Lynqo
/
vyos.edge.gra1
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Complete reconfiguration

master
Maxime H. 2021-07-18 13:58:42 +00:00
parent 32b1d6a5ef
commit ceb9be5c59
1 changed files with 411 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

331
configuration
View File

@ -1,20 +1,21 @@
interfaces { interfaces {
ethernet eth0 { ethernet eth0 {
address 5.196.146.57/24 address 5.196.146.57/24
address 2a0c:b641:4c0::1/64
} }
loopback lo { loopback lo {
} }
tunnel tun0 { tunnel tun0 {
address 2a09:4c0:1e0:ce::2/64 address 2a09:4c0:57e0:bd::2/64
description "Upstream - Securebit" description "[upstream] Securebit"
encapsulation sit encapsulation sit
multicast disable multicast disable
remote 94.177.122.249 remote 185.232.117.249
source-address 5.196.146.57 source-address 5.196.146.57
} }
tunnel tun1 { tunnel tun1 {
address 2602:feda:3:4f::2/64 address 2602:feda:3:4f::2/64
description "Upstream - Nato" description "[upstream] Nato"
encapsulation sit encapsulation sit
multicast disable multicast disable
remote 45.152.127.173 remote 45.152.127.173
@ -22,179 +23,140 @@ interfaces {
} }
tunnel tun2 { tunnel tun2 {
address 2a01:20e:1001:115::2/64 address 2a01:20e:1001:115::2/64
description "Upstream - Openfactory" description "[upstream] Openfactory"
encapsulation gre encapsulation gre
multicast disable multicast disable
remote 45.92.40.8 remote 45.92.40.8
source-address 5.196.146.57 source-address 5.196.146.57
} }
tunnel tun3 { tunnel tun3 {
address 2a0c:b641:7c0:ee::75/127
description "Upstream - Gregory Falla"
encapsulation gre
multicast disable
remote 194.28.98.75
source-address 5.196.146.57
}
tunnel tun4 {
address 2a0c:9a40:100f:4c1::2/64 address 2a0c:9a40:100f:4c1::2/64
description "Upstream - iFog" description "[upstream] iFog GmbH"
encapsulation gre encapsulation gre
multicast disable multicast disable
remote 193.148.249.44 remote 193.148.249.44
source-address 5.196.146.57 source-address 5.196.146.57
} }
tunnel tun4 {
address 2a0c:b641:7c0:ee::75/127
description "[upstream] Gregory Falla"
encapsulation gre
multicast disable
remote 194.28.98.75
source-address 5.196.146.57
}
tunnel tun5 { tunnel tun5 {
address 2a0e:97c0:210::212:224:262/126 address 2a0e:97c0:210::212:224:262/126
description "Upstream - C1VHosting" description "[upstream] C1VHosting"
encapsulation gre encapsulation gre
multicast disable multicast disable
remote 152.89.170.250 remote 152.89.170.250
source-address 5.196.146.57 source-address 5.196.146.57
} }
tunnel tun7 { tunnel tun6 {
address 2a0e:46c4:102::212:756:1/64 address 2a0e:46c4:102::212:756:1/64
description "IX - PyramIX" description "[ix] PyramIX"
encapsulation gretap encapsulation gretap
multicast disable multicast disable
remote 91.201.67.183 remote 91.201.67.183
source-address 5.196.146.57 source-address 5.196.146.57
} }
tunnel tun10 {
address 2a0c:b641:4c0:8::1:1/124
description "Core - Mar1"
encapsulation gre
multicast disable
remote MAR1
source-address 5.196.146.57
}
tunnel tun11 { tunnel tun11 {
address 2a0c:b641:4c0:8::2:1/124 address 2a0c:b641:4c0:8:1::1:1/124
description "Core - Mar2" description "[internal] Core - MAR1"
encapsulation gre encapsulation gre
multicast disable multicast disable
remote MAR2 remote 185.73.232.247
source-address 5.196.146.57 source-address 5.196.146.57
} }
tunnel tun12 { tunnel tun12 {
address 2a0c:b641:4c0:8::3:1/124 address 2a0c:b641:4c0:8:1::2:1/124
description "Core - MAR3" description "[internal] Core - MAR2"
encapsulation gre encapsulation gre
multicast disable multicast disable
remote MAR3 remote 92.118.96.240
source-address 5.196.146.57 source-address 5.196.146.57
} }
vxlan vxlan0 { tunnel tun13 {
address 185.1.125.54/24 address 2a0c:b641:4c0:8:1::3:1/124
address 2001:7f8:d0::3:3f14:1/48 description "[internal] Core - MAR3"
mtu 1500 encapsulation gre
port 4789 multicast disable
remote 195.48.40.110 remote 92.118.96.113
source-address 5.196.146.57 source-address 5.196.146.57
vni 75
} }
tunnel tun14 {
address 2a0c:b641:4c0:8:1::4:1/124
description "[internal] Edge - PAR1"
encapsulation gre
multicast disable
remote 45.32.150.175
source-address 5.196.146.57
} }
policy { tunnel tun15 {
prefix-list6 as212756 { address 2a0c:b641:4c0:8:1::5:1/124
description "as212756 - All Out Prefix" description "[internal] Edge - HAA1"
rule 10 { encapsulation gre
multicast disable
remote 46.148.123.147
source-address 5.196.146.57
}
}
policy {
prefix-list6 as-out {
description "as212756 out to upstreams and peering"
rule 5 {
action permit action permit
prefix 2a0c:b641:4c0::/44 prefix 2a0c:b641:4c0::/44
} }
rule 20 { rule 10 {
action permit action permit
prefix 2a0e:b107:fa0::/44 prefix 2a0e:b107:fa0::/44
} }
rule 30 { rule 15 {
action deny
prefix ::/0
}
}
prefix-list6 as212756-cust {
description "as212756 - All Out Prefix + Cust"
rule 10 {
action permit action permit
prefix 2a0c:b641:4c0::/44 description "Customer : Matis Gagneux"
prefix 2a0e:8f02:f008::/48
} }
rule 20 { rule 20 {
action permit
prefix 2a0e:b107:fa0::/44
}
rule 40 {
action deny action deny
prefix ::/0 prefix ::/0
} }
} }
prefix-list6 defaultroute { prefix-list6 fullview {
rule 10 { description "Fullview to customers and internal routers"
rule 5 {
action permit action permit
prefix ::/0 prefix ::/0
} }
} }
route-map ROUTES-IN { }
rule 10 { protocols {
action permit
match {
rpki valid
}
set {
local-preference 300
}
}
rule 20 {
action permit
match {
rpki notfound
}
set {
local-preference 125
}
}
rule 30 {
action deny
match {
rpki invalid
}
}
}
route-map defaultroute {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list defaultroute
}
}
}
}
}
}
protocols {
bgp 212756 { bgp 212756 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
network 2a0c:b641:4c0::/44 { network 2a0c:b641:4c0::/44 {
} }
network 2a0e:b107:fa0::/44 {
} }
} }
neighbor 185.44.81.150 { }
neighbor 2a0c:9a40:100f:4c1::1 {
address-family { address-family {
ipv4-unicast {
soft-reconfiguration {
inbound
}
}
ipv6-unicast { ipv6-unicast {
prefix-list {
export as-out
}
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "[upstream] iFog GmbH"
ebgp-multihop 255 ebgp-multihop 255
remote-as 212504 remote-as 34927
} }
neighbor 2a0c:b641:4c0:8::1:2 { neighbor 2a0c:b641:4c0:8:1::1:2 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
nexthop-self { nexthop-self {
@ -204,10 +166,10 @@ interfaces {
} }
} }
} }
description "Member - MAR1" description "[internal] Core - MAR1"
remote-as 212756 remote-as 212756
} }
neighbor 2a0c:b641:4c0:8::2:2 { neighbor 2a0c:b641:4c0:8:1::2:2 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
nexthop-self { nexthop-self {
@ -217,10 +179,10 @@ interfaces {
} }
} }
} }
description "Member - MAR2" description "[internal] Core - MAR2"
remote-as 212756 remote-as 212756
} }
neighbor 2a0c:b641:4c0:8::3:2 { neighbor 2a0c:b641:4c0:8:1::3:2 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
nexthop-self { nexthop-self {
@ -230,21 +192,48 @@ interfaces {
} }
} }
} }
description "Member - MAR3" description "[internal] Core - MAR3"
remote-as 212756 remote-as 212756
} }
neighbor 2a0c:b641:4c0:8:1::4:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Edge - PAR1"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8:1::5:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Edge - HAA1"
remote-as 212756
shutdown
}
neighbor 2a0c:b641:7c0:ee::74 { neighbor 2a0c:b641:7c0:ee::74 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756 export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "Upstream - Gregory Falla" description "[upstream] Gregory Falla"
ebgp-multihop 255 ebgp-multihop 255
remote-as 206639 remote-as 206639
} }
@ -252,14 +241,14 @@ interfaces {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756 export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "PyramIX - RSv6 1" description "[ix] PyramIX - RS1"
ebgp-multihop 255 ebgp-multihop 255
remote-as 141702 remote-as 141702
} }
@ -267,14 +256,14 @@ interfaces {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756 export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "PyramIX - RSv6 2" description "[ix] PyramIX - RS2"
ebgp-multihop 255 ebgp-multihop 255
remote-as 141702 remote-as 141702
} }
@ -282,14 +271,14 @@ interfaces {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756-cust export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "Upstream - C1VHosting" description "[upstream] C1VHosting"
ebgp-multihop 255 ebgp-multihop 255
remote-as 212271 remote-as 212271
} }
@ -297,89 +286,62 @@ interfaces {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756 export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "Upstream - Openfactory GmbH" description "[upstream] Openfactory"
ebgp-multihop 255 ebgp-multihop 255
remote-as 41051 remote-as 41051
} }
neighbor 2a09:4c0:1e0:ce::1 { neighbor 2a09:4c0:57e0:bd::1 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756-cust export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "Upstream - Securebit" description "[upstream] Securebit"
ebgp-multihop 255 ebgp-multihop 255
remote-as 58057 remote-as 58057
} }
neighbor 2001:7f8:d0:b901::7d01 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
}
soft-reconfiguration {
inbound
}
}
}
description "4IXP - RSv6 1"
remote-as 35708
}
neighbor 2001:7f8:d0:b901::7d02 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
}
soft-reconfiguration {
inbound
}
}
}
description "4IXP - RSv6 2"
remote-as 35708
}
neighbor 2001:7f8:d0:b901::7d03 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
}
soft-reconfiguration {
inbound
}
}
}
description "4IXP - RSv6 3"
remote-as 35708
}
neighbor 2602:feda:3:4f::1 { neighbor 2602:feda:3:4f::1 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
prefix-list { prefix-list {
export as212756 export as-out
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "Upstream - Nato" description "[upstream] Nato"
ebgp-multihop 255 ebgp-multihop 255
remote-as 46997 remote-as 46997
} }
parameters {
bestpath {
as-path {
confed
}
}
default {
no-ipv4-unicast
}
graceful-restart {
stalepath-time 60
}
log-neighbor-changes
router-id 5.196.146.57
}
} }
static { static {
route 0.0.0.0/0 { route 0.0.0.0/0 {
@ -387,17 +349,16 @@ interfaces {
} }
} }
route6 2a0c:b641:4c2::/48 { route6 2a0c:b641:4c2::/48 {
next-hop 2a0c:b641:4c0:8::2:2 { next-hop 2a0c:b641:4c0:8:1:0:2:2 {
} }
} }
} }
} }
service { service {
ssh { ssh {
port 22
} }
} }
system { system {
config-management { config-management {
commit-revisions 100 commit-revisions 100
} }
@ -407,19 +368,20 @@ interfaces {
} }
} }
domain-name as212756.net domain-name as212756.net
host-name edge.par1 host-name vyos.edge.gra1
login { login {
user maximehl { banner {
pre-login |
}
user lynqo_noc {
authentication { authentication {
encrypted-password Password encrypted-password <A WONDERFUL PASSWORD>
public-keys pubkey {
key AAAAB3N[..]ZIyUgqbz8=
type ssh-rsa
} }
full-name "Maxime Hillebrand-Lambert"
} }
user valentinp { full-name "Lynqo - Network Operations Center"
authentication {
encrypted-password Password
}
full-name "Valentin Puccetti"
} }
} }
name-server 1.1.1.1 name-server 1.1.1.1
@ -448,4 +410,5 @@ interfaces {
} }
} }
} }
} time-zone Europe/Paris
}