From ceb9be5c595c7eab04ad2518a150c586a3350acc Mon Sep 17 00:00:00 2001 From: Maxime H Date: Sun, 18 Jul 2021 13:58:42 +0000 Subject: [PATCH] Complete reconfiguration --- configuration | 859 ++++++++++++++++++++++++-------------------------- 1 file changed, 411 insertions(+), 448 deletions(-) diff --git a/configuration b/configuration index b9dcd89..19c7549 100644 --- a/configuration +++ b/configuration @@ -1,451 +1,414 @@ interfaces { - ethernet eth0 { - address 5.196.146.57/24 - } - loopback lo { - } - tunnel tun0 { - address 2a09:4c0:1e0:ce::2/64 - description "Upstream - Securebit" - encapsulation sit - multicast disable - remote 94.177.122.249 - source-address 5.196.146.57 - } - tunnel tun1 { - address 2602:feda:3:4f::2/64 - description "Upstream - Nato" - encapsulation sit - multicast disable - remote 45.152.127.173 - source-address 5.196.146.57 - } - tunnel tun2 { - address 2a01:20e:1001:115::2/64 - description "Upstream - Openfactory" - encapsulation gre - multicast disable - remote 45.92.40.8 - source-address 5.196.146.57 - } - tunnel tun3 { - address 2a0c:b641:7c0:ee::75/127 - description "Upstream - Gregory Falla" - encapsulation gre - multicast disable - remote 194.28.98.75 - source-address 5.196.146.57 - } - tunnel tun4 { - address 2a0c:9a40:100f:4c1::2/64 - description "Upstream - iFog" - encapsulation gre - multicast disable - remote 193.148.249.44 - source-address 5.196.146.57 - } - tunnel tun5 { - address 2a0e:97c0:210::212:224:262/126 - description "Upstream - C1VHosting" - encapsulation gre - multicast disable - remote 152.89.170.250 - source-address 5.196.146.57 - } - tunnel tun7 { - address 2a0e:46c4:102::212:756:1/64 - description "IX - PyramIX" - encapsulation gretap - multicast disable - remote 91.201.67.183 - source-address 5.196.146.57 - } - tunnel tun10 { - address 2a0c:b641:4c0:8::1:1/124 - description "Core - Mar1" - encapsulation gre - multicast disable - remote MAR1 - source-address 5.196.146.57 - } - tunnel tun11 { - address 2a0c:b641:4c0:8::2:1/124 - description "Core - Mar2" - encapsulation gre - multicast disable - remote MAR2 - source-address 5.196.146.57 - } - tunnel tun12 { - address 2a0c:b641:4c0:8::3:1/124 - description "Core - MAR3" - encapsulation gre - multicast disable - remote MAR3 - source-address 5.196.146.57 - } - vxlan vxlan0 { - address 185.1.125.54/24 - address 2001:7f8:d0::3:3f14:1/48 - mtu 1500 - port 4789 - remote 195.48.40.110 - source-address 5.196.146.57 - vni 75 - } - } - policy { - prefix-list6 as212756 { - description "as212756 - All Out Prefix" - rule 10 { - action permit - prefix 2a0c:b641:4c0::/44 - } - rule 20 { - action permit - prefix 2a0e:b107:fa0::/44 - } - rule 30 { - action deny - prefix ::/0 - } - } - prefix-list6 as212756-cust { - description "as212756 - All Out Prefix + Cust" - rule 10 { - action permit - prefix 2a0c:b641:4c0::/44 - } - rule 20 { - action permit - prefix 2a0e:b107:fa0::/44 - } - rule 40 { - action deny - prefix ::/0 - } - } - prefix-list6 defaultroute { - rule 10 { - action permit - prefix ::/0 - } - } - route-map ROUTES-IN { - rule 10 { - action permit - match { - rpki valid + ethernet eth0 { + address 5.196.146.57/24 + address 2a0c:b641:4c0::1/64 + } + loopback lo { + } + tunnel tun0 { + address 2a09:4c0:57e0:bd::2/64 + description "[upstream] Securebit" + encapsulation sit + multicast disable + remote 185.232.117.249 + source-address 5.196.146.57 + } + tunnel tun1 { + address 2602:feda:3:4f::2/64 + description "[upstream] Nato" + encapsulation sit + multicast disable + remote 45.152.127.173 + source-address 5.196.146.57 + } + tunnel tun2 { + address 2a01:20e:1001:115::2/64 + description "[upstream] Openfactory" + encapsulation gre + multicast disable + remote 45.92.40.8 + source-address 5.196.146.57 + } + tunnel tun3 { + address 2a0c:9a40:100f:4c1::2/64 + description "[upstream] iFog GmbH" + encapsulation gre + multicast disable + remote 193.148.249.44 + source-address 5.196.146.57 + } + tunnel tun4 { + address 2a0c:b641:7c0:ee::75/127 + description "[upstream] Gregory Falla" + encapsulation gre + multicast disable + remote 194.28.98.75 + source-address 5.196.146.57 + } + tunnel tun5 { + address 2a0e:97c0:210::212:224:262/126 + description "[upstream] C1VHosting" + encapsulation gre + multicast disable + remote 152.89.170.250 + source-address 5.196.146.57 + } + tunnel tun6 { + address 2a0e:46c4:102::212:756:1/64 + description "[ix] PyramIX" + encapsulation gretap + multicast disable + remote 91.201.67.183 + source-address 5.196.146.57 + } + tunnel tun11 { + address 2a0c:b641:4c0:8:1::1:1/124 + description "[internal] Core - MAR1" + encapsulation gre + multicast disable + remote 185.73.232.247 + source-address 5.196.146.57 + } + tunnel tun12 { + address 2a0c:b641:4c0:8:1::2:1/124 + description "[internal] Core - MAR2" + encapsulation gre + multicast disable + remote 92.118.96.240 + source-address 5.196.146.57 + } + tunnel tun13 { + address 2a0c:b641:4c0:8:1::3:1/124 + description "[internal] Core - MAR3" + encapsulation gre + multicast disable + remote 92.118.96.113 + source-address 5.196.146.57 + } + tunnel tun14 { + address 2a0c:b641:4c0:8:1::4:1/124 + description "[internal] Edge - PAR1" + encapsulation gre + multicast disable + remote 45.32.150.175 + source-address 5.196.146.57 + } + tunnel tun15 { + address 2a0c:b641:4c0:8:1::5:1/124 + description "[internal] Edge - HAA1" + encapsulation gre + multicast disable + remote 46.148.123.147 + source-address 5.196.146.57 + } +} +policy { + prefix-list6 as-out { + description "as212756 out to upstreams and peering" + rule 5 { + action permit + prefix 2a0c:b641:4c0::/44 + } + rule 10 { + action permit + prefix 2a0e:b107:fa0::/44 + } + rule 15 { + action permit + description "Customer : Matis Gagneux" + prefix 2a0e:8f02:f008::/48 + } + rule 20 { + action deny + prefix ::/0 + } + } + prefix-list6 fullview { + description "Fullview to customers and internal routers" + rule 5 { + action permit + prefix ::/0 + } + } +} +protocols { + bgp 212756 { + address-family { + ipv6-unicast { + network 2a0c:b641:4c0::/44 { + } + network 2a0e:b107:fa0::/44 { + } + } + } + neighbor 2a0c:9a40:100f:4c1::1 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[upstream] iFog GmbH" + ebgp-multihop 255 + remote-as 34927 + } + neighbor 2a0c:b641:4c0:8:1::1:2 { + address-family { + ipv6-unicast { + nexthop-self { + } + soft-reconfiguration { + inbound + } + } + } + description "[internal] Core - MAR1" + remote-as 212756 + } + neighbor 2a0c:b641:4c0:8:1::2:2 { + address-family { + ipv6-unicast { + nexthop-self { + } + soft-reconfiguration { + inbound + } + } + } + description "[internal] Core - MAR2" + remote-as 212756 + } + neighbor 2a0c:b641:4c0:8:1::3:2 { + address-family { + ipv6-unicast { + nexthop-self { + } + soft-reconfiguration { + inbound + } + } + } + description "[internal] Core - MAR3" + remote-as 212756 + } + neighbor 2a0c:b641:4c0:8:1::4:2 { + address-family { + ipv6-unicast { + nexthop-self { + } + soft-reconfiguration { + inbound + } + } } - set { - local-preference 300 - } - } - rule 20 { - action permit - match { - rpki notfound - } - set { - local-preference 125 - } - } - rule 30 { - action deny - match { - rpki invalid - } - } - } - route-map defaultroute { - rule 10 { - action permit - match { - ipv6 { - address { - prefix-list defaultroute - } - } - } - } - } - } - protocols { - bgp 212756 { - address-family { - ipv6-unicast { - network 2a0c:b641:4c0::/44 { - } - } - } - neighbor 185.44.81.150 { - address-family { - ipv4-unicast { - soft-reconfiguration { - inbound - } - } - ipv6-unicast { - soft-reconfiguration { - inbound - } - } - } - ebgp-multihop 255 - remote-as 212504 - } - neighbor 2a0c:b641:4c0:8::1:2 { - address-family { - ipv6-unicast { - nexthop-self { - } - soft-reconfiguration { - inbound - } - } - } - description "Member - MAR1" + description "[internal] Edge - PAR1" remote-as 212756 - } - neighbor 2a0c:b641:4c0:8::2:2 { - address-family { - ipv6-unicast { - nexthop-self { - } - soft-reconfiguration { - inbound - } - } - } - description "Member - MAR2" - remote-as 212756 - } - neighbor 2a0c:b641:4c0:8::3:2 { - address-family { - ipv6-unicast { - nexthop-self { - } - soft-reconfiguration { - inbound - } - } - } - description "Member - MAR3" - remote-as 212756 - } - neighbor 2a0c:b641:7c0:ee::74 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "Upstream - Gregory Falla" - ebgp-multihop 255 - remote-as 206639 - } - neighbor 2a0e:46c4:102::1 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "PyramIX - RSv6 1" - ebgp-multihop 255 - remote-as 141702 - } - neighbor 2a0e:46c4:102::2 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "PyramIX - RSv6 2" - ebgp-multihop 255 - remote-as 141702 - } - neighbor 2a0e:97c0:210::212:224:261 { - address-family { - ipv6-unicast { - prefix-list { - export as212756-cust - } - soft-reconfiguration { - inbound - } - } - } - description "Upstream - C1VHosting" - ebgp-multihop 255 - remote-as 212271 - } - neighbor 2a01:20e:1001:115::1 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "Upstream - Openfactory GmbH" - ebgp-multihop 255 - remote-as 41051 - } - neighbor 2a09:4c0:1e0:ce::1 { - address-family { - ipv6-unicast { - prefix-list { - export as212756-cust - } - soft-reconfiguration { - inbound - } - } - } - description "Upstream - Securebit" - ebgp-multihop 255 - remote-as 58057 - } - neighbor 2001:7f8:d0:b901::7d01 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "4IXP - RSv6 1" - remote-as 35708 - } - neighbor 2001:7f8:d0:b901::7d02 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "4IXP - RSv6 2" - remote-as 35708 - } - neighbor 2001:7f8:d0:b901::7d03 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "4IXP - RSv6 3" - remote-as 35708 - } - neighbor 2602:feda:3:4f::1 { - address-family { - ipv6-unicast { - prefix-list { - export as212756 - } - soft-reconfiguration { - inbound - } - } - } - description "Upstream - Nato" - ebgp-multihop 255 - remote-as 46997 - } - } - static { - route 0.0.0.0/0 { - next-hop 5.196.146.254 { - } - } - route6 2a0c:b641:4c2::/48 { - next-hop 2a0c:b641:4c0:8::2:2 { - } - } - } - } - service { - ssh { - port 22 - } - } - system { - config-management { - commit-revisions 100 - } - console { - device ttyS0 { - speed 115200 - } - } - domain-name as212756.net - host-name edge.par1 - login { - user maximehl { - authentication { - encrypted-password Password - } - full-name "Maxime Hillebrand-Lambert" - } - user valentinp { - authentication { - encrypted-password Password - } - full-name "Valentin Puccetti" - } - } - name-server 1.1.1.1 - name-server 1.0.0.1 - name-server 8.8.8.8 - name-server 8.8.4.4 - name-server 2001:4860:4860::8888 - name-server 2001:4860:4860::8844 - name-server 2606:4700:4700::1111 - name-server 2606:4700:4700::1001 - ntp { - server 0.pool.ntp.org { - } - server 1.pool.ntp.org { - } - server 2.pool.ntp.org { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } - } + } + neighbor 2a0c:b641:4c0:8:1::5:2 { + address-family { + ipv6-unicast { + nexthop-self { + } + soft-reconfiguration { + inbound + } + } + } + description "[internal] Edge - HAA1" + remote-as 212756 + shutdown + } + neighbor 2a0c:b641:7c0:ee::74 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[upstream] Gregory Falla" + ebgp-multihop 255 + remote-as 206639 + } + neighbor 2a0e:46c4:102::1 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[ix] PyramIX - RS1" + ebgp-multihop 255 + remote-as 141702 + } + neighbor 2a0e:46c4:102::2 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[ix] PyramIX - RS2" + ebgp-multihop 255 + remote-as 141702 + } + neighbor 2a0e:97c0:210::212:224:261 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[upstream] C1VHosting" + ebgp-multihop 255 + remote-as 212271 + } + neighbor 2a01:20e:1001:115::1 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[upstream] Openfactory" + ebgp-multihop 255 + remote-as 41051 + } + neighbor 2a09:4c0:57e0:bd::1 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[upstream] Securebit" + ebgp-multihop 255 + remote-as 58057 + } + neighbor 2602:feda:3:4f::1 { + address-family { + ipv6-unicast { + prefix-list { + export as-out + } + soft-reconfiguration { + inbound + } + } + } + description "[upstream] Nato" + ebgp-multihop 255 + remote-as 46997 + } + parameters { + bestpath { + as-path { + confed + } + } + default { + no-ipv4-unicast + } + graceful-restart { + stalepath-time 60 + } + log-neighbor-changes + router-id 5.196.146.57 + } + } + static { + route 0.0.0.0/0 { + next-hop 5.196.146.254 { + } + } + route6 2a0c:b641:4c2::/48 { + next-hop 2a0c:b641:4c0:8:1:0:2:2 { + } + } + } +} +service { + ssh { + } +} +system { + config-management { + commit-revisions 100 + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name as212756.net + host-name vyos.edge.gra1 + login { + banner { + pre-login | + } + user lynqo_noc { + authentication { + encrypted-password + public-keys pubkey { + key AAAAB3N[..]ZIyUgqbz8= + type ssh-rsa + } + } + full-name "Lynqo - Network Operations Center" + } + } + name-server 1.1.1.1 + name-server 1.0.0.1 + name-server 8.8.8.8 + name-server 8.8.4.4 + name-server 2001:4860:4860::8888 + name-server 2001:4860:4860::8844 + name-server 2606:4700:4700::1111 + name-server 2606:4700:4700::1001 + ntp { + server 0.pool.ntp.org { + } + server 1.pool.ntp.org { + } + server 2.pool.ntp.org { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } + time-zone Europe/Paris +}