ASN = "65001" peer1 = "10.1.0.2" peer2 = "10.1.0.3" AS 65001 router-id 127.0.0.1 socket "/var/run/bgpd.sock.0" holdtime min 3 fib-priority 48 rde rib Adj-RIB-In no evaluate rde rib Adj-RIB-Out no evaluate rde rib Loc-RIB rtable 0 fib-update yes prefix-set "mynetworks" { 192.0.2.0/24 } neighbor 10.2.1.1 { remote-as 65023 local-address 10.0.0.8 enforce neighbor-as yes enforce local-as yes ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX announce IPv4 unicast } neighbor 10.0.0.0/24 { descr "template for local peers" enforce neighbor-as no enforce local-as yes announce IPv4 unicast } neighbor 10.0.2.0 { descr "upstream2" remote-as 65004 local-address 10.0.0.8 enforce neighbor-as yes enforce local-as yes ipsec ah ike announce IPv4 unicast } neighbor 10.0.1.0 { descr "upstream" remote-as 65003 multihop 2 passive local-address 10.0.0.8 holdtime 180 holdtime min 3 export none enforce neighbor-as yes enforce local-as yes tcp md5sig announce IPv4 unicast } group "peering AS65002" { neighbor 10.1.0.2 { descr "AS 65001 peer 1" remote-as 65002 enforce neighbor-as yes enforce local-as yes tcp md5sig announce IPv4 unicast } neighbor 10.1.0.3 { descr "AS 65001 peer 2" remote-as 65002 local-address 10.0.0.8 enforce neighbor-as yes enforce local-as yes ipsec esp ike announce IPv4 unicast } } group "peering AS65042" { neighbor 10.2.0.2 { descr "peering AS 65042" remote-as 65042 local-address 10.0.0.8 enforce neighbor-as yes enforce local-as yes ipsec ah ike announce IPv4 unicast } neighbor 10.2.0.1 { descr "peering AS 65042" remote-as 65042 local-address 10.0.0.8 enforce neighbor-as yes enforce local-as yes ipsec ah ike announce IPv4 unicast } } allow from ibgp allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 allow from any prefix ::/0 prefixlen 16 - 48 match from any community 65535:0 set { localpref 0 } allow from any prefix 23.128.0.0/10 prefixlen 24 - 28 deny from any prefix 0.0.0.0/8 prefixlen >= 8 deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 100.64.0.0/10 prefixlen >= 10 deny from any prefix 127.0.0.0/8 prefixlen >= 8 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 192.88.99.0/24 prefixlen >= 24 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 198.18.0.0/15 prefixlen >= 15 deny from any prefix 198.51.100.0/24 prefixlen >= 24 deny from any prefix 203.0.113.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 deny from any prefix ::/8 prefixlen >= 8 deny from any prefix 100::/64 prefixlen >= 64 deny from any prefix 2001:2::/48 prefixlen >= 48 deny from any prefix 2001:10::/28 prefixlen >= 28 deny from any prefix 2001:db8::/32 prefixlen >= 32 deny from any prefix 2002::/16 prefixlen >= 16 deny from any prefix 3ffe::/16 prefixlen >= 16 deny from any prefix fc00::/7 prefixlen >= 7 deny from any prefix fe80::/10 prefixlen >= 10 deny from any prefix fec0::/10 prefixlen >= 10 deny from any prefix ff00::/8 prefixlen >= 8 deny from any AS 23456 deny from any AS 64496 - 64511 deny from any AS 64512 - 65534 deny from any AS 65535 deny from any AS 65536 - 65551 deny from any AS 65552 - 131071 deny from any AS 4200000000 - 4294967294 deny from any AS 4294967295 allow to ibgp allow to ebgp prefix-set "mynetworks" large-community 65001:1:1