blob: a9dce4dd56c3b397c91ce054e99dffd7ae88b460 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
set interfaces ethernet eth0 address '192.0.2.100/25'
set interfaces ethernet eth0 address '2001:db8:aaaa::ffff/64'
set interfaces ethernet eth1 address '192.0.2.200/25'
set interfaces ethernet eth1 address '2001:db8:bbbb::ffff/64'
set interfaces loopback lo
set policy as-path-list bogon-asns rule 10 action 'permit'
set policy as-path-list bogon-asns rule 10 description 'RFC 7607'
set policy as-path-list bogon-asns rule 10 regex '_0_'
set policy as-path-list bogon-asns rule 20 action 'permit'
set policy as-path-list bogon-asns rule 20 description 'RFC 4893'
set policy as-path-list bogon-asns rule 20 regex '_23456_'
set policy as-path-list bogon-asns rule 30 action 'permit'
set policy as-path-list bogon-asns rule 30 description 'RFC 5398/6996/7300'
set policy as-path-list bogon-asns rule 30 regex '_6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_'
set policy as-path-list bogon-asns rule 40 action 'permit'
set policy as-path-list bogon-asns rule 40 description 'IANA reserved'
set policy as-path-list bogon-asns rule 40 regex '_6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_'
set policy prefix-list IX-out-v4 rule 10 action 'permit'
set policy prefix-list IX-out-v4 rule 10 prefix '10.0.0.0/23'
set policy prefix-list IX-out-v4 rule 20 action 'permit'
set policy prefix-list IX-out-v4 rule 20 prefix '10.0.128.0/23'
set policy prefix-list bogon-v4 rule 10 action 'permit'
set policy prefix-list bogon-v4 rule 10 le '32'
set policy prefix-list bogon-v4 rule 10 prefix '0.0.0.0/8'
set policy prefix-list bogon-v4 rule 20 action 'permit'
set policy prefix-list bogon-v4 rule 20 le '32'
set policy prefix-list bogon-v4 rule 20 prefix '10.0.0.0/8'
set policy prefix-list bogon-v4 rule 30 action 'permit'
set policy prefix-list bogon-v4 rule 30 le '32'
set policy prefix-list bogon-v4 rule 30 prefix '100.64.0.0/10'
set policy prefix-list bogon-v4 rule 40 action 'permit'
set policy prefix-list bogon-v4 rule 40 le '32'
set policy prefix-list bogon-v4 rule 40 prefix '127.0.0.0/8'
set policy prefix-list bogon-v4 rule 50 action 'permit'
set policy prefix-list bogon-v4 rule 50 le '32'
set policy prefix-list bogon-v4 rule 50 prefix '169.254.0.0/16'
set policy prefix-list bogon-v4 rule 60 action 'permit'
set policy prefix-list bogon-v4 rule 60 le '32'
set policy prefix-list bogon-v4 rule 60 prefix '172.16.0.0/12'
set policy prefix-list bogon-v4 rule 70 action 'permit'
set policy prefix-list bogon-v4 rule 70 le '32'
set policy prefix-list bogon-v4 rule 70 prefix '192.0.2.0/24'
set policy prefix-list bogon-v4 rule 80 action 'permit'
set policy prefix-list bogon-v4 rule 80 le '32'
set policy prefix-list bogon-v4 rule 80 prefix '192.88.99.0/24'
set policy prefix-list bogon-v4 rule 90 action 'permit'
set policy prefix-list bogon-v4 rule 90 le '32'
set policy prefix-list bogon-v4 rule 90 prefix '192.168.0.0/16'
set policy prefix-list bogon-v4 rule 100 action 'permit'
set policy prefix-list bogon-v4 rule 100 le '32'
set policy prefix-list bogon-v4 rule 100 prefix '198.18.0.0/15'
set policy prefix-list bogon-v4 rule 110 action 'permit'
set policy prefix-list bogon-v4 rule 110 le '32'
set policy prefix-list bogon-v4 rule 110 prefix '198.51.100.0/24'
set policy prefix-list bogon-v4 rule 120 action 'permit'
set policy prefix-list bogon-v4 rule 120 le '32'
set policy prefix-list bogon-v4 rule 120 prefix '203.0.113.0/24'
set policy prefix-list bogon-v4 rule 130 action 'permit'
set policy prefix-list bogon-v4 rule 130 le '32'
set policy prefix-list bogon-v4 rule 130 prefix '224.0.0.0/4'
set policy prefix-list bogon-v4 rule 140 action 'permit'
set policy prefix-list bogon-v4 rule 140 le '32'
set policy prefix-list bogon-v4 rule 140 prefix '240.0.0.0/4'
set policy prefix-list prefix-filter-v4 rule 10 action 'permit'
set policy prefix-list prefix-filter-v4 rule 10 ge '25'
set policy prefix-list prefix-filter-v4 rule 10 prefix '0.0.0.0/0'
set policy prefix-list6 IX-out-v6 rule 10 action 'permit'
set policy prefix-list6 IX-out-v6 rule 10 prefix '2001:db8:100::/40'
set policy prefix-list6 IX-out-v6 rule 20 action 'permit'
set policy prefix-list6 IX-out-v6 rule 20 prefix '2001:db8:200::/40'
set policy prefix-list6 bogon-v6 rule 10 action 'permit'
set policy prefix-list6 bogon-v6 rule 10 description 'RFC 4291 IPv4-compatible, loopback, et al'
set policy prefix-list6 bogon-v6 rule 10 le '128'
set policy prefix-list6 bogon-v6 rule 10 prefix '::/8'
set policy prefix-list6 bogon-v6 rule 20 action 'permit'
set policy prefix-list6 bogon-v6 rule 20 description 'RFC 6666 Discard-Only'
set policy prefix-list6 bogon-v6 rule 20 le '128'
set policy prefix-list6 bogon-v6 rule 20 prefix '0100::/64'
set policy prefix-list6 bogon-v6 rule 30 action 'permit'
set policy prefix-list6 bogon-v6 rule 30 description 'RFC 5180 BMWG'
set policy prefix-list6 bogon-v6 rule 30 le '128'
set policy prefix-list6 bogon-v6 rule 30 prefix '2001:2::/48'
set policy prefix-list6 bogon-v6 rule 40 action 'permit'
set policy prefix-list6 bogon-v6 rule 40 description 'RFC 4843 ORCHID'
set policy prefix-list6 bogon-v6 rule 40 le '128'
set policy prefix-list6 bogon-v6 rule 40 prefix '2001:10::/28'
set policy prefix-list6 bogon-v6 rule 50 action 'permit'
set policy prefix-list6 bogon-v6 rule 50 description 'RFC 3849 documentation'
set policy prefix-list6 bogon-v6 rule 50 le '128'
set policy prefix-list6 bogon-v6 rule 50 prefix '2001:db8::/32'
set policy prefix-list6 bogon-v6 rule 60 action 'permit'
set policy prefix-list6 bogon-v6 rule 60 description 'RFC 7526 6to4 anycast relay'
set policy prefix-list6 bogon-v6 rule 60 le '128'
set policy prefix-list6 bogon-v6 rule 60 prefix '2002::/16'
set policy prefix-list6 bogon-v6 rule 70 action 'permit'
set policy prefix-list6 bogon-v6 rule 70 description 'RFC 3701 old 6bone'
set policy prefix-list6 bogon-v6 rule 70 le '128'
set policy prefix-list6 bogon-v6 rule 70 prefix '3ffe::/16'
set policy prefix-list6 bogon-v6 rule 80 action 'permit'
set policy prefix-list6 bogon-v6 rule 80 description 'RFC 4193 unique local unicast'
set policy prefix-list6 bogon-v6 rule 80 le '128'
set policy prefix-list6 bogon-v6 rule 80 prefix 'fc00::/7'
set policy prefix-list6 bogon-v6 rule 90 action 'permit'
set policy prefix-list6 bogon-v6 rule 90 description 'RFC 4291 link local unicast'
set policy prefix-list6 bogon-v6 rule 90 le '128'
set policy prefix-list6 bogon-v6 rule 90 prefix 'fe80::/10'
set policy prefix-list6 bogon-v6 rule 100 action 'permit'
set policy prefix-list6 bogon-v6 rule 100 description 'RFC 3879 old site local unicast'
set policy prefix-list6 bogon-v6 rule 100 le '128'
set policy prefix-list6 bogon-v6 rule 100 prefix 'fec0::/10'
set policy prefix-list6 bogon-v6 rule 110 action 'permit'
set policy prefix-list6 bogon-v6 rule 110 description 'RFC 4291 multicast'
set policy prefix-list6 bogon-v6 rule 110 le '128'
set policy prefix-list6 bogon-v6 rule 110 prefix 'ff00::/8'
set policy prefix-list6 prefix-filter-v6 rule 10 action 'permit'
set policy prefix-list6 prefix-filter-v6 rule 10 ge '49'
set policy prefix-list6 prefix-filter-v6 rule 10 prefix '::/0'
set policy route-map IX-in-v4 rule 5 action 'permit'
set policy route-map IX-in-v4 rule 5 call 'eBGP-IN-v4'
set policy route-map IX-in-v4 rule 5 on-match next
set policy route-map IX-in-v4 rule 10 action 'permit'
set policy route-map IX-in-v6 rule 5 action 'permit'
set policy route-map IX-in-v6 rule 5 call 'eBGP-IN-v6'
set policy route-map IX-in-v6 rule 5 on-match next
set policy route-map IX-in-v6 rule 10 action 'permit'
set policy route-map IX-out-v4 rule 10 action 'permit'
set policy route-map IX-out-v4 rule 10 match ip address prefix-list 'IX-out-v4'
set policy route-map IX-out-v6 rule 10 action 'permit'
set policy route-map IX-out-v6 rule 10 match ipv6 address prefix-list 'IX-out-v6'
set policy route-map eBGP-IN-v4 rule 10 action 'deny'
set policy route-map eBGP-IN-v4 rule 10 match as-path 'bogon-asns'
set policy route-map eBGP-IN-v4 rule 20 action 'deny'
set policy route-map eBGP-IN-v4 rule 20 match ip address prefix-list 'bogon-v4'
set policy route-map eBGP-IN-v4 rule 30 action 'deny'
set policy route-map eBGP-IN-v4 rule 30 match ip address prefix-list 'prefix-filter-v4'
set policy route-map eBGP-IN-v4 rule 40 action 'permit'
set policy route-map eBGP-IN-v4 rule 40 set local-preference '100'
set policy route-map eBGP-IN-v4 rule 40 set metric '0'
set policy route-map eBGP-IN-v6 rule 10 action 'deny'
set policy route-map eBGP-IN-v6 rule 10 match as-path 'bogon-asns'
set policy route-map eBGP-IN-v6 rule 20 action 'deny'
set policy route-map eBGP-IN-v6 rule 20 match ipv6 address prefix-list 'bogon-v6'
set policy route-map eBGP-IN-v6 rule 30 action 'deny'
set policy route-map eBGP-IN-v6 rule 30 match ipv6 address prefix-list 'prefix-filter-v6'
set policy route-map eBGP-IN-v6 rule 31 action 'deny'
set policy route-map eBGP-IN-v6 rule 31 match ipv6 nexthop address '2001:db8::1'
set policy route-map eBGP-IN-v6 rule 40 action 'permit'
set policy route-map eBGP-IN-v6 rule 40 set local-preference '100'
set policy route-map eBGP-IN-v6 rule 40 set metric '0'
set protocols bgp address-family ipv4-unicast network 10.0.0.0/23
set protocols bgp address-family ipv4-unicast network 10.0.128.0/23
set protocols bgp address-family ipv6-unicast network 2001:db8:100::/40
set protocols bgp address-family ipv6-unicast network 2001:db8:200::/40
set protocols bgp neighbor 192.0.2.1 description 'Peering: IX-1 (Route Server)'
set protocols bgp neighbor 192.0.2.1 peer-group 'IXPeeringIPv4'
set protocols bgp neighbor 192.0.2.1 remote-as '65020'
set protocols bgp neighbor 192.0.2.2 description 'Peering: IX-1 (Route Server)'
set protocols bgp neighbor 192.0.2.2 peer-group 'IXPeeringIPv4'
set protocols bgp neighbor 192.0.2.2 remote-as '65020'
set protocols bgp neighbor 192.0.2.3 description 'Peering: IX-1 (Route Server)'
set protocols bgp neighbor 192.0.2.3 peer-group 'IXPeeringIPv4'
set protocols bgp neighbor 192.0.2.3 remote-as '65020'
set protocols bgp neighbor 192.0.2.129 description 'Peering: IX-2 (Route Server)'
set protocols bgp neighbor 192.0.2.129 peer-group 'IXPeeringIPv4'
set protocols bgp neighbor 192.0.2.129 remote-as '65030'
set protocols bgp neighbor 192.0.2.130 description 'Peering: IX-2 (Route Server)'
set protocols bgp neighbor 192.0.2.130 peer-group 'IXPeeringIPv4'
set protocols bgp neighbor 192.0.2.130 remote-as '65030'
set protocols bgp neighbor 2001:db8:aaaa::1 description 'Peering: IX-1 (Route Server)'
set protocols bgp neighbor 2001:db8:aaaa::1 peer-group 'IXPeeringIPv6'
set protocols bgp neighbor 2001:db8:aaaa::1 remote-as '65020'
set protocols bgp neighbor 2001:db8:aaaa::2 description 'Peering: IX-1 (Route Server)'
set protocols bgp neighbor 2001:db8:aaaa::2 peer-group 'IXPeeringIPv6'
set protocols bgp neighbor 2001:db8:aaaa::2 remote-as '65020'
set protocols bgp neighbor 2001:db8:bbbb::1 description 'Peering: IX-2 (Route Server)'
set protocols bgp neighbor 2001:db8:bbbb::1 peer-group 'IXPeeringIPv6'
set protocols bgp neighbor 2001:db8:bbbb::1 remote-as '65030'
set protocols bgp neighbor 2001:db8:bbbb::2 description 'Peering: IX-2 (Route Server)'
set protocols bgp neighbor 2001:db8:bbbb::2 peer-group 'IXPeeringIPv6'
set protocols bgp neighbor 2001:db8:bbbb::2 remote-as '65030'
set protocols bgp peer-group IXPeeringIPv4 address-family ipv4-unicast route-map export 'IX-out-v4'
set protocols bgp peer-group IXPeeringIPv4 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp peer-group IXPeeringIPv6 address-family ipv6-unicast route-map export 'IX-out-v6'
set protocols bgp peer-group IXPeeringIPv6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp system-as '65000'
set protocols static route 10.0.0.0/23 blackhole distance '250'
set protocols static route 10.0.128.0/23 blackhole distance '250'
set protocols static route6 2001:db8:100::/40 blackhole distance '250'
set protocols static route6 2001:db8:200::/40 blackhole distance '250'
set service ntp allow-client address '0.0.0.0/0'
set service ntp allow-client address '::/0'
set service ntp server 0.pool.ntp.org
set service ntp server 1.pool.ntp.org
set service ntp server 2.pool.ntp.org
set service ssh
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
set system login user vyos authentication plaintext-password ''
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
|