+++ /dev/null
-ASN = "65001"
-peer1 = "10.1.0.2"
-peer2 = "10.1.0.3"
-AS 65001
-router-id 127.0.0.1
-socket "/var/run/bgpd.sock.0"
-
-
-prefix-set "mynetworks" { 192.0.2.0/24 }
-
-
-rde rib Adj-RIB-In no evaluate
-rde rib Loc-RIB rtable 0 fib-update yes
-
-neighbor 10.2.1.1 {
- remote-as 65023
- local-address 10.0.0.8
- enforce neighbor-as yes
- enforce local-as yes
- ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX
- ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX
- announce IPv4 unicast
-}
-neighbor 10.0.0.0/24 {
- descr "template for local peers"
- enforce neighbor-as no
- enforce local-as yes
- announce IPv4 unicast
-}
-neighbor 10.0.2.0 {
- descr "upstream2"
- remote-as 65004
- local-address 10.0.0.8
- enforce neighbor-as yes
- enforce local-as yes
- ipsec ah ike
- announce IPv4 unicast
-}
-neighbor 10.0.1.0 {
- descr "upstream"
- remote-as 65003
- multihop 2
- passive
- local-address 10.0.0.8
- holdtime 180
- holdtime min 3
- export none
- enforce neighbor-as yes
- enforce local-as yes
- tcp md5sig
- announce IPv4 unicast
-}
-group "peering AS65002" {
- neighbor 10.1.0.2 {
- descr "AS 65001 peer 1"
- remote-as 65002
- enforce neighbor-as yes
- enforce local-as yes
- tcp md5sig
- announce IPv4 unicast
- }
- neighbor 10.1.0.3 {
- descr "AS 65001 peer 2"
- remote-as 65002
- local-address 10.0.0.8
- enforce neighbor-as yes
- enforce local-as yes
- ipsec esp ike
- announce IPv4 unicast
- }
-}
-
-group "peering AS65042" {
- neighbor 10.2.0.2 {
- descr "peering AS 65042"
- remote-as 65042
- local-address 10.0.0.8
- enforce neighbor-as yes
- enforce local-as yes
- ipsec ah ike
- announce IPv4 unicast
- }
- neighbor 10.2.0.1 {
- descr "peering AS 65042"
- remote-as 65042
- local-address 10.0.0.8
- enforce neighbor-as yes
- enforce local-as yes
- ipsec ah ike
- announce IPv4 unicast
- }
-}
-
-
-allow from ibgp
-allow from any prefix 0.0.0.0/0 prefixlen 8 - 24
-allow from any prefix ::/0 prefixlen 16 - 48
-match from any community 65535:0 set { localpref 0 }
-allow from any prefix 23.128.0.0/10 prefixlen 24 - 28
-deny from any prefix 0.0.0.0/8 prefixlen >= 8
-deny from any prefix 10.0.0.0/8 prefixlen >= 8
-deny from any prefix 100.64.0.0/10 prefixlen >= 10
-deny from any prefix 127.0.0.0/8 prefixlen >= 8
-deny from any prefix 169.254.0.0/16 prefixlen >= 16
-deny from any prefix 172.16.0.0/12 prefixlen >= 12
-deny from any prefix 192.0.2.0/24 prefixlen >= 24
-deny from any prefix 192.88.99.0/24 prefixlen >= 24
-deny from any prefix 192.168.0.0/16 prefixlen >= 16
-deny from any prefix 198.18.0.0/15 prefixlen >= 15
-deny from any prefix 198.51.100.0/24 prefixlen >= 24
-deny from any prefix 203.0.113.0/24 prefixlen >= 24
-deny from any prefix 224.0.0.0/4 prefixlen >= 4
-deny from any prefix 240.0.0.0/4 prefixlen >= 4
-deny from any prefix ::/8 prefixlen >= 8
-deny from any prefix 100::/64 prefixlen >= 64
-deny from any prefix 2001:2::/48 prefixlen >= 48
-deny from any prefix 2001:10::/28 prefixlen >= 28
-deny from any prefix 2001:db8::/32 prefixlen >= 32
-deny from any prefix 2002::/16 prefixlen >= 16
-deny from any prefix 3ffe::/16 prefixlen >= 16
-deny from any prefix fc00::/7 prefixlen >= 7
-deny from any prefix fe80::/10 prefixlen >= 10
-deny from any prefix fec0::/10 prefixlen >= 10
-deny from any prefix ff00::/8 prefixlen >= 8
-deny from any AS 23456
-deny from any AS 64496 - 64511
-deny from any AS 64512 - 65534
-deny from any AS 65535
-deny from any AS 65536 - 65551
-deny from any AS 65552 - 131071
-deny from any AS 4200000000 - 4294967294
-deny from any AS 4294967295
-allow to ibgp
-allow to ebgp prefix-set "mynetworks" large-community 65001:1:1
projects / openbsd / commitdiff