summaryrefslogtreecommitdiff
path: root/smoketest/configs/bgp-rpki
blob: 5588f15c9ddb01d6c4b54e0d3d6535bb0e43cfbb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
interfaces {
    ethernet eth0 {
        address 192.0.2.100/25
        address 2001:db8::ffff/64
    }
    ethernet eth1 {
        address 100.64.0.1/24
    }
    loopback lo {
    }
}
policy {
    route-map ebgp-transit-rpki {
        rule 10 {
            action deny
            match {
                rpki invalid
            }
        }
        rule 20 {
            action permit
            match {
                rpki notfound
            }
            set {
                local-preference 20
            }
        }
        rule 30 {
            action permit
            match {
                rpki valid
            }
            set {
                local-preference 100
            }
        }
        rule 40 {
            action permit
            set {
                extcommunity-rt 192.0.2.100:100
                extcommunity-soo 64500:100
            }
        }
    }
}
protocols {
    bgp 64500 {
        neighbor 1.2.3.4 {
            address-family {
                ipv4-unicast {
                    nexthop-self {
                    }
                    route-map {
                        import ebgp-transit-rpki
                    }
                }
            }
            remote-as 10
        }
    }
    rpki {
        cache routinator {
            address 192.0.2.10
            port 3323
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop 192.0.2.1 {
            }
        }
        route6 ::/0 {
            next-hop 2001:db8::1 {
            }
        }
    }
}
service {
    ssh {
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
                plaintext-password ""
            }
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}


// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@13:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@19:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1"
// Release version: 1.3-rolling-202010241631