-
Notifications
You must be signed in to change notification settings - Fork 184
/
autovpn-rr2.yml
154 lines (154 loc) · 3.1 KB
/
autovpn-rr2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
hostname: autovpn-rr2
is_deployed: true
router_bgp:
as: '65000'
router_id: 192.168.31.2
bgp:
default:
ipv4_unicast: false
maximum_paths:
paths: 4
ecmp: 4
updates:
wait_install: true
bgp_cluster_id: 192.168.31.2
listen_ranges:
- prefix: 192.168.30.0/24
peer_group: WAN-OVERLAY-PEERS
remote_as: '65000'
peer_groups:
- name: WAN-OVERLAY-PEERS
type: wan
update_source: Loopback0
bfd: true
password: htm4AZe9mIQOO1uiMuGgYQ==
send_community: all
maximum_routes: 0
remote_as: '65000'
route_reflector_client: true
- name: RR-OVERLAY-PEERS
type: wan
update_source: Loopback0
bfd: true
send_community: all
maximum_routes: 0
remote_as: '65000'
address_family_evpn:
peer_groups:
- name: WAN-OVERLAY-PEERS
activate: true
- name: RR-OVERLAY-PEERS
activate: true
next_hop:
resolution_disabled: true
address_family_ipv4:
peer_groups:
- name: WAN-OVERLAY-PEERS
activate: false
- name: RR-OVERLAY-PEERS
activate: false
address_family_path_selection:
peer_groups:
- name: WAN-OVERLAY-PEERS
activate: true
- name: RR-OVERLAY-PEERS
activate: true
bgp:
additional_paths:
receive: true
send:
any: true
neighbors:
- ip_address: 192.168.31.1
peer_group: RR-OVERLAY-PEERS
peer: autovpn-rr1
description: autovpn-rr1
service_routing_protocols_model: multi-agent
ip_routing: true
vlan_internal_order:
allocation: ascending
range:
beginning: 1006
ending: 1199
spanning_tree:
mode: none
vrfs:
- name: MGMT
ip_routing: false
management_api_http:
enable_vrfs:
- name: MGMT
enable_https: true
loopback_interfaces:
- name: Loopback0
description: Router_ID
shutdown: false
ip_address: 192.168.31.2/32
ip_security:
ike_policies:
- name: AUTOVPN-IKE
local_id: 192.168.31.2
sa_policies:
- name: AUTOVPN-SA
profiles:
- name: AUTOVPN
ike_policy: AUTOVPN-IKE
sa_policy: AUTOVPN-SA
connection: start
shared_key: ABCDEF1234567890
dpd:
interval: 10
time: 50
action: clear
mode: transport
router_bfd:
multihop:
interval: 300
min_rx: 300
multiplier: 3
router_path_selection:
path_groups:
- name: INET
id: 101
local_interfaces:
- name: Ethernet1
ipsec_profile: AUTOVPN
load_balance_policies:
- name: LBPOLICY
path_groups:
- name: INET
policies:
- name: dps-policy-default
default_match:
load_balance: LBPOLICY
vrfs:
- name: default
path_selection_policy: dps-policy-default
peer_dynamic_source: stun
stun:
server:
local_interfaces:
- Ethernet1
ethernet_interfaces:
- name: Ethernet1
peer_type: l3_interface
ip_address: 10.8.8.8/31
shutdown: false
type: routed
static_routes:
- destination_address_prefix: 0.0.0.0/0
gateway: 10.8.8.9
dps_interfaces:
- name: Dps1
description: DPS Interface
tcp_mss_ceiling:
ipv4: 1000
vxlan_interface:
Vxlan1:
description: autovpn-rr2_VTEP
vxlan:
udp_port: 4789
source_interface: Loopback0
vrfs:
- name: default
vni: 1