interfaces { {% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %} {% if iface_data['form_factor']['label'] != 'Virtual' and not iface_data[ 'mgmt_only' ] %} ethernet {{ iface_name }} { {% for address in iface_data['addresses'] %} address {{ address['address'] }} {% endfor %} duplex auto policy { } smp-affinity auto speed auto } {% endif %} {% endfor %} ethernet eth0 { address 10.13.0.56/22 hw-id ac:1f:6b:94:1f:58 } ethernet eth1 { address 185.1.101.32/24 address 2001:7f8:bc::4:1495:1/64 duplex auto hw-id ac:1f:6b:94:1f:59 ipv6 { ospfv3 { passive } } smp-affinity auto speed auto } ethernet eth2 { duplex auto hw-id 3c:fd:fe:d0:20:20 smp-affinity auto speed auto } ethernet eth3 { address 46.227.200.106/26 address 2a01:9e00:a217:0d00::46.227.200.106/64 duplex auto hw-id 3c:fd:fe:d0:20:21 ip { ospf { cost 1 dead-interval 40 hello-interval 10 network broadcast priority 1 retransmit-interval 5 transmit-delay 1 } } ipv6 { dup-addr-detect-transmits 1 ospfv3 { cost 40 dead-interval 40 hello-interval 10 instance-id 0 priority 1 retransmit-interval 5 transmit-delay 1 } } smp-affinity auto speed auto } ethernet eth4 { duplex auto hw-id 3c:fd:fe:d0:20:22 smp-affinity auto speed auto } ethernet eth5 { duplex auto hw-id 3c:fd:fe:d0:20:23 smp-affinity auto speed auto } loopback lo { address 46.227.204.1/32 address 2a01:9e00:1234::1/128 } } policy { prefix-list TEST-EQUINIXIX-OUT { rule 1 { action permit prefix 46.227.204.0/24 } rule 2 { action deny le 32 prefix 0.0.0.0/0 } } prefix-list6 TEST-EQUINIXIX-OUT { rule 1 { action permit prefix 2a01:9e00:1234::/48 } rule 2 { action deny le 128 prefix ::/0 } } } protocols { bgp 41495 { address-family { ipv4-unicast { redistribute { static { } } } ipv6-unicast { redistribute { static { } } } } neighbor 185.1.101.28 { address-family { ipv4-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 6939 } neighbor 185.1.101.250 { address-family { ipv4-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } ipv6-unicast { soft-reconfiguration { inbound } } } remote-as 65517 } neighbor 185.1.101.251 { address-family { ipv4-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 24115 } neighbor 185.1.101.252 { address-family { ipv4-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 24115 } neighbor 2001:7f8:bc::2:4115:1 { address-family { ipv6-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 24115 } neighbor 2001:7f8:bc::2:4115:2 { address-family { ipv6-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 24115 } neighbor 2001:7f8:bc::6:5517:1 { address-family { ipv6-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 65517 } neighbor 2001:7f8:bc::6939:1 { address-family { ipv6-unicast { prefix-list { export TEST-EQUINIXIX-OUT } soft-reconfiguration { inbound } } } remote-as 6939 } parameters { router-id 46.227.201.1 } } ospf { area 0.0.0.0 { network 46.227.200.64/26 } area 185.1.101.0 { network 185.1.101.0/24 } parameters { abr-type cisco router-id 46.227.201.1 } passive-interface eth1 } ospfv3 { area 0.0.0.0 { interface eth3 range 2a01:9e00:a217:0d00::/64 { } } area 185.1.101.0 { interface eth1 range 2001:7f8:bc::/64 { } } parameters { router-id 46.227.201.1 } } static { route 10.0.0.0/8 { next-hop 10.13.0.1 { } } route 46.227.204.0/24 { blackhole { } } route6 2a01:9e00:1234::/48 { blackhole { } } } } service { lldp { interface al { } interface all { } management-address 10.13.0.56 } salt-minion { id {{ grains['fqdn'] }} master hphr.salt.faelix.net } snmp { community public { } trap-source 10.13.0.56 trap-target 10.13.1.111 { } } ssh { listen-address 10.13.0.56 } } system { config-management { commit-revisions 100 } console { device ttyS0 { speed 9600 } } host-name {{ grains['fqdn'] }} ip { multipath { layer4-hashing } } ipv6 { multipath { layer4-hashing } } login { user vyos { authentication { encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1 plaintext-password "" } level admin } } {% for nameserver in pillar['nameservers'] %} name-server {{ nameserver }} {% endfor %} ntp { {% for ntp_server, ntp_data in pillar['ntp'].items() %} server {{ ntp_server }} { } {% endfor %} } syslog { global { facility all { level info } facility protocols { level debug } } } time-zone UTC } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@3:ssh@1:system@11:vrrp@2:vyos-accel-ppp@1:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ /* Release version: 1.2.0-rolling+201904240337 */