interfaces { ethernet eth0 { address 192.0.2.100/25 address 2001:db8:aaaa::ffff/64 } ethernet eth1 { address 192.0.2.200/25 address 2001:db8:bbbb::ffff/64 } loopback lo { } } policy { as-path-list bogon-asns { rule 10 { action permit description "RFC 7607" regex _0_ } rule 20 { action permit description "RFC 4893" regex _23456_ } rule 30 { action permit description "RFC 5398/6996/7300" regex _6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_ } rule 40 { action permit description "IANA reserved" regex _6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_ } } prefix-list bogon-v4 { rule 10 { action permit le 32 prefix 0.0.0.0/8 } rule 20 { action permit le 32 prefix 10.0.0.0/8 } rule 30 { action permit le 32 prefix 100.64.0.0/10 } rule 40 { action permit le 32 prefix 127.0.0.0/8 } rule 50 { action permit le 32 prefix 169.254.0.0/16 } rule 60 { action permit le 32 prefix 172.16.0.0/12 } rule 70 { action permit le 32 prefix 192.0.2.0/24 } rule 80 { action permit le 32 prefix 192.88.99.0/24 } rule 90 { action permit le 32 prefix 192.168.0.0/16 } rule 100 { action permit le 32 prefix 198.18.0.0/15 } rule 110 { action permit le 32 prefix 198.51.100.0/24 } rule 120 { action permit le 32 prefix 203.0.113.0/24 } rule 130 { action permit le 32 prefix 224.0.0.0/4 } rule 140 { action permit le 32 prefix 240.0.0.0/4 } } prefix-list IX-out-v4 { rule 10 { action permit prefix 10.0.0.0/23 } rule 20 { action permit prefix 10.0.128.0/23 } } prefix-list prefix-filter-v4 { rule 10 { action permit ge 25 prefix 0.0.0.0/0 } } prefix-list6 bogon-v6 { rule 10 { action permit description "RFC 4291 IPv4-compatible, loopback, et al" le 128 prefix ::/8 } rule 20 { action permit description "RFC 6666 Discard-Only" le 128 prefix 0100::/64 } rule 30 { action permit description "RFC 5180 BMWG" le 128 prefix 2001:2::/48 } rule 40 { action permit description "RFC 4843 ORCHID" le 128 prefix 2001:10::/28 } rule 50 { action permit description "RFC 3849 documentation" le 128 prefix 2001:db8::/32 } rule 60 { action permit description "RFC 7526 6to4 anycast relay" le 128 prefix 2002::/16 } rule 70 { action permit description "RFC 3701 old 6bone" le 128 prefix 3ffe::/16 } rule 80 { action permit description "RFC 4193 unique local unicast" le 128 prefix fc00::/7 } rule 90 { action permit description "RFC 4291 link local unicast" le 128 prefix fe80::/10 } rule 100 { action permit description "RFC 3879 old site local unicast" le 128 prefix fec0::/10 } rule 110 { action permit description "RFC 4291 multicast" le 128 prefix ff00::/8 } } prefix-list6 prefix-filter-v6 { rule 10 { action permit ge 49 prefix ::/0 } } prefix-list6 IX-out-v6 { rule 10 { action permit prefix 2001:db8:100::/40 } rule 20 { action permit prefix 2001:db8:200::/40 } } route-map eBGP-IN-v4 { rule 10 { action deny match { as-path bogon-asns } } rule 20 { action deny match { ip { address { prefix-list bogon-v4 } } } } rule 30 { action deny match { ip { address { prefix-list prefix-filter-v4 } } } } rule 40 { action permit set { local-preference 100 metric 0 } } } route-map eBGP-IN-v6 { rule 10 { action deny match { as-path bogon-asns } } rule 20 { action deny match { ipv6 { address { prefix-list bogon-v6 } } } } rule 30 { action deny match { ipv6 { address { prefix-list prefix-filter-v6 } } } } rule 31 { action deny match { ipv6 { nexthop 2001:db8::1 } } } rule 40 { action permit set { local-preference 100 metric 0 } } } route-map IX-in-v4 { rule 5 { action permit call eBGP-IN-v4 on-match { next } } rule 10 { action permit } } route-map IX-out-v4 { rule 10 { action permit match { ip { address { prefix-list IX-out-v4 } } } } } route-map IX-in-v6 { rule 5 { action permit call eBGP-IN-v6 on-match { next } } rule 10 { action permit } } route-map IX-out-v6 { rule 10 { action permit match { ipv6 { address { prefix-list IX-out-v6 } } } } } } protocols { bgp 65000 { address-family { ipv4-unicast { network 10.0.0.0/23 { } network 10.0.128.0/23 { } } ipv6-unicast { network 2001:db8:100::/40 { } network 2001:db8:200::/40 { } } } neighbor 192.0.2.1 { description "Peering: IX-1 (Route Server)" peer-group IXPeeringIPv4 remote-as 65020 } neighbor 192.0.2.2 { description "Peering: IX-1 (Route Server)" peer-group IXPeeringIPv4 remote-as 65020 } neighbor 192.0.2.3 { description "Peering: IX-1 (Route Server)" peer-group IXPeeringIPv4 remote-as 65020 } neighbor 192.0.2.129 { description "Peering: IX-2 (Route Server)" peer-group IXPeeringIPv4 remote-as 65030 } neighbor 192.0.2.130 { description "Peering: IX-2 (Route Server)" peer-group IXPeeringIPv4 remote-as 65030 } neighbor 2001:db8:aaaa::1 { description "Peering: IX-1 (Route Server)" peer-group IXPeeringIPv6 remote-as 65020 } neighbor 2001:db8:aaaa::2 { description "Peering: IX-1 (Route Server)" peer-group IXPeeringIPv6 remote-as 65020 } neighbor 2001:db8:bbbb::1 { description "Peering: IX-2 (Route Server)" peer-group IXPeeringIPv6 remote-as 65030 } neighbor 2001:db8:bbbb::2 { description "Peering: IX-2 (Route Server)" peer-group IXPeeringIPv6 remote-as 65030 } parameters { default { no-ipv4-unicast } } peer-group IXPeeringIPv4 { address-family { ipv4-unicast { route-map { export IX-out-v4 } soft-reconfiguration { inbound } } } } peer-group IXPeeringIPv6 { address-family { ipv6-unicast { route-map { export IX-out-v6 } soft-reconfiguration { inbound } } } } } static { route 10.0.0.0/23 { blackhole { distance 250 } } route 10.0.128.0/23 { blackhole { distance 250 } } route6 2001:db8:100::/40 { blackhole { distance 250 } } route6 2001:db8:200::/40 { blackhole { distance 250 } } } } service { ssh { } } system { config-management { commit-revisions 100 } console { device ttyS0 { speed 115200 } } host-name vyos login { user vyos { authentication { encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ plaintext-password "" } } } ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } syslog { global { facility all { level info } facility protocols { level debug } } } } // Warning: Do not remove the following line. // vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@13:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@19:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1" // Release version: 1.3-rolling-202010241631