251 lines
8.4 KiB
Plaintext
251 lines
8.4 KiB
Plaintext
frr defaults datacenter
|
|
username cumulus nopassword
|
|
!
|
|
service integrated-vtysh-config
|
|
!
|
|
log syslog informational
|
|
!
|
|
interface feth1
|
|
ipv6 nd ra-interval 10
|
|
no ipv6 nd suppress-ra
|
|
!
|
|
interface feth2
|
|
ipv6 nd ra-interval 10
|
|
no ipv6 nd suppress-ra
|
|
!
|
|
!!! FRR_IFS
|
|
!
|
|
router bgp NODEASN
|
|
bgp router-id FRRROUTERID
|
|
no bgp default ipv4-unicast
|
|
coalesce-time 1000
|
|
bgp bestpath as-path multipath-relax
|
|
bgp bestpath compare-routerid
|
|
neighbor fabric peer-group
|
|
neighbor fabric remote-as external
|
|
neighbor feth1 interface peer-group fabric
|
|
neighbor feth2 interface peer-group fabric
|
|
!!! neighbor GRE peer-group
|
|
!!! neighbor GRE remote-as external
|
|
!!! neighbor GRE local-as NODEDEFAULTASN
|
|
!!! neighbor GRE password wIt2Go
|
|
!!! neighbor GRE ebgp-multihop 255
|
|
!!! neighbor eBGPv4 peer-group
|
|
!!! neighbor eBGPv4 remote-as external
|
|
!!! neighbor eBGPv6 peer-group
|
|
!!! neighbor eBGPv6 remote-as external
|
|
!!! neighbor iBGP peer-group
|
|
!!! neighbor iBGP remote-as internal
|
|
!!! FRR_NEIGH
|
|
!
|
|
address-family ipv4 unicast
|
|
redistribute kernel route-map EIPv4
|
|
redistribute connected route-map LOCALNETSv4
|
|
neighbor fabric activate
|
|
neighbor fabric soft-reconfiguration inbound
|
|
!!! FRR_IPV4_EDGE_EXTRA
|
|
!!! neighbor fabric default-originate
|
|
!!! neighbor fabric route-map FABRICv4-OUT out
|
|
!!! aggregate-address 168.245.146.0/24
|
|
!!! aggregate-address 170.199.210.0/24
|
|
!!! aggregate-address 170.199.211.0/24
|
|
!!! aggregate-address 170.199.212.0/24
|
|
!!! aggregate-address 170.199.213.0/24
|
|
!!! aggregate-address 170.199.214.0/24
|
|
!!! aggregate-address 170.199.215.0/24
|
|
!!! aggregate-address 170.199.216.0/24
|
|
!!! aggregate-address 170.199.217.0/24
|
|
!!! neighbor GRE activate
|
|
!!! neighbor GRE default-originate
|
|
!!! neighbor GRE soft-reconfiguration inbound
|
|
!!! neighbor GRE allowas-in 1
|
|
!!! neighbor GRE route-map GREv4-IN in
|
|
!!! neighbor GRE route-map FABRICv4-OUT out
|
|
!!! neighbor eBGPv4 activate
|
|
!!! neighbor eBGPv4 next-hop-self
|
|
!!! neighbor eBGPv4 remove-private-AS
|
|
!!! neighbor eBGPv4 soft-reconfiguration inbound
|
|
!!! neighbor eBGPv4 route-map eBGPv4-IN in
|
|
!!! neighbor eBGPv4 route-map eBGPv4-OUT out
|
|
!!! neighbor iBGP activate
|
|
!!! neighbor iBGP next-hop-self
|
|
!!! neighbor iBGP soft-reconfiguration inbound
|
|
exit-address-family
|
|
!
|
|
address-family ipv6 unicast
|
|
redistribute kernel route-map EIPv6
|
|
redistribute connected route-map LOCALNETSv6
|
|
neighbor fabric activate
|
|
neighbor fabric soft-reconfiguration inbound
|
|
!!! FRR_IPV6_EDGE_EXTRA
|
|
!!! neighbor fabric default-originate
|
|
!!! neighbor fabric route-map FABRICv6-OUT out
|
|
!!! aggregate-address 2604:bbc0::/32
|
|
!!! neighbor GRE activate
|
|
!!! neighbor GRE default-originate
|
|
!!! neighbor GRE soft-reconfiguration inbound
|
|
!!! neighbor GRE allowas-in 1
|
|
!!! neighbor GRE route-map GREv6-IN in
|
|
!!! neighbor GRE route-map FABRICv6-OUT out
|
|
!!! neighbor eBGPv6 activate
|
|
!!! neighbor eBGPv6 soft-reconfiguration inbound
|
|
!!! neighbor eBGPv6 route-map eBGPv6-IN in
|
|
!!! neighbor eBGPv6 route-map eBGPv6-OUT out
|
|
!!! neighbor iBGP activate
|
|
!!! neighbor iBGP next-hop-self
|
|
!!! neighbor iBGP soft-reconfiguration inbound
|
|
exit-address-family
|
|
!
|
|
address-family l2vpn evpn
|
|
!!! neighbor GRE activate
|
|
!!! neighbor GRE allowas-in 1
|
|
neighbor fabric activate
|
|
advertise-all-vni
|
|
exit-address-family
|
|
!
|
|
ip prefix-list LOOPBACK seq 5 permit 10.1.0.0/16 ge 32
|
|
ip prefix-list WIT-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25
|
|
ip prefix-list WIT-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
|
|
!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
|
|
!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
|
|
!!! ip prefix-list WITV4-EXACT seq 15 permit 170.199.211.0/24
|
|
!!! ip prefix-list WITV4-EXACT seq 20 permit 170.199.212.0/24
|
|
!!! ip prefix-list WITV4-EXACT seq 25 permit 170.199.213.0/24
|
|
!!! ip prefix-list WITV4-EXACT seq 30 permit 170.199.214.0/24
|
|
!!! ip prefix-list WITV4-EXACT seq 35 permit 170.199.215.0/24
|
|
!!! ip prefix-list WITV4-EXACT seq 40 permit 170.199.216.0/24
|
|
!!! ip prefix-list WITV4-EXACT seq 45 permit 170.199.217.0/24
|
|
!!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32
|
|
!!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32
|
|
!!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32
|
|
!!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32
|
|
!!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32
|
|
!!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
|
|
!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
|
|
!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
|
|
!
|
|
ipv6 prefix-list LOOPBACK seq 5 permit 2604:bbc0:0:100::/56 ge 128
|
|
ipv6 prefix-list WIT-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64
|
|
ipv6 prefix-list WIT-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64
|
|
ipv6 prefix-list WIT-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64
|
|
!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
|
|
!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 5 deny 3ffe::/16 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 10 deny 2001:db8::/32 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 15 permit 2001::/32
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 20 deny 2001::/32 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 25 permit 2002::/16
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 30 deny 2002::/16 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 35 deny ::/8 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 40 deny fe00::/9 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 45 deny ff00::/8 le 128
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 50 permit 2000::/3 le 48
|
|
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 55 deny ::/0 le 128
|
|
!!! ipv6 prefix-list WITV6 seq 10 permit 2604:bbc0::/32 ge 48
|
|
!!! ipv6 prefix-list WITV6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
|
|
!
|
|
route-map EIPv4 permit 5
|
|
match ip address prefix-list WIT-CUSTOMERS
|
|
!
|
|
route-map EIPv6 permit 5
|
|
match ipv6 address prefix-list WIT-CUSTOMERS
|
|
!
|
|
route-map LOCALNETSv4 permit 5
|
|
description "permit loopback ips"
|
|
match ip address prefix-list LOOPBACK
|
|
!
|
|
route-map LOCALNETSv6 permit 5
|
|
description "permit ipv6 loopback ips"
|
|
match ipv6 address prefix-list LOOPBACK
|
|
!
|
|
|
|
|
|
!!! route-map eBGPv4-IN deny 5
|
|
!!! description "deny any incoming private IP blocks"
|
|
!!! match ip address prefix-list rfc1918
|
|
!!! !
|
|
!!! route-map eBGPv4-IN permit 10
|
|
!!! description "Accept all routes advertised to us"
|
|
!!! match ip address prefix-list ALL
|
|
!!! !
|
|
|
|
|
|
!!! route-map eBGPv4-OUT deny 5
|
|
!!! description "deny advertising private IP space"
|
|
!!! match ip address prefix-list rfc1918
|
|
!!! !
|
|
!!! route-map eBGPv4-OUT permit 10
|
|
!!! description "match IP block owned by WIT"
|
|
!!! match ip address prefix-list WITV4-EXACT
|
|
!!! !
|
|
|
|
|
|
!!! route-map eBGPv6-IN permit 5
|
|
!!! description "Accept all routes advertised to us"
|
|
!!! match ipv6 address prefix-list IPV6-EBGP-RELAXED
|
|
!!! !
|
|
|
|
|
|
!!! route-map eBGPv6-OUT permit 5
|
|
!!! description "match IP block owned by WIT"
|
|
!!! match ipv6 address prefix-list WITV6-SUMMARIES
|
|
!!! !
|
|
|
|
|
|
!!! route-map FABRICv4-OUT permit 5
|
|
!!! description "allow default route"
|
|
!!! match ip address prefix-list DEFAULT
|
|
!!! !
|
|
!!! route-map FABRICv4-OUT permit 10
|
|
!!! description "allow loopback IPs"
|
|
!!! match ip address prefix-list LOOPBACK
|
|
!!! !
|
|
!!! route-map FABRICv4-OUT permit 15
|
|
!!! description "allow WIT public IPs"
|
|
!!! match ip address prefix-list WITV4
|
|
!!! !
|
|
|
|
|
|
!!! route-map FABRICv6-OUT permit 5
|
|
!!! description "allow default route"
|
|
!!! match ipv6 address prefix-list DEFAULT
|
|
!!! !
|
|
!!! route-map FABRICv6-OUT permit 10
|
|
!!! description "allow loopback IPs"
|
|
!!! match ipv6 address prefix-list LOOPBACK
|
|
!!! !
|
|
!!! route-map FABRICv6-OUT permit 15
|
|
!!! description "allow WIT public IPs"
|
|
!!! match ipv6 address prefix-list WITV6
|
|
!!! !
|
|
|
|
|
|
!!! route-map GREv4-IN deny 5
|
|
!!! description "deny default route in"
|
|
!!! match ip address prefix-list DEFAULT
|
|
!!! !
|
|
!!! route-map GREv4-IN permit 10
|
|
!!! description "accept all the rest"
|
|
!!! match ip address prefix-list ALL
|
|
!!! !
|
|
|
|
|
|
!!! route-map GREv6-IN deny 5
|
|
!!! description "deny default route in"
|
|
!!! match ipv6 address prefix-list DEFAULT
|
|
!!! !
|
|
!!! route-map GREv6-IN permit 10
|
|
!!! description "accept all the rest"
|
|
!!! match ipv6 address prefix-list ALL
|
|
!!! !
|
|
!
|
|
line vty
|
|
!
|