Quagga

Attachment 'bgpd.conf'

Download

hostname BGP

log file /var/log/quagga/bgpd.log
log monitor
log stdout
log syslog

password Quagga
enable password Quagga

access-list DN42 permit 172.20.0.0/14
#       Address Allocation for Private Internets
ipv6 access-list DN42 permit fd00::/8
#       Unique Local IPv6 Unicast Addresses

ip as-path access-list DN42 permit ^(424242....)

ip prefix-list DN42 seq 5 permit 172.20.0.0/14 le 31
#       Address Allocation for Private Internets
ipv6 prefix-list DN42 seq 5 permit fd00::/8 le 64
#       Unique Local IPv6 Unicast Addresses

access-list Internet deny 0.0.0.0/8
#       This host on this network
access-list Internet permit 10.0.0.0/8
#       Private-Use
access-list Internet permit 100.64.0.0/10
#       Shared Address Space
access-list Internet deny 127.0.0.0/8
#       Loopback
access-list Internet deny 169.254.0.0/16
#       Link Local
access-list Internet permit 172.16.0.0/12
#       Private-Use
access-list Internet permit 192.0.0.0/29
#       IPv4 Service Continuity Prefix
access-list Internet deny 192.0.0.8/32
#       IPv4 dummy address
access-list Internet permit 192.0.0.9/32
#       Port Control Protocol Anycast
access-list Internet permit 192.0.0.10/32
#       Traversal Using Relays around NAT Anycast
access-list Internet deny 192.0.0.170/32
#       NAT64/DNS64 Discovery
access-list Internet deny 192.0.0.171/32
#       NAT64/DNS64 Discovery
access-list Internet deny 192.0.0.0/24
#       IETF Protocol Assignments
access-list Internet deny 192.0.2.0/24
#       Documentation (TEST-NET-1)
access-list Internet permit 192.31.196.0/24
#       AS112-v4
access-list Internet permit 192.52.193.0/24
#       AMT
access-list Internet deny 192.88.99.0/24
#       Deprecated (6to4 Relay Anycast)
access-list Internet permit 192.168.0.0/16
#       Private-Use
access-list Internet permit 192.175.48.0/24
#       Direct Delegation AS112 Service
access-list Internet permit 198.18.0.0/15
#       Benchmarking
access-list Internet deny 198.51.100.0/24
#       Documentation (TEST-NET-2)
access-list Internet deny 203.0.113.0/24
#       Documentation (TEST-NET-3)
access-list Internet deny 240.0.0.0/4
#       Reserved
access-list Internet deny 255.255.255.255/32
#       Limited Broadcast
access-list Internet permit any
#       RFC 6890; https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
ipv6 access-list Internet deny ::/128
#       Unspecified Address
ipv6 access-list Internet deny ::1/128
#       Loopback Address
ipv6 access-list Internet deny ::ffff:0:0/96
#       IPv4-mapped Address
ipv6 access-list Internet permit 64:ff9b::/96
#       IPv4-IPv6 Translat.
ipv6 access-list Internet permit 64:ff9b:1::/48
#       IPv4-IPv6 Translat.
ipv6 access-list Internet permit 100::/64
#       Discard-Only Address Block
ipv6 access-list Internet permit 2001::/32
#       TEREDO
ipv6 access-list Internet permit 2001:1::1/128
#       Port Control Protocol Anycast
ipv6 access-list Internet permit 2001:1::2/128
#       Traversal Using Relays around NAT Anycast
ipv6 access-list Internet permit 2001:2::/48
#       Benchmarking
ipv6 access-list Internet permit 2001:3::/32
#       AMT
ipv6 access-list Internet permit 2001:4:112::/48
#       AS112-v6
ipv6 access-list Internet permit 2001:5::/32
#       EID Space for LISP (Managed by RIPE NCC)
ipv6 access-list Internet deny 2001:10::/28
#       Deprecated (previously ORCHID)
ipv6 access-list Internet permit 2001:20::/28
#       ORCHIDv2
ipv6 access-list Internet deny 2001:db8::/32
#       Documentation
ipv6 access-list Internet deny 2001::/23
#       IETF Protocol Assignments
ipv6 access-list Internet permit 2002::/16
#       6to4
ipv6 access-list Internet permit 2620:4f:8000::/48
#       Direct Delegation AS112 Service
ipv6 access-list Internet permit fc00::/7
#       Unique-Local
ipv6 access-list Internet deny fe80::/10
#       Link-Local Unicast
ipv6 access-list Internet permit 2000::/3
#       RFC 6890; https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml

ip as-path access-list Internet permit ^()$
ip as-path access-list Internet permit ^(23456)
#       Replace the contents of the parenthesis with the ASN of your peer - Duplicate this line for each of your peers

ip prefix-list Internet seq 5 deny 0.0.0.0/8 ge 8
#       This host on this network
ip prefix-list Internet seq 10 deny 10.0.0.0/8 ge 8
#       Private-Use
ip prefix-list Internet seq 15 deny 100.64.0.0/10 ge 10
#       Shared Address Space
ip prefix-list Internet seq 20 deny 127.0.0.0/8 ge 8
#       Loopback
ip prefix-list Internet seq 25 deny 169.254.0.0/16 ge 16
#       Link Local
ip prefix-list Internet seq 30 deny 172.16.0.0/12 ge 12
#       Private-Use
ip prefix-list Internet seq 35 deny 192.0.0.0/29 ge 29
#       IPv4 Service Continuity Prefix
ip prefix-list Internet seq 40 deny 192.0.0.8/32 ge 32
#       IPv4 dummy address
ip prefix-list Internet seq 45 permit 192.0.0.9/32 le 32
#       Port Control Protocol Anycast
ip prefix-list Internet seq 50 permit 192.0.0.10/32 le 32
#       Traversal Using Relays around NAT Anycast
ip prefix-list Internet seq 55 deny 192.0.0.170/32 ge 32
#       NAT64/DNS64 Discovery
ip prefix-list Internet seq 60 deny 192.0.0.171/32 ge 32
#       NAT64/DNS64 Discovery
ip prefix-list Internet seq 65 deny 192.0.0.0/24 ge 24
#       IETF Protocol Assignments
ip prefix-list Internet seq 70 deny 192.0.2.0/24 ge 24
#       Documentation (TEST-NET-1)
ip prefix-list Internet seq 75 permit 192.31.196.0/24 le 24
#       AS112-v4
ip prefix-list Internet seq 80 permit 192.52.193.0/24 le 24
#       AMT
ip prefix-list Internet seq 85 deny 192.88.99.0/24 ge 24
#       Deprecated (6to4 Relay Anycast)
ip prefix-list Internet seq 90 deny 192.168.0.0/16 ge 16
#       Private-Use
ip prefix-list Internet seq 95 permit 192.175.48.0/24 le 24
#       Direct Delegation AS112 Service
ip prefix-list Internet seq 100 deny 198.18.0.0/15 ge 15
#       Benchmarking
ip prefix-list Internet seq 105 deny 198.51.100.0/24 ge 24
#       Documentation (TEST-NET-2)
ip prefix-list Internet seq 110 deny 203.0.113.0/24 ge 24
#       Documentation (TEST-NET-3)
ip prefix-list Internet seq 115 deny 240.0.0.0/4 ge 4
#       Reserved
ip prefix-list Internet seq 120 deny 255.255.255.255/32 ge 32
#       Limited Broadcast
ip prefix-list Internet seq 125 permit 0.0.0.0/0 le 30
#       RFC 6890; https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
ipv6 prefix-list Internet seq 5 deny ::/128 ge 128
#       Unspecified Address
ipv6 prefix-list Internet seq 10 deny ::1/128 ge 128
#       Loopback Address
ipv6 prefix-list Internet seq 15 deny ::ffff:0:0/96 ge 96
#       IPv4-mapped Address
ipv6 prefix-list Internet seq 20 permit 64:ff9b::/96 le 96
#       IPv4-IPv6 Translat.
ipv6 prefix-list Internet seq 25 deny 64:ff9b:1::/48 ge 48
#       IPv4-IPv6 Translat.
ipv6 prefix-list Internet seq 30 deny 100::/64 ge 64
#       Discard-Only Address Block
ipv6 prefix-list Internet seq 35 deny 2001::/32 ge 32
#       TEREDO
ipv6 prefix-list Internet seq 40 permit 2001:1::1/128 le 128
#       Port Control Protocol Anycast
ipv6 prefix-list Internet seq 45 permit 2001:1::2/128 le 128
#       Traversal Using Relays around NAT Anycast
ipv6 prefix-list Internet seq 50 deny 2001:2::/48 ge 48
#       Benchmarking
ipv6 prefix-list Internet seq 55 permit 2001:3::/32 le 32
#       AMT
ipv6 prefix-list Internet seq 60 permit 2001:4:112::/48 le 48
#       AS112-v6
ipv6 prefix-list Internet seq 65 permit 2001:5::/32 le 32
#       EID Space for LISP (Managed by RIPE NCC)
ipv6 prefix-list Internet seq 70 deny 2001:10::/28 ge 28
#       Deprecated (previously ORCHID)
ipv6 prefix-list Internet seq 75 permit 2001:20::/28 le 28
#       ORCHIDv2
ipv6 prefix-list Internet seq 80 deny 2001:db8::/32 ge 32
#       Documentation
ipv6 prefix-list Internet seq 85 deny 2001::/23 ge 23
#       IETF Protocol Assignments
ipv6 prefix-list Internet seq 90 deny 2002::/16 ge 16
#       6to4
ipv6 prefix-list Internet seq 95 permit 2620:4f:8000::/48 le 48
#       Direct Delegation AS112 Service
ipv6 prefix-list Internet seq 100 deny fc00::/7 ge 7
#       Unique-Local
ipv6 prefix-list Internet seq 105 deny fe80::/10 ge 10
#       Link-Local Unicast
ipv6 prefix-list Internet seq 110 permit 2000::/3 le 56
#       RFC 6890; https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
ipv6 prefix-list Internet seq 115 permit ff3e::/32 ge 96 le 96
#       Source-Specific Multicast
ipv6 prefix-list Internet seq 120 permit ::/0 le 64
#       RFC 6890; https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml

bgp multiple-instance

router bgp 4242420017
#       When this Autonomous System Number equals the neighbour's "remote-as" the adjacency will be IBGP otherwise the adjacency will be EBGP; legal values include 64512 through 65534 and 4200000000 through 4294967294 for peers inside of the confederation, or the Autonomous System Number can be the same as the "bgp confederation identifier" for this router to announce this confederation more widely
no bgp always-compare-med
#       This parameter must be configured consistently across the AS
bgp bestpath as-path confed
bgp bestpath as-path multipath-relax
bgp client-to-client reflection
#       This is redundant until "route-reflector-client" is configured
# bgp confederation identifier 4242420017
#       This is the Autonomous System Number we'll be known externally as
# bgp confederation peers 23456
#       These are the Autonomous System Numbers inside of this confederation, possible values include 23456 and Private ASNs 64512 through 65534 and 4200000000 through 4294967294
no bgp default ipv4-unicast
no bgp deterministic-med
#       Do you trust all of your neighbours to insert equivalent values?
bgp enforce-first-as
#       This ensures that our neighbours are not using an ASN other than that by which we know them as
#       This must be deconfigured when connected to a Route Server
bgp fast-external-failover
bgp graceful-restart
bgp log-neighbor-changes
bgp network import-check
maximum-paths 64
maximum-paths ibgp 64
redistribute babel
# redistribute connected
redistribute isis
# redistribute kernel
redistribute ospf
redistribute rip
# redistribute static

neighbor AS_TRANS peer-group
neighbor AS_TRANS remote-as 4242420017
neighbor AS_TRANS activate
neighbor AS_TRANS allowas-in 1
#       How loopy shalt we be?
neighbor AS_TRANS attribute-unchanged
neighbor AS_TRANS capability dynamic
neighbor AS_TRANS capability orf prefix-list both
neighbor AS_TRANS capability route-refresh
neighbor AS_TRANS filter-list DN42 in
#       This utilises the "access-list"
neighbor AS_TRANS filter-list DN42 out
#       This utilises the "access-list"
neighbor AS_TRANS filter-list Internet in
#       This utilises the "access-list"
neighbor AS_TRANS filter-list Internet out
#       This utilises the "access-list"
# neighbor AS_TRANS next-hop-self
#       This must not be configured when "route-reflector-client" is
#       This must not be configured when more than two EBGP peers are within the same broadcast domain
#       This must be configured when connected to a Non-Broadcast Multiple Access network that is not any-to-any
neighbor AS_TRANS local-as 23456 no-prepend
neighbor AS_TRANS password Quagga
neighbor AS_TRANS prefix-list DN42 in
neighbor AS_TRANS prefix-list DN42 out
neighbor AS_TRANS prefix-list Internet in
neighbor AS_TRANS prefix-list Internet out
# neighbor AS_TRANS route-reflector-client
#       A Route Reflector is an alternative to full mesh IBGP, where it is akin to a Bridge in a spanning tree, in this instance there is a Route Reflector at every branch
# neighbor AS_TRANS route-server-client
#       A Route Server concerns only EBGP peering, and only makes sense when combined with "route-map" directives
neighbor AS_TRANS send-community both
neighbor AS_TRANS soft-reconfiguration inbound
neighbor AS_TRANS ttl-security hops 1
# neighbor <IP> peer-group AS_TRANS
# neighbor <IP> peer-group AS_TRANS

address-family ipv4 multicast
aggregate-address 232.0.0.0/8 as-set
#       Source-Specific Multicast
neighbor AS_TRANS activate
network 224.0.0.0/4 backdoor pathlimit 255
#       Cold Potato
exit-address-family

address-family ipv4 unicast
neighbor AS_TRANS activate
network 0.0.0.0/1 backdoor pathlimit 255
#       Cold Potato
network 128.0.0.0/2 backdoor pathlimit 255
#       Cold Potato
network 192.0.0.0/3 backdoor pathlimit 255
#       Cold Potato
exit-address-family

address-family ipv6 multicast
# aggregate-address ff0e::/16 as-set
#       Global Scope
#       Not implemented
# aggregate-address ff3e::/32 as-set
#       Source-Specific Multicast
#       Not implemented
neighbor AS_TRANS activate
# network ff00::/8 backdoor pathlimit 255
#       Cold potato
#       Not implemented
exit-address-family

address-family ipv6 unicast
neighbor AS_TRANS activate
# network 2000::/3 backdoor pathlimit 255
#       Cold Potato
#       Not implemented
redistribute babel
# redistribute connected
redistribute isis
# redistribute kernel
redistribute ospf6
redistribute ripng
# redistribute static
exit-address-family

Attached Files

To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.
  • [get | view] (2018-08-20 10:53:51, 0.5 KB) [[attachment:babeld.conf]]
  • [get | view] (2018-08-22 09:14:47, 12.4 KB) [[attachment:bgpd.conf]]
  • [get | view] (2018-08-20 10:50:43, 1.6 KB) [[attachment:isisd.conf]]
  • [get | view] (2018-08-20 10:50:58, 0.5 KB) [[attachment:ospf6d.conf]]
  • [get | view] (2018-08-20 10:51:12, 0.9 KB) [[attachment:ospfd.conf]]
  • [get | view] (2017-07-30 07:56:54, 0.2 KB) [[attachment:pimd.conf]]
  • [get | view] (2018-08-20 10:51:59, 0.7 KB) [[attachment:ripd.conf]]
  • [get | view] (2018-08-20 10:52:16, 0.4 KB) [[attachment:ripngd.conf]]
  • [get | view] (2009-02-18 08:12:11, 0.1 KB) [[attachment:vtysh.conf]]
  • [get | view] (2018-09-08 03:40:26, 0.6 KB) [[attachment:zebra.conf]]
 All files | Selected Files: delete move to page

You are not allowed to attach a file to this page.