frr defaults datacenter username cumulus nopassword ! service integrated-vtysh-config ! log syslog informational ! interface feth1 ipv6 nd ra-interval 10 no ipv6 nd suppress-ra ! interface feth2 ipv6 nd ra-interval 10 no ipv6 nd suppress-ra ! !!! FRR_IFS ! router bgp NODEASN bgp router-id FRRROUTERID no bgp default ipv4-unicast coalesce-time 1000 bgp bestpath as-path multipath-relax bgp bestpath compare-routerid neighbor fabric peer-group neighbor fabric remote-as external neighbor feth1 interface peer-group fabric neighbor feth2 interface peer-group fabric !!! neighbor GRE peer-group !!! neighbor GRE remote-as external !!! neighbor GRE local-as NODEDEFAULTASN !!! neighbor GRE password wIt2Go !!! neighbor GRE ebgp-multihop 255 !!! neighbor eBGPv4 peer-group !!! neighbor eBGPv4 remote-as external !!! neighbor eBGPv6 peer-group !!! neighbor eBGPv6 remote-as external !!! neighbor iBGP peer-group !!! neighbor iBGP remote-as internal !!! FRR_NEIGH ! address-family ipv4 unicast redistribute kernel route-map EIPv4 redistribute connected route-map LOCALNETSv4 neighbor fabric activate neighbor fabric soft-reconfiguration inbound !!! FRR_IPV4_EDGE_EXTRA !!! neighbor fabric default-originate !!! neighbor fabric route-map FABRICv4-OUT out !!! aggregate-address 168.245.146.0/24 !!! aggregate-address 170.199.210.0/24 !!! aggregate-address 170.199.211.0/24 !!! aggregate-address 170.199.212.0/24 !!! aggregate-address 170.199.213.0/24 !!! aggregate-address 170.199.214.0/24 !!! aggregate-address 170.199.215.0/24 !!! aggregate-address 170.199.216.0/24 !!! aggregate-address 170.199.217.0/24 !!! neighbor GRE activate !!! neighbor GRE default-originate !!! neighbor GRE soft-reconfiguration inbound !!! neighbor GRE allowas-in 1 !!! neighbor GRE route-map GREv4-IN in !!! neighbor GRE route-map FABRICv4-OUT out !!! neighbor eBGPv4 activate !!! neighbor eBGPv4 next-hop-self !!! neighbor eBGPv4 remove-private-AS !!! neighbor eBGPv4 soft-reconfiguration inbound !!! neighbor eBGPv4 route-map eBGPv4-IN in !!! neighbor eBGPv4 route-map eBGPv4-OUT out !!! neighbor iBGP activate !!! neighbor iBGP next-hop-self !!! neighbor iBGP soft-reconfiguration inbound exit-address-family ! address-family ipv6 unicast redistribute kernel route-map EIPv6 redistribute connected route-map LOCALNETSv6 neighbor fabric activate neighbor fabric soft-reconfiguration inbound !!! FRR_IPV6_EDGE_EXTRA !!! neighbor fabric default-originate !!! neighbor fabric route-map FABRICv6-OUT out !!! aggregate-address 2604:bbc0::/32 !!! neighbor GRE activate !!! neighbor GRE default-originate !!! neighbor GRE soft-reconfiguration inbound !!! neighbor GRE allowas-in 1 !!! neighbor GRE route-map GREv6-IN in !!! neighbor GRE route-map FABRICv6-OUT out !!! neighbor eBGPv6 activate !!! neighbor eBGPv6 soft-reconfiguration inbound !!! neighbor eBGPv6 route-map eBGPv6-IN in !!! neighbor eBGPv6 route-map eBGPv6-OUT out !!! neighbor iBGP activate !!! neighbor iBGP next-hop-self !!! neighbor iBGP soft-reconfiguration inbound exit-address-family ! address-family l2vpn evpn !!! neighbor GRE activate !!! neighbor GRE allowas-in 1 neighbor fabric activate advertise-all-vni exit-address-family ! ip prefix-list LOOPBACK seq 5 permit 10.1.0.0/16 ge 32 ip prefix-list WIT-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25 ip prefix-list WIT-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25 !!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32 !!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 !!! ip prefix-list WITV4-EXACT seq 15 permit 170.199.211.0/24 !!! ip prefix-list WITV4-EXACT seq 20 permit 170.199.212.0/24 !!! ip prefix-list WITV4-EXACT seq 25 permit 170.199.213.0/24 !!! ip prefix-list WITV4-EXACT seq 30 permit 170.199.214.0/24 !!! ip prefix-list WITV4-EXACT seq 35 permit 170.199.215.0/24 !!! ip prefix-list WITV4-EXACT seq 40 permit 170.199.216.0/24 !!! ip prefix-list WITV4-EXACT seq 45 permit 170.199.217.0/24 !!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32 !!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32 !!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32 !!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32 !!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32 ! ipv6 prefix-list LOOPBACK seq 5 permit 2604:bbc0:0:100::/56 ge 128 ipv6 prefix-list WIT-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64 ipv6 prefix-list WIT-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64 ipv6 prefix-list WIT-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64 !!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128 !!! ipv6 prefix-list DEFAULT seq 5 permit ::/0 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 5 deny 3ffe::/16 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 10 deny 2001:db8::/32 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 15 permit 2001::/32 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 20 deny 2001::/32 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 25 permit 2002::/16 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 30 deny 2002::/16 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 35 deny ::/8 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 40 deny fe00::/9 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 45 deny ff00::/8 le 128 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 50 permit 2000::/3 le 48 !!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 55 deny ::/0 le 128 !!! ipv6 prefix-list WITV6 seq 10 permit 2604:bbc0::/32 ge 48 !!! ipv6 prefix-list WITV6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44 ! route-map EIPv4 permit 5 match ip address prefix-list WIT-CUSTOMERS ! route-map EIPv6 permit 5 match ipv6 address prefix-list WIT-CUSTOMERS ! route-map LOCALNETSv4 permit 5 description "permit loopback ips" match ip address prefix-list LOOPBACK ! route-map LOCALNETSv6 permit 5 description "permit ipv6 loopback ips" match ipv6 address prefix-list LOOPBACK ! !!! route-map eBGPv4-IN deny 5 !!! description "deny any incoming private IP blocks" !!! match ip address prefix-list rfc1918 !!! ! !!! route-map eBGPv4-IN permit 10 !!! description "Accept all routes advertised to us" !!! match ip address prefix-list ALL !!! ! !!! route-map eBGPv4-OUT deny 5 !!! description "deny advertising private IP space" !!! match ip address prefix-list rfc1918 !!! ! !!! route-map eBGPv4-OUT permit 10 !!! description "match IP block owned by WIT" !!! match ip address prefix-list WITV4-EXACT !!! ! !!! route-map eBGPv6-IN permit 5 !!! description "Accept all routes advertised to us" !!! match ipv6 address prefix-list IPV6-EBGP-RELAXED !!! ! !!! route-map eBGPv6-OUT permit 5 !!! description "match IP block owned by WIT" !!! match ipv6 address prefix-list WITV6-SUMMARIES !!! ! !!! route-map FABRICv4-OUT permit 5 !!! description "allow default route" !!! match ip address prefix-list DEFAULT !!! ! !!! route-map FABRICv4-OUT permit 10 !!! description "allow loopback IPs" !!! match ip address prefix-list LOOPBACK !!! ! !!! route-map FABRICv4-OUT permit 15 !!! description "allow WIT public IPs" !!! match ip address prefix-list WITV4 !!! ! !!! route-map FABRICv6-OUT permit 5 !!! description "allow default route" !!! match ipv6 address prefix-list DEFAULT !!! ! !!! route-map FABRICv6-OUT permit 10 !!! description "allow loopback IPs" !!! match ipv6 address prefix-list LOOPBACK !!! ! !!! route-map FABRICv6-OUT permit 15 !!! description "allow WIT public IPs" !!! match ipv6 address prefix-list WITV6 !!! ! !!! route-map GREv4-IN deny 5 !!! description "deny default route in" !!! match ip address prefix-list DEFAULT !!! ! !!! route-map GREv4-IN permit 10 !!! description "accept all the rest" !!! match ip address prefix-list ALL !!! ! !!! route-map GREv6-IN deny 5 !!! description "deny default route in" !!! match ipv6 address prefix-list DEFAULT !!! ! !!! route-map GREv6-IN permit 10 !!! description "accept all the rest" !!! match ipv6 address prefix-list ALL !!! ! ! line vty !