ASN = "65001"
peer1 = "10.1.0.2"
peer2 = "10.1.0.3"
AS 65001
router-id 127.0.0.1
socket "/var/run/bgpd.sock.0"
holdtime min 3
fib-priority 48


rde rib Adj-RIB-In no evaluate
rde rib Adj-RIB-Out no evaluate
rde rib Loc-RIB rtable 0 fib-update yes

prefix-set "mynetworks" { 192.0.2.0/24  }


neighbor 10.2.1.1 {
	remote-as 65023
	local-address 10.0.0.8
	enforce neighbor-as yes
	enforce local-as yes
	ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX
	ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX
	announce IPv4 unicast
}
neighbor 10.0.0.0/24 {
	descr "template for local peers"
	enforce neighbor-as no
	enforce local-as yes
	announce IPv4 unicast
}
neighbor 10.0.2.0 {
	descr "upstream2"
	remote-as 65004
	local-address 10.0.0.8
	enforce neighbor-as yes
	enforce local-as yes
	ipsec ah ike
	announce IPv4 unicast
}
neighbor 10.0.1.0 {
	descr "upstream"
	remote-as 65003
	multihop 2
	passive
	local-address 10.0.0.8
	holdtime 180
	holdtime min 3
	export none
	enforce neighbor-as yes
	enforce local-as yes
	tcp md5sig
	announce IPv4 unicast
}
group "peering AS65002" {
	neighbor 10.1.0.2 {
		descr "AS 65001 peer 1"
		remote-as 65002
		enforce neighbor-as yes
		enforce local-as yes
		tcp md5sig
		announce IPv4 unicast
	}
	neighbor 10.1.0.3 {
		descr "AS 65001 peer 2"
		remote-as 65002
		local-address 10.0.0.8
		enforce neighbor-as yes
		enforce local-as yes
		ipsec esp ike
		announce IPv4 unicast
	}
}

group "peering AS65042" {
	neighbor 10.2.0.2 {
		descr "peering AS 65042"
		remote-as 65042
		local-address 10.0.0.8
		enforce neighbor-as yes
		enforce local-as yes
		ipsec ah ike
		announce IPv4 unicast
	}
	neighbor 10.2.0.1 {
		descr "peering AS 65042"
		remote-as 65042
		local-address 10.0.0.8
		enforce neighbor-as yes
		enforce local-as yes
		ipsec ah ike
		announce IPv4 unicast
	}
}


allow from ibgp 
allow from any prefix 0.0.0.0/0 prefixlen 8 - 24 
allow from any prefix ::/0 prefixlen 16 - 48 
match from any community 65535:0 set { localpref 0 }
allow from any prefix 23.128.0.0/10 prefixlen 24 - 28 
deny from any prefix 0.0.0.0/8 prefixlen >= 8 
deny from any prefix 10.0.0.0/8 prefixlen >= 8 
deny from any prefix 100.64.0.0/10 prefixlen >= 10 
deny from any prefix 127.0.0.0/8 prefixlen >= 8 
deny from any prefix 169.254.0.0/16 prefixlen >= 16 
deny from any prefix 172.16.0.0/12 prefixlen >= 12 
deny from any prefix 192.0.2.0/24 prefixlen >= 24 
deny from any prefix 192.88.99.0/24 prefixlen >= 24 
deny from any prefix 192.168.0.0/16 prefixlen >= 16 
deny from any prefix 198.18.0.0/15 prefixlen >= 15 
deny from any prefix 198.51.100.0/24 prefixlen >= 24 
deny from any prefix 203.0.113.0/24 prefixlen >= 24 
deny from any prefix 224.0.0.0/4 prefixlen >= 4 
deny from any prefix 240.0.0.0/4 prefixlen >= 4 
deny from any prefix ::/8 prefixlen >= 8 
deny from any prefix 100::/64 prefixlen >= 64 
deny from any prefix 2001:2::/48 prefixlen >= 48 
deny from any prefix 2001:10::/28 prefixlen >= 28 
deny from any prefix 2001:db8::/32 prefixlen >= 32 
deny from any prefix 2002::/16 prefixlen >= 16 
deny from any prefix 3ffe::/16 prefixlen >= 16 
deny from any prefix fc00::/7 prefixlen >= 7 
deny from any prefix fe80::/10 prefixlen >= 10 
deny from any prefix fec0::/10 prefixlen >= 10 
deny from any prefix ff00::/8 prefixlen >= 8 
deny from any AS 23456 
deny from any AS 64496 - 64511 
deny from any AS 64512 - 65534 
deny from any AS 65535 
deny from any AS 65536 - 65551 
deny from any AS 65552 - 131071 
deny from any AS 4200000000 - 4294967294 
deny from any AS 4294967295 
allow to ibgp 
allow to ebgp prefix-set "mynetworks" large-community 65001:1:1