address-family { ipv6-unicast { route-map { export ExportRouteMapAS64516 import ImportRouteMap } } } remote-as 64533 } neighbor 2001:db8:c::3 { address-family { ipv6-unicast { nexthop-self soft-reconfiguration { inbound } } } remote-as 64534 update-source 2001:db8:c::2 } neighbor 2001:db8:24::2e { address-family { ipv6-unicast { maximum-prefix 5 route-map { export ExportRouteMap import ImportRouteMap } } } password vyossecret remote-as 64535 } neighbor 2001:db8:24::4a { address-family { ipv6-unicast { maximum-prefix 1000 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64536 } neighbor 2001:db8:24::5e { address-family { ipv6-unicast { maximum-prefix 200 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64537 } neighbor 2001:db8:24::11 { address-family { ipv6-unicast { maximum-prefix 20 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64538 } neighbor 2001:db8:24::18 { address-family { ipv6-unicast { maximum-prefix 300 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64539 } neighbor 2001:db8:24::20 { address-family { ipv6-unicast { maximum-prefix 10 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64540 } neighbor 2001:db8:24::22 { address-family { ipv6-unicast { maximum-prefix 5 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64541 } neighbor 2001:db8:24::31 { address-family { ipv6-unicast { maximum-prefix 20 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64542 } neighbor 2001:db8:24::58 { address-family { ipv6-unicast { maximum-prefix 15 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64543 } neighbor 2001:db8:24::64 { address-family { ipv6-unicast { maximum-prefix 10 route-map { export ExportRouteMap import ImportRouteMap } } } password geheim remote-as 64544 } neighbor 2001:db8:24::a5 { address-family { ipv6-unicast { maximum-prefix 10 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64545 } neighbor 2001:db8:24::aa { address-family { ipv6-unicast { route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64546 } neighbor 2001:db8:24::ab { address-family { ipv6-unicast { maximum-prefix 1800 route-map { export ExportRouteMap import ImportRouteMap } } } remote-as 64547 } neighbor 2001:db8:24::b0 { address-family { ipv6-unicast { maximum-prefix 5 route-map { export ExportRouteMap import ImportRouteMap } } } password secret123 remote-as 64548 } parameters { default { no-ipv4-unicast } log-neighbor-changes router-id 192.0.68.2 } } static { route 192.0.98.0/24 { blackhole { } } route 192.0.160.0/24 { blackhole { } } route 192.0.68.0/22 { blackhole { } } route 192.0.84.0/22 { blackhole { } } route6 2001:db8::/29 { blackhole { } } } } system { config-management { commit-revisions 100 } console { device ttyS0 { speed 115200 } } flow-accounting { disable-imt interface eth0.4088 interface eth0.4089 netflow { engine-id 1 server 192.0.2.55 { port 2055 } version 9 } sflow { agent-address auto server 1.2.3.4 { port 1234 } } syslog-facility daemon } host-name vyos login { user vyos { authentication { encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ plaintext-password "" } } } name-server 2001:db8::1 name-server 2001:db8::2 name-server 192.0.2.1 name-server 192.0.2.2 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } syslog { global { facility all { level all } preserve-fqdn } } time-zone Europe/Zurich } zone-policy { zone local { default-action drop from management { firewall { ipv6-name management-to-local-6 name management-to-local-4 } } from peers { firewall { ipv6-name peers-to-local-6 name peers-to-local-4 } } from servers { firewall { ipv6-name servers-to-local-6 name servers-to-local-4 } } local-zone } zone management { default-action reject from peers { firewall { ipv6-name peers-to-management-6 name peers-to-management-4 } } from servers { firewall { ipv6-name servers-to-management-6 name servers-to-management-4 } } interface eth0 } zone peers { default-action reject from management { firewall { ipv6-name management-to-peers-6 name management-to-peers-4 } } from servers { firewall { ipv6-name servers-to-peers-6 name servers-to-peers-4 } } interface eth0.4088 interface eth0.4089 interface eth0.11 interface eth0.838 interface eth0.886 } zone servers { default-action reject from management { firewall { ipv6-name management-to-servers-6 name management-to-servers-4 } } from peers { firewall { ipv6-name peers-to-servers-6 name peers-to-servers-4 } } interface eth0.1001 interface eth0.105 interface eth0.102 interface eth0.1019 interface eth0.1014 interface eth0.1020 interface eth0.1018 interface eth0.1013 interface eth0.1012 interface eth0.1011 interface eth0.1010 interface eth0.1009 interface eth0.1006 interface eth0.1005 interface eth0.1017 interface eth0.1016 interface eth0.1002 interface eth0.1015 interface eth0.1003 interface eth0.1004 interface eth0.1007 interface eth0.1008 } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ /* Release version: 1.2.5 */