smoketest/configs/rpki-only


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

interfaces {
    ethernet eth0 {
        duplex auto
        speed auto
        address 192.0.2.1/24
        address 2001:db8::1/64
    }
    loopback lo {
    }
}
policy {
    route-map ROUTES-IN {
        rule 10 {
            action permit
            match {
                rpki valid
            }
            set {
                local-preference 300
            }
        }
        rule 20 {
            action permit
            match {
                rpki notfound
            }
            set {
                local-preference 125
            }
        }
        rule 30 {
            action deny
            match {
                rpki invalid
            }
        }
    }
}
protocols {
    bgp 100 {
        neighbor 192.0.2.200 {
            address-family {
                ipv4-unicast {
                    route-map {
                        import ROUTES-IN
                    }
                }
            }
            remote-as 200
        }
        neighbor 2001:db8::200 {
            address-family {
                ipv6-unicast {
                    route-map {
                        import ROUTES-IN
                    }
                }
            }
            remote-as 200
        }
    }
    rpki {
        cache 1.2.3.4 {
            port 3323
            preference 10
        }
        cache 5.6.7.8 {
            port 2222
            preference 20
            ssh {
                known-hosts-file "/config/known-hosts-file"
                private-key-file "/config/id_rsa"
                public-key-file "/config/id_rsa.pub"
                username vyos
            }
        }
    }
}
system {
    config-management {
        commit-revisions 200
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
                plaintext-password ""
            }
        }
    }
    syslog {
        global {
            facility all {
                level debug
            }
            facility protocols {
                level debug
            }
        }
    }
}

// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.3.5