Last active
April 4, 2025 05:00
-
-
Save tuna2134/393bfddf76ea30667095786d93eebde4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router id 192.168.1.1; | |
| log syslog { info, remote, warning, error, debug, auth, fatal, bug }; | |
| log stderr all; | |
| debug protocols {events, states, interfaces}; | |
| graceful restart wait 15; | |
| roa6 table rpki6; | |
| protocol kernel { | |
| ipv6 { | |
| import none; | |
| export filter { | |
| # if (213604, 0, 63798) ~ bgp_large_community then reject; | |
| accept; | |
| }; | |
| }; | |
| learn on; | |
| scan time 10; | |
| graceful restart on; | |
| } | |
| protocol static v6 { | |
| ipv6; | |
| route 2601:1d08:8000::/40 blackhole; | |
| route ::/0 blackhole; | |
| } | |
| protocol device { | |
| scan time 10; | |
| } | |
| protocol rpki cf_rtr { | |
| remote "192.168.83.5"; | |
| port 323; | |
| roa6 { table rpki6; }; | |
| } | |
| protocol ospf v3 { | |
| ipv6 { | |
| import filter { | |
| if source = RTS_BGP then reject; | |
| if net = ::/0 then reject; | |
| accept; | |
| }; | |
| export filter { | |
| if source = RTS_BGP then reject; | |
| accept; | |
| }; | |
| }; | |
| area 0.0.0.0 { | |
| stubnet 2601:1d08:8000::1/128; | |
| interface "lo" { | |
| stub on; | |
| }; | |
| interface "eth1" { | |
| type broadcast; | |
| }; | |
| }; | |
| } | |
| protocol bgp bgp1 { | |
| local 2401:5e40:c600::21:3604:1 as 213604; | |
| neighbor 2401:5e40:c600::6:3798:3 as 63798; | |
| keepalive time 10; | |
| hold time 30; | |
| ipv6 { | |
| import filter { | |
| if bgp_path.len > 64 then reject; | |
| if net ~ [3ffe::/16+, 2001:db8::/32+, 2001::/33+, 2002::/17+, 0000::/8+, fe00::/8+, ::/128-, ::/0{0,15}, ::/0{64,128}] then reject; | |
| if(roa_check(rpki6, net, bgp_path.last_nonaggregated) = ROA_INVALID) then reject; | |
| bgp_large_community.add((213604, 0, 63798)); | |
| accept; | |
| }; | |
| export filter { | |
| if net ~ [2601:1d08:8000::/40] then accept; | |
| reject; | |
| }; | |
| next hop self; | |
| }; | |
| } | |
| protocol bgp bgp2 { | |
| local 2401:5e40:c600::21:3604:1 as 213604; | |
| neighbor 2401:5e40:c600::6:3798:4 as 63798; | |
| keepalive time 10; | |
| hold time 30; | |
| ipv6 { | |
| import filter { | |
| if bgp_path.len > 64 then reject; | |
| if net ~ [3ffe::/16+, 2001:db8::/32+, 2001::/33+, 2002::/17+, 0000::/8+, fe00::/8+, ::/128-, ::/0{0,15}, ::/0{64,128}] then reject; | |
| if(roa_check(rpki6, net, bgp_path.last_nonaggregated) = ROA_INVALID) then reject; | |
| bgp_large_community.add((213604, 0, 63798)); | |
| accept; | |
| }; | |
| export filter { | |
| if net ~ [2601:1d08:8000::/40] then accept; | |
| reject; | |
| }; | |
| next hop self; | |
| }; | |
| } | |
| protocol bgp bgp_l { | |
| local 2601:1d08:8000::1 as 213604; | |
| neighbor 2601:1d08:8000::2 as 213604; | |
| rr client; | |
| ipv6 { | |
| import all; | |
| export all; | |
| next hop self; | |
| }; | |
| } | |
| protocol bgp bgp_l2 { | |
| local 2601:1d08:8000::1 as 213604; | |
| neighbor 2601:1d08:8000::3 as 213604; | |
| ipv6 { | |
| import all; | |
| export filter { | |
| if bgp_path.first != 213604 then accept; | |
| # if bgp_large_community ~ [(213604, 0, 63798)] then accept; | |
| reject; | |
| }; | |
| next hop self; | |
| }; | |
| } | |
| protocol bgp bgp_l3 { | |
| local 2601:1d08:8000::1 as 213604; | |
| neighbor 2601:1d08:8000::4 as 213604; | |
| ipv6 { | |
| import all; | |
| export filter { | |
| if bgp_path.first != 213604 then accept; | |
| # if bgp_large_community ~ [(213604, 0, 63798)] then accept; | |
| reject; | |
| }; | |
| next hop self; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment