-
Notifications
You must be signed in to change notification settings - Fork 122
/
bgpd.conf.j2
71 lines (60 loc) · 1.61 KB
/
bgpd.conf.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
AS 199036
socket "/var/run/bgpd.rsock.0" restricted
fib-update no
reject as-set no
rtr 127.0.0.1
group "peers" {
multihop 255
export none
announce add-path recv yes
role customer
{% for peer in lg_peers %}
{% if lg_peers[peer].ipv4|default(None) %}
neighbor {{ lg_peers[peer].ipv4 }} {
descr "{{ peer }}-v4"
remote-as {{ lg_peers[peer].asn }}
}
{% endif %}
{% if lg_peers[peer].ipv6|default(None) %}
neighbor {{ lg_peers[peer].ipv6 }} {
descr "{{ peer }}-v6"
remote-as {{ lg_peers[peer].asn }}
}
{% endif %}
{% endfor %}
}
group "readonly_peers" {
multihop 255
announce add-path send all
{% for peer in readonly_peers %}
{% if readonly_peers[peer].ipv4|default(None) %}
neighbor {{ readonly_peers[peer].ipv4 }} {
descr "firehose-{{ peer }}-v4"
remote-as {{ readonly_peers[peer].asn }}
}
{% endif %}
{% if readonly_peers[peer].ipv6|default(None) %}
neighbor {{ readonly_peers[peer].ipv6 }} {
descr "firehose-{{ peer }}-v6"
remote-as {{ readonly_peers[peer].asn }}
}
{% endif %}
{% endfor %}
}
group "aspa_test" {
multihop 255
announce add-path send best plus 2
remote-as 15562
neighbor 45.138.228.4
neighbor 2a10:3781:276::1
}
# allow anything from regular peers, but never send them any route
# the send filter is here for protection, by default peers use export none
allow from group peers
deny to group peers
# send everything to firehose peers, accept nothing
deny from group readonly_peers
allow to group readonly_peers
# # send to ASPA testbed
deny from group aspa_test
allow to group aspa_test