diff options
Diffstat (limited to 'regress/usr.sbin/bgpd/bgpd.conf.example.ok')
| -rw-r--r-- | regress/usr.sbin/bgpd/bgpd.conf.example.ok | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/regress/usr.sbin/bgpd/bgpd.conf.example.ok b/regress/usr.sbin/bgpd/bgpd.conf.example.ok new file mode 100644 index 00000000000..066ea38c3aa --- /dev/null +++ b/regress/usr.sbin/bgpd/bgpd.conf.example.ok @@ -0,0 +1,139 @@ +peer1 = "10.1.0.2" +peer2 = "10.1.0.3" +AS 65001 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +holdtime min 3 +fib-priority 48 + + +rde rib Adj-RIB-In no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + + +neighbor 10.2.1.1 { + remote-as 65023 + local-address 10.0.0.8 + announce self + enforce neighbor-as yes + enforce local-as yes + ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX + ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX + announce IPv4 unicast +} +neighbor 10.0.0.0/24 { + descr "template for local peers" + announce self + enforce neighbor-as no + enforce local-as yes + announce IPv4 unicast +} +neighbor 10.0.2.0 { + descr "upstream2" + remote-as 65004 + local-address 10.0.0.8 + announce self + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast +} +neighbor 10.0.1.0 { + descr "upstream" + remote-as 65003 + multihop 2 + passive + local-address 10.0.0.8 + holdtime 180 + holdtime min 3 + announce none + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast +} +group "peering AS65002" { + neighbor 10.1.0.2 { + descr "AS 65001 peer 1" + remote-as 65002 + announce self + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast + } + neighbor 10.1.0.3 { + descr "AS 65001 peer 2" + remote-as 65002 + local-address 10.0.0.8 + announce all + enforce neighbor-as yes + enforce local-as yes + ipsec esp ike + announce IPv4 unicast + } +} + +group "peering AS65042" { + neighbor 10.2.0.2 { + descr "peering AS 65042" + remote-as 65042 + local-address 10.0.0.8 + announce self + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast + } + neighbor 10.2.0.1 { + descr "peering AS 65042" + remote-as 65042 + local-address 10.0.0.8 + announce self + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast + } +} + + +deny from ebgp +deny to ebgp +allow from ibgp +allow to ibgp +allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 +allow from any prefix ::/0 prefixlen 16 - 48 +match from any community 65535:0 set { localpref 0 } +allow from any prefix 23.128.0.0/10 prefixlen 24 - 28 +deny from any prefix 0.0.0.0/8 prefixlen >= 8 +deny from any prefix 10.0.0.0/8 prefixlen >= 8 +deny from any prefix 100.64.0.0/10 prefixlen >= 10 +deny from any prefix 127.0.0.0/8 prefixlen >= 8 +deny from any prefix 169.254.0.0/16 prefixlen >= 16 +deny from any prefix 172.16.0.0/12 prefixlen >= 12 +deny from any prefix 192.0.2.0/24 prefixlen >= 24 +deny from any prefix 192.168.0.0/16 prefixlen >= 16 +deny from any prefix 198.18.0.0/15 prefixlen >= 15 +deny from any prefix 198.51.100.0/24 prefixlen >= 24 +deny from any prefix 203.0.113.0/24 prefixlen >= 24 +deny from any prefix 224.0.0.0/4 prefixlen >= 4 +deny from any prefix 240.0.0.0/4 prefixlen >= 4 +deny from any prefix ::/8 prefixlen >= 8 +deny from any prefix 100::/64 prefixlen >= 64 +deny from any prefix 2001:2::/48 prefixlen >= 48 +deny from any prefix 2001:10::/28 prefixlen >= 28 +deny from any prefix 2001:db8::/32 prefixlen >= 32 +deny from any prefix 3ffe::/16 prefixlen >= 16 +deny from any prefix fc00::/7 prefixlen >= 7 +deny from any prefix fe80::/10 prefixlen >= 10 +deny from any prefix fec0::/10 prefixlen >= 10 +deny from any prefix ff00::/8 prefixlen >= 8 +deny from any AS 23456 +deny from any AS 64496 - 64511 +deny from any AS 64512 - 65534 +deny from any AS 65535 +deny from any AS 65536 - 65551 +deny from any AS 65552 - 131071 +deny from any AS 4200000000 - 4294967294 +deny from any AS 4294967295 |