Complete reconfiguration

master
Maxime H. 2021-07-18 13:58:42 +00:00
parent 32b1d6a5ef
commit ceb9be5c59
1 changed files with 411 additions and 448 deletions

View File

@ -1,20 +1,21 @@
interfaces {
ethernet eth0 {
address 5.196.146.57/24
address 2a0c:b641:4c0::1/64
}
loopback lo {
}
tunnel tun0 {
address 2a09:4c0:1e0:ce::2/64
description "Upstream - Securebit"
address 2a09:4c0:57e0:bd::2/64
description "[upstream] Securebit"
encapsulation sit
multicast disable
remote 94.177.122.249
remote 185.232.117.249
source-address 5.196.146.57
}
tunnel tun1 {
address 2602:feda:3:4f::2/64
description "Upstream - Nato"
description "[upstream] Nato"
encapsulation sit
multicast disable
remote 45.152.127.173
@ -22,179 +23,140 @@ interfaces {
}
tunnel tun2 {
address 2a01:20e:1001:115::2/64
description "Upstream - Openfactory"
description "[upstream] Openfactory"
encapsulation gre
multicast disable
remote 45.92.40.8
source-address 5.196.146.57
}
tunnel tun3 {
address 2a0c:b641:7c0:ee::75/127
description "Upstream - Gregory Falla"
encapsulation gre
multicast disable
remote 194.28.98.75
source-address 5.196.146.57
}
tunnel tun4 {
address 2a0c:9a40:100f:4c1::2/64
description "Upstream - iFog"
description "[upstream] iFog GmbH"
encapsulation gre
multicast disable
remote 193.148.249.44
source-address 5.196.146.57
}
tunnel tun4 {
address 2a0c:b641:7c0:ee::75/127
description "[upstream] Gregory Falla"
encapsulation gre
multicast disable
remote 194.28.98.75
source-address 5.196.146.57
}
tunnel tun5 {
address 2a0e:97c0:210::212:224:262/126
description "Upstream - C1VHosting"
description "[upstream] C1VHosting"
encapsulation gre
multicast disable
remote 152.89.170.250
source-address 5.196.146.57
}
tunnel tun7 {
tunnel tun6 {
address 2a0e:46c4:102::212:756:1/64
description "IX - PyramIX"
description "[ix] PyramIX"
encapsulation gretap
multicast disable
remote 91.201.67.183
source-address 5.196.146.57
}
tunnel tun10 {
address 2a0c:b641:4c0:8::1:1/124
description "Core - Mar1"
encapsulation gre
multicast disable
remote MAR1
source-address 5.196.146.57
}
tunnel tun11 {
address 2a0c:b641:4c0:8::2:1/124
description "Core - Mar2"
address 2a0c:b641:4c0:8:1::1:1/124
description "[internal] Core - MAR1"
encapsulation gre
multicast disable
remote MAR2
remote 185.73.232.247
source-address 5.196.146.57
}
tunnel tun12 {
address 2a0c:b641:4c0:8::3:1/124
description "Core - MAR3"
address 2a0c:b641:4c0:8:1::2:1/124
description "[internal] Core - MAR2"
encapsulation gre
multicast disable
remote MAR3
remote 92.118.96.240
source-address 5.196.146.57
}
vxlan vxlan0 {
address 185.1.125.54/24
address 2001:7f8:d0::3:3f14:1/48
mtu 1500
port 4789
remote 195.48.40.110
tunnel tun13 {
address 2a0c:b641:4c0:8:1::3:1/124
description "[internal] Core - MAR3"
encapsulation gre
multicast disable
remote 92.118.96.113
source-address 5.196.146.57
vni 75
}
tunnel tun14 {
address 2a0c:b641:4c0:8:1::4:1/124
description "[internal] Edge - PAR1"
encapsulation gre
multicast disable
remote 45.32.150.175
source-address 5.196.146.57
}
policy {
prefix-list6 as212756 {
description "as212756 - All Out Prefix"
rule 10 {
tunnel tun15 {
address 2a0c:b641:4c0:8:1::5:1/124
description "[internal] Edge - HAA1"
encapsulation gre
multicast disable
remote 46.148.123.147
source-address 5.196.146.57
}
}
policy {
prefix-list6 as-out {
description "as212756 out to upstreams and peering"
rule 5 {
action permit
prefix 2a0c:b641:4c0::/44
}
rule 20 {
rule 10 {
action permit
prefix 2a0e:b107:fa0::/44
}
rule 30 {
action deny
prefix ::/0
}
}
prefix-list6 as212756-cust {
description "as212756 - All Out Prefix + Cust"
rule 10 {
rule 15 {
action permit
prefix 2a0c:b641:4c0::/44
description "Customer : Matis Gagneux"
prefix 2a0e:8f02:f008::/48
}
rule 20 {
action permit
prefix 2a0e:b107:fa0::/44
}
rule 40 {
action deny
prefix ::/0
}
}
prefix-list6 defaultroute {
rule 10 {
prefix-list6 fullview {
description "Fullview to customers and internal routers"
rule 5 {
action permit
prefix ::/0
}
}
route-map ROUTES-IN {
rule 10 {
action permit
match {
rpki valid
}
set {
local-preference 300
}
}
rule 20 {
action permit
match {
rpki notfound
}
set {
local-preference 125
}
}
rule 30 {
action deny
match {
rpki invalid
}
}
}
route-map defaultroute {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list defaultroute
}
}
}
}
}
}
protocols {
}
protocols {
bgp 212756 {
address-family {
ipv6-unicast {
network 2a0c:b641:4c0::/44 {
}
network 2a0e:b107:fa0::/44 {
}
}
neighbor 185.44.81.150 {
}
neighbor 2a0c:9a40:100f:4c1::1 {
address-family {
ipv4-unicast {
soft-reconfiguration {
inbound
}
}
ipv6-unicast {
prefix-list {
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "[upstream] iFog GmbH"
ebgp-multihop 255
remote-as 212504
remote-as 34927
}
neighbor 2a0c:b641:4c0:8::1:2 {
neighbor 2a0c:b641:4c0:8:1::1:2 {
address-family {
ipv6-unicast {
nexthop-self {
@ -204,10 +166,10 @@ interfaces {
}
}
}
description "Member - MAR1"
description "[internal] Core - MAR1"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8::2:2 {
neighbor 2a0c:b641:4c0:8:1::2:2 {
address-family {
ipv6-unicast {
nexthop-self {
@ -217,10 +179,10 @@ interfaces {
}
}
}
description "Member - MAR2"
description "[internal] Core - MAR2"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8::3:2 {
neighbor 2a0c:b641:4c0:8:1::3:2 {
address-family {
ipv6-unicast {
nexthop-self {
@ -230,21 +192,48 @@ interfaces {
}
}
}
description "Member - MAR3"
description "[internal] Core - MAR3"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8:1::4:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Edge - PAR1"
remote-as 212756
}
neighbor 2a0c:b641:4c0:8:1::5:2 {
address-family {
ipv6-unicast {
nexthop-self {
}
soft-reconfiguration {
inbound
}
}
}
description "[internal] Edge - HAA1"
remote-as 212756
shutdown
}
neighbor 2a0c:b641:7c0:ee::74 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "Upstream - Gregory Falla"
description "[upstream] Gregory Falla"
ebgp-multihop 255
remote-as 206639
}
@ -252,14 +241,14 @@ interfaces {
address-family {
ipv6-unicast {
prefix-list {
export as212756
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "PyramIX - RSv6 1"
description "[ix] PyramIX - RS1"
ebgp-multihop 255
remote-as 141702
}
@ -267,14 +256,14 @@ interfaces {
address-family {
ipv6-unicast {
prefix-list {
export as212756
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "PyramIX - RSv6 2"
description "[ix] PyramIX - RS2"
ebgp-multihop 255
remote-as 141702
}
@ -282,14 +271,14 @@ interfaces {
address-family {
ipv6-unicast {
prefix-list {
export as212756-cust
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "Upstream - C1VHosting"
description "[upstream] C1VHosting"
ebgp-multihop 255
remote-as 212271
}
@ -297,89 +286,62 @@ interfaces {
address-family {
ipv6-unicast {
prefix-list {
export as212756
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "Upstream - Openfactory GmbH"
description "[upstream] Openfactory"
ebgp-multihop 255
remote-as 41051
}
neighbor 2a09:4c0:1e0:ce::1 {
neighbor 2a09:4c0:57e0:bd::1 {
address-family {
ipv6-unicast {
prefix-list {
export as212756-cust
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "Upstream - Securebit"
description "[upstream] Securebit"
ebgp-multihop 255
remote-as 58057
}
neighbor 2001:7f8:d0:b901::7d01 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
}
soft-reconfiguration {
inbound
}
}
}
description "4IXP - RSv6 1"
remote-as 35708
}
neighbor 2001:7f8:d0:b901::7d02 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
}
soft-reconfiguration {
inbound
}
}
}
description "4IXP - RSv6 2"
remote-as 35708
}
neighbor 2001:7f8:d0:b901::7d03 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
}
soft-reconfiguration {
inbound
}
}
}
description "4IXP - RSv6 3"
remote-as 35708
}
neighbor 2602:feda:3:4f::1 {
address-family {
ipv6-unicast {
prefix-list {
export as212756
export as-out
}
soft-reconfiguration {
inbound
}
}
}
description "Upstream - Nato"
description "[upstream] Nato"
ebgp-multihop 255
remote-as 46997
}
parameters {
bestpath {
as-path {
confed
}
}
default {
no-ipv4-unicast
}
graceful-restart {
stalepath-time 60
}
log-neighbor-changes
router-id 5.196.146.57
}
}
static {
route 0.0.0.0/0 {
@ -387,17 +349,16 @@ interfaces {
}
}
route6 2a0c:b641:4c2::/48 {
next-hop 2a0c:b641:4c0:8::2:2 {
next-hop 2a0c:b641:4c0:8:1:0:2:2 {
}
}
}
}
service {
}
service {
ssh {
port 22
}
}
system {
}
system {
config-management {
commit-revisions 100
}
@ -407,19 +368,20 @@ interfaces {
}
}
domain-name as212756.net
host-name edge.par1
host-name vyos.edge.gra1
login {
user maximehl {
banner {
pre-login |
}
user lynqo_noc {
authentication {
encrypted-password Password
encrypted-password <A WONDERFUL PASSWORD>
public-keys pubkey {
key AAAAB3N[..]ZIyUgqbz8=
type ssh-rsa
}
full-name "Maxime Hillebrand-Lambert"
}
user valentinp {
authentication {
encrypted-password Password
}
full-name "Valentin Puccetti"
full-name "Lynqo - Network Operations Center"
}
}
name-server 1.1.1.1
@ -448,4 +410,5 @@ interfaces {
}
}
}
}
time-zone Europe/Paris
}