You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.6 KiB
34 lines
1.6 KiB
/routing bgp connection
|
|
add address-families=ipv6 as=65000 connect=yes disabled=no hold-time=31s input.filter=core-in keepalive-time=10s listen=no local.address=2a10:f0c0:1::4:666:2004 .role=ebgp name=\
|
|
cr1.tn2.v6 output.filter-chain=core-out .redistribute=connected,static remote.address=2a10:f0c0:1::4:666:1 .as=59811 .ttl=255
|
|
add address-families=ip as=65000 connect=yes disabled=no hold-time=31s input.filter=core-in keepalive-time=10s listen=no local.address=169.254.0.2 .role=ebgp name=cr1.tn2.ipv4 \
|
|
output.filter-chain=core-out .redistribute=connected,static remote.address=169.254.0.1 .as=59811 .ttl=255 routing-table=main
|
|
|
|
/routing filter rule
|
|
add chain=core-out disabled=no rule="if (afi ipv6) {\
|
|
\n if (dst in 2a10:f0c0::/29) {reject}\
|
|
\n if (dst-len <= 52) {accept}\
|
|
\n reject\
|
|
\n}"
|
|
add chain=core-out disabled=no rule="if (afi ipv4) {\
|
|
\n if (dst in 10.0.0.0/8) {reject}\
|
|
\n if (dst in 100.64.0.0/10) {reject}\
|
|
\n if (dst in 172.16.0.0/12) {reject}\
|
|
\n if (dst in 169.254.0.0/16) {reject}\
|
|
\n if (dst in 192.168.0.0/16) {reject}\
|
|
\n if (dst in 193.162.44.0/24) {reject}\
|
|
\n if (dst-len == 32) {accept}\
|
|
\n reject\
|
|
\n}"
|
|
add chain=core-out disabled=no rule="reject;"
|
|
add chain=core-in disabled=no rule="if (afi ipv6) {\
|
|
\n if (dst == ::/0) {accept}\
|
|
\n if (bgp-communities includes 59811:2) {accept}\
|
|
\n reject\
|
|
\n}"
|
|
add chain=core-in disabled=no rule="if (afi ipv4) {\
|
|
\n if (dst == 0.0.0.0/0) {accept}\
|
|
\n if (bgp-communities includes 59811:2) {accept}\
|
|
\n reject\
|
|
\n}"
|
|
add chain=core-in disabled=no rule="reject;"
|