Lynqo
/
vyos.edge.gra1
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Complete reconfiguration

master
Maxime H. 2021-07-18 13:58:42 +00:00
parent 32b1d6a5ef
commit ceb9be5c59
1 changed files with 411 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

859
configuration
View File

@ -1,451 +1,414 @@
interfaces { interfaces {
ethernet eth0 { ethernet eth0 {
address 5.196.146.57/24 address 5.196.146.57/24
} address 2a0c:b641:4c0::1/64
loopback lo { }
} loopback lo {
tunnel tun0 { }
address 2a09:4c0:1e0:ce::2/64 tunnel tun0 {
description "Upstream - Securebit" address 2a09:4c0:57e0:bd::2/64
encapsulation sit description "[upstream] Securebit"
multicast disable encapsulation sit
remote 94.177.122.249 multicast disable
source-address 5.196.146.57 remote 185.232.117.249
} source-address 5.196.146.57
tunnel tun1 { }
address 2602:feda:3:4f::2/64 tunnel tun1 {
description "Upstream - Nato" address 2602:feda:3:4f::2/64
encapsulation sit description "[upstream] Nato"
multicast disable encapsulation sit
remote 45.152.127.173 multicast disable
source-address 5.196.146.57 remote 45.152.127.173
} source-address 5.196.146.57
tunnel tun2 { }
address 2a01:20e:1001:115::2/64 tunnel tun2 {
description "Upstream - Openfactory" address 2a01:20e:1001:115::2/64
encapsulation gre description "[upstream] Openfactory"
multicast disable encapsulation gre
remote 45.92.40.8 multicast disable
source-address 5.196.146.57 remote 45.92.40.8
} source-address 5.196.146.57
tunnel tun3 { }
address 2a0c:b641:7c0:ee::75/127 tunnel tun3 {
description "Upstream - Gregory Falla" address 2a0c:9a40:100f:4c1::2/64
encapsulation gre description "[upstream] iFog GmbH"
multicast disable encapsulation gre
remote 194.28.98.75 multicast disable
source-address 5.196.146.57 remote 193.148.249.44
} source-address 5.196.146.57
tunnel tun4 { }
address 2a0c:9a40:100f:4c1::2/64 tunnel tun4 {
description "Upstream - iFog" address 2a0c:b641:7c0:ee::75/127
encapsulation gre description "[upstream] Gregory Falla"
multicast disable encapsulation gre
remote 193.148.249.44 multicast disable
source-address 5.196.146.57 remote 194.28.98.75
} source-address 5.196.146.57
tunnel tun5 { }
address 2a0e:97c0:210::212:224:262/126 tunnel tun5 {
description "Upstream - C1VHosting" address 2a0e:97c0:210::212:224:262/126
encapsulation gre description "[upstream] C1VHosting"
multicast disable encapsulation gre
remote 152.89.170.250 multicast disable
source-address 5.196.146.57 remote 152.89.170.250
} source-address 5.196.146.57
tunnel tun7 { }
address 2a0e:46c4:102::212:756:1/64 tunnel tun6 {
description "IX - PyramIX" address 2a0e:46c4:102::212:756:1/64
encapsulation gretap description "[ix] PyramIX"
multicast disable encapsulation gretap
remote 91.201.67.183 multicast disable
source-address 5.196.146.57 remote 91.201.67.183
} source-address 5.196.146.57
tunnel tun10 { }
address 2a0c:b641:4c0:8::1:1/124 tunnel tun11 {
description "Core - Mar1" address 2a0c:b641:4c0:8:1::1:1/124
encapsulation gre description "[internal] Core - MAR1"
multicast disable encapsulation gre
remote MAR1 multicast disable
source-address 5.196.146.57 remote 185.73.232.247
} source-address 5.196.146.57
tunnel tun11 { }
address 2a0c:b641:4c0:8::2:1/124 tunnel tun12 {
description "Core - Mar2" address 2a0c:b641:4c0:8:1::2:1/124
encapsulation gre description "[internal] Core - MAR2"
multicast disable encapsulation gre
remote MAR2 multicast disable
source-address 5.196.146.57 remote 92.118.96.240
} source-address 5.196.146.57
tunnel tun12 { }
address 2a0c:b641:4c0:8::3:1/124 tunnel tun13 {
description "Core - MAR3" address 2a0c:b641:4c0:8:1::3:1/124
encapsulation gre description "[internal] Core - MAR3"
multicast disable encapsulation gre
remote MAR3 multicast disable
source-address 5.196.146.57 remote 92.118.96.113
} source-address 5.196.146.57
vxlan vxlan0 { }
address 185.1.125.54/24 tunnel tun14 {
address 2001:7f8:d0::3:3f14:1/48 address 2a0c:b641:4c0:8:1::4:1/124
mtu 1500 description "[internal] Edge - PAR1"
port 4789 encapsulation gre
remote 195.48.40.110 multicast disable
source-address 5.196.146.57 remote 45.32.150.175
vni 75 source-address 5.196.146.57
} }
} tunnel tun15 {
policy { address 2a0c:b641:4c0:8:1::5:1/124
prefix-list6 as212756 { description "[internal] Edge - HAA1"
description "as212756 - All Out Prefix" encapsulation gre
rule 10 { multicast disable
action permit remote 46.148.123.147
prefix 2a0c:b641:4c0::/44 source-address 5.196.146.57
} }
rule 20 { }
action permit policy {
prefix 2a0e:b107:fa0::/44 prefix-list6 as-out {
} description "as212756 out to upstreams and peering"
rule 30 { rule 5 {
action deny action permit
prefix ::/0 prefix 2a0c:b641:4c0::/44
} }
} rule 10 {
prefix-list6 as212756-cust { action permit
description "as212756 - All Out Prefix + Cust" prefix 2a0e:b107:fa0::/44
rule 10 { }
action permit rule 15 {
prefix 2a0c:b641:4c0::/44 action permit
} description "Customer : Matis Gagneux"
rule 20 { prefix 2a0e:8f02:f008::/48
action permit }
prefix 2a0e:b107:fa0::/44 rule 20 {
} action deny
rule 40 { prefix ::/0
action deny }
prefix ::/0 }
} prefix-list6 fullview {
} description "Fullview to customers and internal routers"
prefix-list6 defaultroute { rule 5 {
rule 10 { action permit
action permit prefix ::/0
prefix ::/0 }
} }
} }
route-map ROUTES-IN { protocols {
rule 10 { bgp 212756 {
action permit address-family {
match { ipv6-unicast {
rpki valid network 2a0c:b641:4c0::/44 {
}
network 2a0e:b107:fa0::/44 {
}
}
}
neighbor 2a0c:9a40:100f:4c1::1 {
address-family {
ipv6-unicast {
prefix-list {
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "[upstream] iFog GmbH"
ebgp-multihop 255
remote-as 34927
}
neighbor 2a0c:b641:4c0:8:1::1:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Core - MAR1"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8:1::2:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Core - MAR2"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8:1::3:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Core - MAR3"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8:1::4:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
} }
set { description "[internal] Edge - PAR1"
local-preference 300
}
}
rule 20 {
action permit
match {
rpki notfound
}
set {
local-preference 125
}
}
rule 30 {
action deny
match {
rpki invalid
}
}
}
route-map defaultroute {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list defaultroute
}
}
}
}
}
}
protocols {
bgp 212756 {
address-family {
ipv6-unicast {
network 2a0c:b641:4c0::/44 {
}
}
}
neighbor 185.44.81.150 {
address-family {
ipv4-unicast {
soft-reconfiguration {
inbound
}
}
ipv6-unicast {
soft-reconfiguration {
inbound
}
}
}
ebgp-multihop 255
remote-as 212504
}
neighbor 2a0c:b641:4c0:8::1:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "Member - MAR1"
remote-as 212756 remote-as 212756
} }
neighbor 2a0c:b641:4c0:8::2:2 { neighbor 2a0c:b641:4c0:8:1::5:2 {
address-family { address-family {
ipv6-unicast { ipv6-unicast {
nexthop-self { nexthop-self {
} }
soft-reconfiguration { soft-reconfiguration {
inbound inbound
} }
} }
} }
description "Member - MAR2" description "[internal] Edge - HAA1"
remote-as 212756 remote-as 212756
} shutdown
neighbor 2a0c:b641:4c0:8::3:2 { }
address-family { neighbor 2a0c:b641:7c0:ee::74 {
ipv6-unicast { address-family {
nexthop-self { ipv6-unicast {
} prefix-list {
soft-reconfiguration { export as-out
inbound }
} soft-reconfiguration {
} inbound
} }
description "Member - MAR3" }
remote-as 212756 }
} description "[upstream] Gregory Falla"
neighbor 2a0c:b641:7c0:ee::74 { ebgp-multihop 255
address-family { remote-as 206639
ipv6-unicast { }
prefix-list { neighbor 2a0e:46c4:102::1 {
export as212756 address-family {
} ipv6-unicast {
soft-reconfiguration { prefix-list {
inbound export as-out
} }
} soft-reconfiguration {
} inbound
description "Upstream - Gregory Falla" }
ebgp-multihop 255 }
remote-as 206639 }
} description "[ix] PyramIX - RS1"
neighbor 2a0e:46c4:102::1 { ebgp-multihop 255
address-family { remote-as 141702
ipv6-unicast { }
prefix-list { neighbor 2a0e:46c4:102::2 {
export as212756 address-family {
} ipv6-unicast {
soft-reconfiguration { prefix-list {
inbound export as-out
} }
} soft-reconfiguration {
} inbound
description "PyramIX - RSv6 1" }
ebgp-multihop 255 }
remote-as 141702 }
} description "[ix] PyramIX - RS2"
neighbor 2a0e:46c4:102::2 { ebgp-multihop 255
address-family { remote-as 141702
ipv6-unicast { }
prefix-list { neighbor 2a0e:97c0:210::212:224:261 {
export as212756 address-family {
} ipv6-unicast {
soft-reconfiguration { prefix-list {
inbound export as-out
} }
} soft-reconfiguration {
} inbound
description "PyramIX - RSv6 2" }
ebgp-multihop 255 }
remote-as 141702 }
} description "[upstream] C1VHosting"
neighbor 2a0e:97c0:210::212:224:261 { ebgp-multihop 255
address-family { remote-as 212271
ipv6-unicast { }
prefix-list { neighbor 2a01:20e:1001:115::1 {
export as212756-cust address-family {
} ipv6-unicast {
soft-reconfiguration { prefix-list {
inbound export as-out
} }
} soft-reconfiguration {
} inbound
description "Upstream - C1VHosting" }
ebgp-multihop 255 }
remote-as 212271 }
} description "[upstream] Openfactory"
neighbor 2a01:20e:1001:115::1 { ebgp-multihop 255
address-family { remote-as 41051
ipv6-unicast { }
prefix-list { neighbor 2a09:4c0:57e0:bd::1 {
export as212756 address-family {
} ipv6-unicast {
soft-reconfiguration { prefix-list {
inbound export as-out
} }
} soft-reconfiguration {
} inbound
description "Upstream - Openfactory GmbH" }
ebgp-multihop 255 }
remote-as 41051 }
} description "[upstream] Securebit"
neighbor 2a09:4c0:1e0:ce::1 { ebgp-multihop 255
address-family { remote-as 58057
ipv6-unicast { }
prefix-list { neighbor 2602:feda:3:4f::1 {
export as212756-cust address-family {
} ipv6-unicast {
soft-reconfiguration { prefix-list {
inbound export as-out
} }
} soft-reconfiguration {
} inbound
description "Upstream - Securebit" }
ebgp-multihop 255 }
remote-as 58057 }
} description "[upstream] Nato"
neighbor 2001:7f8:d0:b901::7d01 { ebgp-multihop 255
address-family { remote-as 46997
ipv6-unicast { }
prefix-list { parameters {
export as212756 bestpath {
} as-path {
soft-reconfiguration { confed
inbound }
} }
} default {
} no-ipv4-unicast
description "4IXP - RSv6 1" }
remote-as 35708 graceful-restart {
} stalepath-time 60
neighbor 2001:7f8:d0:b901::7d02 { }
address-family { log-neighbor-changes
ipv6-unicast { router-id 5.196.146.57
prefix-list { }
export as212756 }
} static {
soft-reconfiguration { route 0.0.0.0/0 {
inbound next-hop 5.196.146.254 {
} }
} }
} route6 2a0c:b641:4c2::/48 {
description "4IXP - RSv6 2" next-hop 2a0c:b641:4c0:8:1:0:2:2 {
remote-as 35708 }
} }
neighbor 2001:7f8:d0:b901::7d03 { }
address-family { }
ipv6-unicast { service {
prefix-list { ssh {
export as212756 }
} }
soft-reconfiguration { system {
inbound config-management {
} commit-revisions 100
} }
} console {
description "4IXP - RSv6 3" device ttyS0 {
remote-as 35708 speed 115200
} }
neighbor 2602:feda:3:4f::1 { }
address-family { domain-name as212756.net
ipv6-unicast { host-name vyos.edge.gra1
prefix-list { login {
export as212756 banner {
} pre-login |
soft-reconfiguration { }
inbound user lynqo_noc {
} authentication {
} encrypted-password <A WONDERFUL PASSWORD>
} public-keys pubkey {
description "Upstream - Nato" key AAAAB3N[..]ZIyUgqbz8=
ebgp-multihop 255 type ssh-rsa
remote-as 46997 }
} }
} full-name "Lynqo - Network Operations Center"
static { }
route 0.0.0.0/0 { }
next-hop 5.196.146.254 { name-server 1.1.1.1
} name-server 1.0.0.1
} name-server 8.8.8.8
route6 2a0c:b641:4c2::/48 { name-server 8.8.4.4
next-hop 2a0c:b641:4c0:8::2:2 { name-server 2001:4860:4860::8888
} name-server 2001:4860:4860::8844
} name-server 2606:4700:4700::1111
} name-server 2606:4700:4700::1001
} ntp {
service { server 0.pool.ntp.org {
ssh { }
port 22 server 1.pool.ntp.org {
} }
} server 2.pool.ntp.org {
system { }
config-management { }
commit-revisions 100 syslog {
} global {
console { facility all {
device ttyS0 { level info
speed 115200 }
} facility protocols {
} level debug
domain-name as212756.net }
host-name edge.par1 }
login { }
user maximehl { time-zone Europe/Paris
authentication { }
encrypted-password Password
}
full-name "Maxime Hillebrand-Lambert"
}
user valentinp {
authentication {
encrypted-password Password
}
full-name "Valentin Puccetti"
}
}
name-server 1.1.1.1
name-server 1.0.0.1
name-server 8.8.8.8
name-server 8.8.4.4
name-server 2001:4860:4860::8888
name-server 2001:4860:4860::8844
name-server 2606:4700:4700::1111
name-server 2606:4700:4700::1001
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}