From: claudio Date: Fri, 7 Sep 2018 08:38:35 +0000 (+0000) Subject: Move the config regress tests into own directory making space for additional X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a85e7737231e4c2197ad73405e7cff27ec993b3b;p=openbsd Move the config regress tests into own directory making space for additional unittests and maybe more. bgpd needs more test coverage. Discussed with bluhm@ --- diff --git a/regress/usr.sbin/bgpd/Makefile b/regress/usr.sbin/bgpd/Makefile index 84bc623dafc..7c49f201edf 100644 --- a/regress/usr.sbin/bgpd/Makefile +++ b/regress/usr.sbin/bgpd/Makefile @@ -1,37 +1,6 @@ -# $OpenBSD: Makefile,v 1.3 2018/09/06 15:55:30 benno Exp $ +# $OpenBSD: Makefile,v 1.4 2018/09/07 08:38:35 claudio Exp $ -BGPDTESTS=1 2 +SUBDIR += config +#SUBDIR += unittests -REGRESS_TARGETS = config - -.for n in ${BGPDTESTS} -BGPD_TARGETS+=bgpd${n} -BGPD_UPDATES+=bgpd${n}-update - -bgpd${n}: - bgpd -nv -f /dev/stdin < ${.CURDIR}/bgpd.conf.${n}.in | \ - sed 's/router-id .*/router-id 127.0.0.1/' | \ - diff -u ${.CURDIR}/bgpd.conf.${n}.ok /dev/stdin - -bgpd${n}-update: - bgpd -nv -f /dev/stdin < ${.CURDIR}/bgpd.conf.${n}.in | \ - sed 's/router-id .*/router-id 127.0.0.1/' > \ - ${.CURDIR}/bgpd.conf.${n}.ok -.endfor - -config: bgpd-example bgpd-printconf ${BGPD_TARGETS} -bgpd-update: ${BGPD_UPDATES} - -# check that the example configuration file we ship is ok -bgpd-example: - bgpd -nf ${.CURDIR}/../../../etc/examples/bgpd.conf - -# check that the output of bgpd -nvv is parseable -bgpd-printconf: - bgpd -nvf ${.CURDIR}/bgpd.conf.printconf | \ - bgpd -nf /dev/stdin - -clean: - rm -f bgpd.conf.printconf.test - -.include +.include diff --git a/regress/usr.sbin/bgpd/bgpd.conf.1.in b/regress/usr.sbin/bgpd/bgpd.conf.1.in deleted file mode 100644 index 6806b1f0523..00000000000 --- a/regress/usr.sbin/bgpd/bgpd.conf.1.in +++ /dev/null @@ -1,4 +0,0 @@ -# $OpenBSD: bgpd.conf.1.in,v 1.1 2017/10/05 08:19:24 phessler Exp $ -# Only test the bare minimum configuration - -AS 1 diff --git a/regress/usr.sbin/bgpd/bgpd.conf.1.ok b/regress/usr.sbin/bgpd/bgpd.conf.1.ok deleted file mode 100644 index f34143167b3..00000000000 --- a/regress/usr.sbin/bgpd/bgpd.conf.1.ok +++ /dev/null @@ -1,13 +0,0 @@ -AS 1 -router-id 127.0.0.1 -socket "/var/run/bgpd.sock.0" -holdtime min 3 -fib-priority 48 - - -rde rib Adj-RIB-In no evaluate -rde rib Adj-RIB-Out no evaluate -rde rib Loc-RIB rtable 0 fib-update yes - - - diff --git a/regress/usr.sbin/bgpd/bgpd.conf.2.in b/regress/usr.sbin/bgpd/bgpd.conf.2.in deleted file mode 100644 index 978146816e8..00000000000 --- a/regress/usr.sbin/bgpd/bgpd.conf.2.in +++ /dev/null @@ -1,12 +0,0 @@ -# $OpenBSD: bgpd.conf.2.in,v 1.1 2017/10/05 08:19:24 phessler Exp $ -# Test various community related filter parsing - -AS 1 - -allow from any community local-as:neighbor-as -allow from any ext-community rt 1:2 -allow from any ext-community l2vid 192.0.2.1:2 -allow from any ext-community ovs valid -allow from any ext-community ovs invalid -allow from any ext-community ovs not-found -allow from any large-community local-as:neighbor-as:* diff --git a/regress/usr.sbin/bgpd/bgpd.conf.2.ok b/regress/usr.sbin/bgpd/bgpd.conf.2.ok deleted file mode 100644 index c8f94fff881..00000000000 --- a/regress/usr.sbin/bgpd/bgpd.conf.2.ok +++ /dev/null @@ -1,20 +0,0 @@ -AS 1 -router-id 127.0.0.1 -socket "/var/run/bgpd.sock.0" -holdtime min 3 -fib-priority 48 - - -rde rib Adj-RIB-In no evaluate -rde rib Adj-RIB-Out no evaluate -rde rib Loc-RIB rtable 0 fib-update yes - - - -allow from any community local-as:neighbor-as -allow from any ext-community rt 1:2 -allow from any ext-community l2vid 192.0.2.1:2 -allow from any ext-community ovs valid -allow from any ext-community ovs invalid -allow from any ext-community ovs not-found -allow from any large-community local-as:neighbor-as:* diff --git a/regress/usr.sbin/bgpd/bgpd.conf.example.ok b/regress/usr.sbin/bgpd/bgpd.conf.example.ok deleted file mode 100644 index b0e07055d65..00000000000 --- a/regress/usr.sbin/bgpd/bgpd.conf.example.ok +++ /dev/null @@ -1,137 +0,0 @@ -ASN = "65001" -peer1 = "10.1.0.2" -peer2 = "10.1.0.3" -AS 65001 -router-id 127.0.0.1 -socket "/var/run/bgpd.sock.0" -holdtime min 3 -fib-priority 48 - - -rde rib Adj-RIB-In no evaluate -rde rib Adj-RIB-Out no evaluate -rde rib Loc-RIB rtable 0 fib-update yes - -prefix-set "mynetworks" { 192.0.2.0/24 } - - -neighbor 10.2.1.1 { - remote-as 65023 - local-address 10.0.0.8 - enforce neighbor-as yes - enforce local-as yes - ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX - ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX - announce IPv4 unicast -} -neighbor 10.0.0.0/24 { - descr "template for local peers" - enforce neighbor-as no - enforce local-as yes - announce IPv4 unicast -} -neighbor 10.0.2.0 { - descr "upstream2" - remote-as 65004 - local-address 10.0.0.8 - enforce neighbor-as yes - enforce local-as yes - ipsec ah ike - announce IPv4 unicast -} -neighbor 10.0.1.0 { - descr "upstream" - remote-as 65003 - multihop 2 - passive - local-address 10.0.0.8 - holdtime 180 - holdtime min 3 - export none - enforce neighbor-as yes - enforce local-as yes - tcp md5sig - announce IPv4 unicast -} -group "peering AS65002" { - neighbor 10.1.0.2 { - descr "AS 65001 peer 1" - remote-as 65002 - enforce neighbor-as yes - enforce local-as yes - tcp md5sig - announce IPv4 unicast - } - neighbor 10.1.0.3 { - descr "AS 65001 peer 2" - remote-as 65002 - local-address 10.0.0.8 - enforce neighbor-as yes - enforce local-as yes - ipsec esp ike - announce IPv4 unicast - } -} - -group "peering AS65042" { - neighbor 10.2.0.2 { - descr "peering AS 65042" - remote-as 65042 - local-address 10.0.0.8 - enforce neighbor-as yes - enforce local-as yes - ipsec ah ike - announce IPv4 unicast - } - neighbor 10.2.0.1 { - descr "peering AS 65042" - remote-as 65042 - local-address 10.0.0.8 - enforce neighbor-as yes - enforce local-as yes - ipsec ah ike - announce IPv4 unicast - } -} - - -allow from ibgp -allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 -allow from any prefix ::/0 prefixlen 16 - 48 -match from any community 65535:0 set { localpref 0 } -allow from any prefix 23.128.0.0/10 prefixlen 24 - 28 -deny from any prefix 0.0.0.0/8 prefixlen >= 8 -deny from any prefix 10.0.0.0/8 prefixlen >= 8 -deny from any prefix 100.64.0.0/10 prefixlen >= 10 -deny from any prefix 127.0.0.0/8 prefixlen >= 8 -deny from any prefix 169.254.0.0/16 prefixlen >= 16 -deny from any prefix 172.16.0.0/12 prefixlen >= 12 -deny from any prefix 192.0.2.0/24 prefixlen >= 24 -deny from any prefix 192.88.99.0/24 prefixlen >= 24 -deny from any prefix 192.168.0.0/16 prefixlen >= 16 -deny from any prefix 198.18.0.0/15 prefixlen >= 15 -deny from any prefix 198.51.100.0/24 prefixlen >= 24 -deny from any prefix 203.0.113.0/24 prefixlen >= 24 -deny from any prefix 224.0.0.0/4 prefixlen >= 4 -deny from any prefix 240.0.0.0/4 prefixlen >= 4 -deny from any prefix ::/8 prefixlen >= 8 -deny from any prefix 100::/64 prefixlen >= 64 -deny from any prefix 2001:2::/48 prefixlen >= 48 -deny from any prefix 2001:10::/28 prefixlen >= 28 -deny from any prefix 2001:db8::/32 prefixlen >= 32 -deny from any prefix 2002::/16 prefixlen >= 16 -deny from any prefix 3ffe::/16 prefixlen >= 16 -deny from any prefix fc00::/7 prefixlen >= 7 -deny from any prefix fe80::/10 prefixlen >= 10 -deny from any prefix fec0::/10 prefixlen >= 10 -deny from any prefix ff00::/8 prefixlen >= 8 -deny from any AS 23456 -deny from any AS 64496 - 64511 -deny from any AS 64512 - 65534 -deny from any AS 65535 -deny from any AS 65536 - 65551 -deny from any AS 65552 - 131071 -deny from any AS 4200000000 - 4294967294 -deny from any AS 4294967295 -allow to ibgp -allow to ebgp prefix-set "mynetworks" large-community 65001:1:1 diff --git a/regress/usr.sbin/bgpd/bgpd.conf.printconf b/regress/usr.sbin/bgpd/bgpd.conf.printconf deleted file mode 100644 index f02a136b911..00000000000 --- a/regress/usr.sbin/bgpd/bgpd.conf.printconf +++ /dev/null @@ -1,91 +0,0 @@ -ASN = "65001" -AS 65001 -router-id 127.0.0.1 -socket "/var/run/bgpd.sock.0" -holdtime min 3 -fib-priority 48 -network 192.0.2.0/24 set { large-community 65001:1:1 } -network 2001:db8:abcd::/48 set { large-community 65001:1:1 } - - -rde rib Adj-RIB-In no evaluate -rde rib Adj-RIB-Out no evaluate -rde rib Loc-RIB rtable 0 fib-update yes - -prefix-set "mynetworks" { 2001:db8:abcd::/48 192.0.2.0/24 } -prefix-set "mynetworks_orlonger" { 2001:db8:abcd::/48 or-longer 192.0.2.0/24 or-longer } -prefix-set "bogons" { ff00::/8 or-longer fec0::/10 or-longer fe80::/10 or-longer fc00::/7 or-longer 3ffe::/16 or-longer 2002::/16 or-longer 2001:db8::/32 or-longer 2001:10::/28 or-longer 2001:2::/48 or-longer 100::/64 or-longer ::/8 or-longer 240.0.0.0/4 or-longer 224.0.0.0/4 or-longer 203.0.113.0/24 or-longer 198.51.100.0/24 or-longer 198.18.0.0/15 or-longer 192.168.0.0/16 or-longer 192.88.99.0/24 or-longer 192.0.2.0/24 or-longer 172.16.0.0/12 or-longer 169.254.0.0/16 or-longer 127.0.0.0/8 or-longer 100.64.0.0/10 or-longer 10.0.0.0/8 or-longer 0.0.0.0/8 or-longer } - - -group "ibgp mesh v4" { - neighbor 192.0.2.3 { - remote-as 65001 - local-address 192.0.2.1 - enforce neighbor-as no - enforce local-as yes - announce IPv4 unicast - } - neighbor 192.0.2.2 { - remote-as 65001 - local-address 192.0.2.1 - enforce neighbor-as no - enforce local-as yes - announce IPv4 unicast - } -} - -group "ibgp mesh v6" { - neighbor 2001:db8:abcd::3 { - remote-as 65001 - local-address 2001:db8:abcd::1 - enforce neighbor-as no - enforce local-as yes - announce IPv6 unicast - } - neighbor 2001:db8:abcd::2 { - remote-as 65001 - local-address 2001:db8:abcd::1 - enforce neighbor-as no - enforce local-as yes - announce IPv6 unicast - } -} - -group "upstreams" { - neighbor 198.51.100.0 { - descr "IPv4 Transit provider B" - remote-as 65123 - enforce neighbor-as yes - enforce local-as yes - announce IPv4 unicast - } - neighbor 203.0.113.1 { - descr "IPv4 Transit Provider A" - remote-as 65002 - enforce neighbor-as yes - enforce local-as yes - announce IPv4 unicast - } - neighbor 2001:db8:666::2 { - descr "IPv6 Transit provider B" - remote-as 65123 - enforce neighbor-as yes - enforce local-as yes - announce IPv6 unicast - } -} - - -allow to ebgp prefix-set "mynetworks" large-community 65001:1:1 -deny quick from ebgp prefix-set "mynetworks_orlonger" -allow from ibgp -allow to ibgp -match from ebgp set { community delete 65001:* } -match from ebgp set { large-community delete 65001:*:* } -allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 -allow from any prefix ::/0 prefixlen 16 - 48 -match from any community 65535:0 set { localpref 0 } -deny quick from any prefix-set "bogons" -deny quick from any AS 23456 -deny quick from any AS 64496 - 131071 -deny quick from any AS 4200000000 - 4294967295 diff --git a/regress/usr.sbin/bgpd/config/Makefile b/regress/usr.sbin/bgpd/config/Makefile new file mode 100644 index 00000000000..adaac5344b7 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/Makefile @@ -0,0 +1,34 @@ +# $OpenBSD: Makefile,v 1.1 2018/09/07 08:38:35 claudio Exp $ + +BGPDTESTS=1 2 + +REGRESS_TARGETS = config + +.for n in ${BGPDTESTS} +BGPD_TARGETS+=bgpd${n} +BGPD_UPDATES+=bgpd${n}-update + +bgpd${n}: + bgpd -nv -f /dev/stdin < ${.CURDIR}/bgpd.conf.${n}.in | \ + sed 's/router-id .*/router-id 127.0.0.1/' | \ + diff -u ${.CURDIR}/bgpd.conf.${n}.ok /dev/stdin + +bgpd${n}-update: + bgpd -nv -f /dev/stdin < ${.CURDIR}/bgpd.conf.${n}.in | \ + sed 's/router-id .*/router-id 127.0.0.1/' > \ + ${.CURDIR}/bgpd.conf.${n}.ok +.endfor + +config: bgpd-example bgpd-printconf ${BGPD_TARGETS} +bgpd-update: ${BGPD_UPDATES} + +# check that the example configuration file we ship is ok +bgpd-example: + bgpd -nf ${.CURDIR}/../../../../etc/examples/bgpd.conf + +# check that the output of bgpd -nvv is parseable +bgpd-printconf: + bgpd -nvf ${.CURDIR}/bgpd.conf.printconf | \ + bgpd -nf /dev/stdin + +.include diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.1.in b/regress/usr.sbin/bgpd/config/bgpd.conf.1.in new file mode 100644 index 00000000000..d4f0c290463 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.1.in @@ -0,0 +1,4 @@ +# $OpenBSD: bgpd.conf.1.in,v 1.1 2018/09/07 08:38:35 claudio Exp $ +# Only test the bare minimum configuration + +AS 1 diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.1.ok b/regress/usr.sbin/bgpd/config/bgpd.conf.1.ok new file mode 100644 index 00000000000..f34143167b3 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.1.ok @@ -0,0 +1,13 @@ +AS 1 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +holdtime min 3 +fib-priority 48 + + +rde rib Adj-RIB-In no evaluate +rde rib Adj-RIB-Out no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + + + diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.2.in b/regress/usr.sbin/bgpd/config/bgpd.conf.2.in new file mode 100644 index 00000000000..c349315ec0e --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.2.in @@ -0,0 +1,12 @@ +# $OpenBSD: bgpd.conf.2.in,v 1.1 2018/09/07 08:38:35 claudio Exp $ +# Test various community related filter parsing + +AS 1 + +allow from any community local-as:neighbor-as +allow from any ext-community rt 1:2 +allow from any ext-community l2vid 192.0.2.1:2 +allow from any ext-community ovs valid +allow from any ext-community ovs invalid +allow from any ext-community ovs not-found +allow from any large-community local-as:neighbor-as:* diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.2.ok b/regress/usr.sbin/bgpd/config/bgpd.conf.2.ok new file mode 100644 index 00000000000..c8f94fff881 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.2.ok @@ -0,0 +1,20 @@ +AS 1 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +holdtime min 3 +fib-priority 48 + + +rde rib Adj-RIB-In no evaluate +rde rib Adj-RIB-Out no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + + + +allow from any community local-as:neighbor-as +allow from any ext-community rt 1:2 +allow from any ext-community l2vid 192.0.2.1:2 +allow from any ext-community ovs valid +allow from any ext-community ovs invalid +allow from any ext-community ovs not-found +allow from any large-community local-as:neighbor-as:* diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.example.ok b/regress/usr.sbin/bgpd/config/bgpd.conf.example.ok new file mode 100644 index 00000000000..b0e07055d65 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.example.ok @@ -0,0 +1,137 @@ +ASN = "65001" +peer1 = "10.1.0.2" +peer2 = "10.1.0.3" +AS 65001 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +holdtime min 3 +fib-priority 48 + + +rde rib Adj-RIB-In no evaluate +rde rib Adj-RIB-Out no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + +prefix-set "mynetworks" { 192.0.2.0/24 } + + +neighbor 10.2.1.1 { + remote-as 65023 + local-address 10.0.0.8 + enforce neighbor-as yes + enforce local-as yes + ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX + ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX + announce IPv4 unicast +} +neighbor 10.0.0.0/24 { + descr "template for local peers" + enforce neighbor-as no + enforce local-as yes + announce IPv4 unicast +} +neighbor 10.0.2.0 { + descr "upstream2" + remote-as 65004 + local-address 10.0.0.8 + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast +} +neighbor 10.0.1.0 { + descr "upstream" + remote-as 65003 + multihop 2 + passive + local-address 10.0.0.8 + holdtime 180 + holdtime min 3 + export none + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast +} +group "peering AS65002" { + neighbor 10.1.0.2 { + descr "AS 65001 peer 1" + remote-as 65002 + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast + } + neighbor 10.1.0.3 { + descr "AS 65001 peer 2" + remote-as 65002 + local-address 10.0.0.8 + enforce neighbor-as yes + enforce local-as yes + ipsec esp ike + announce IPv4 unicast + } +} + +group "peering AS65042" { + neighbor 10.2.0.2 { + descr "peering AS 65042" + remote-as 65042 + local-address 10.0.0.8 + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast + } + neighbor 10.2.0.1 { + descr "peering AS 65042" + remote-as 65042 + local-address 10.0.0.8 + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast + } +} + + +allow from ibgp +allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 +allow from any prefix ::/0 prefixlen 16 - 48 +match from any community 65535:0 set { localpref 0 } +allow from any prefix 23.128.0.0/10 prefixlen 24 - 28 +deny from any prefix 0.0.0.0/8 prefixlen >= 8 +deny from any prefix 10.0.0.0/8 prefixlen >= 8 +deny from any prefix 100.64.0.0/10 prefixlen >= 10 +deny from any prefix 127.0.0.0/8 prefixlen >= 8 +deny from any prefix 169.254.0.0/16 prefixlen >= 16 +deny from any prefix 172.16.0.0/12 prefixlen >= 12 +deny from any prefix 192.0.2.0/24 prefixlen >= 24 +deny from any prefix 192.88.99.0/24 prefixlen >= 24 +deny from any prefix 192.168.0.0/16 prefixlen >= 16 +deny from any prefix 198.18.0.0/15 prefixlen >= 15 +deny from any prefix 198.51.100.0/24 prefixlen >= 24 +deny from any prefix 203.0.113.0/24 prefixlen >= 24 +deny from any prefix 224.0.0.0/4 prefixlen >= 4 +deny from any prefix 240.0.0.0/4 prefixlen >= 4 +deny from any prefix ::/8 prefixlen >= 8 +deny from any prefix 100::/64 prefixlen >= 64 +deny from any prefix 2001:2::/48 prefixlen >= 48 +deny from any prefix 2001:10::/28 prefixlen >= 28 +deny from any prefix 2001:db8::/32 prefixlen >= 32 +deny from any prefix 2002::/16 prefixlen >= 16 +deny from any prefix 3ffe::/16 prefixlen >= 16 +deny from any prefix fc00::/7 prefixlen >= 7 +deny from any prefix fe80::/10 prefixlen >= 10 +deny from any prefix fec0::/10 prefixlen >= 10 +deny from any prefix ff00::/8 prefixlen >= 8 +deny from any AS 23456 +deny from any AS 64496 - 64511 +deny from any AS 64512 - 65534 +deny from any AS 65535 +deny from any AS 65536 - 65551 +deny from any AS 65552 - 131071 +deny from any AS 4200000000 - 4294967294 +deny from any AS 4294967295 +allow to ibgp +allow to ebgp prefix-set "mynetworks" large-community 65001:1:1 diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.printconf b/regress/usr.sbin/bgpd/config/bgpd.conf.printconf new file mode 100644 index 00000000000..f02a136b911 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.printconf @@ -0,0 +1,91 @@ +ASN = "65001" +AS 65001 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +holdtime min 3 +fib-priority 48 +network 192.0.2.0/24 set { large-community 65001:1:1 } +network 2001:db8:abcd::/48 set { large-community 65001:1:1 } + + +rde rib Adj-RIB-In no evaluate +rde rib Adj-RIB-Out no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + +prefix-set "mynetworks" { 2001:db8:abcd::/48 192.0.2.0/24 } +prefix-set "mynetworks_orlonger" { 2001:db8:abcd::/48 or-longer 192.0.2.0/24 or-longer } +prefix-set "bogons" { ff00::/8 or-longer fec0::/10 or-longer fe80::/10 or-longer fc00::/7 or-longer 3ffe::/16 or-longer 2002::/16 or-longer 2001:db8::/32 or-longer 2001:10::/28 or-longer 2001:2::/48 or-longer 100::/64 or-longer ::/8 or-longer 240.0.0.0/4 or-longer 224.0.0.0/4 or-longer 203.0.113.0/24 or-longer 198.51.100.0/24 or-longer 198.18.0.0/15 or-longer 192.168.0.0/16 or-longer 192.88.99.0/24 or-longer 192.0.2.0/24 or-longer 172.16.0.0/12 or-longer 169.254.0.0/16 or-longer 127.0.0.0/8 or-longer 100.64.0.0/10 or-longer 10.0.0.0/8 or-longer 0.0.0.0/8 or-longer } + + +group "ibgp mesh v4" { + neighbor 192.0.2.3 { + remote-as 65001 + local-address 192.0.2.1 + enforce neighbor-as no + enforce local-as yes + announce IPv4 unicast + } + neighbor 192.0.2.2 { + remote-as 65001 + local-address 192.0.2.1 + enforce neighbor-as no + enforce local-as yes + announce IPv4 unicast + } +} + +group "ibgp mesh v6" { + neighbor 2001:db8:abcd::3 { + remote-as 65001 + local-address 2001:db8:abcd::1 + enforce neighbor-as no + enforce local-as yes + announce IPv6 unicast + } + neighbor 2001:db8:abcd::2 { + remote-as 65001 + local-address 2001:db8:abcd::1 + enforce neighbor-as no + enforce local-as yes + announce IPv6 unicast + } +} + +group "upstreams" { + neighbor 198.51.100.0 { + descr "IPv4 Transit provider B" + remote-as 65123 + enforce neighbor-as yes + enforce local-as yes + announce IPv4 unicast + } + neighbor 203.0.113.1 { + descr "IPv4 Transit Provider A" + remote-as 65002 + enforce neighbor-as yes + enforce local-as yes + announce IPv4 unicast + } + neighbor 2001:db8:666::2 { + descr "IPv6 Transit provider B" + remote-as 65123 + enforce neighbor-as yes + enforce local-as yes + announce IPv6 unicast + } +} + + +allow to ebgp prefix-set "mynetworks" large-community 65001:1:1 +deny quick from ebgp prefix-set "mynetworks_orlonger" +allow from ibgp +allow to ibgp +match from ebgp set { community delete 65001:* } +match from ebgp set { large-community delete 65001:*:* } +allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 +allow from any prefix ::/0 prefixlen 16 - 48 +match from any community 65535:0 set { localpref 0 } +deny quick from any prefix-set "bogons" +deny quick from any AS 23456 +deny quick from any AS 64496 - 131071 +deny quick from any AS 4200000000 - 4294967295