FAELIX/hphr
FAELIX/hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add blackhole signalling by BGP

Browse Source
This commit is contained in:
Marek Isalski 2019-05-19 10:11:18 +01:00
parent ec1905f1bd
commit 88f6215e8b
2 changed files with 65 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
load-configure-compare-commit.sh
View File

@ -1,7 +1,7 @@
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
load /config/config.new
load /config/config.new || exit 1
compare
commit && save
commit && save || exit 1
exit

63
vyos.conf.j2
View File

@ -230,6 +230,7 @@ protocols {
neighbor {{ neighbor }} {
remote-as {{ neighbor_data['remote-as'] }}
{% if 'update-source' in neighbor_data %}update-source {{ neighbor_data['update-source'] }}{% endif %}
{% if 'ebgp-multihop' in neighbor_data %}ebgp-multihop {{ neighbor_data['ebgp-multihop'] }}{% endif %}
{% if 'address-family' in neighbor_data %}
address-family {
@ -241,6 +242,12 @@ protocols {
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %}
}
{% endif %}
{% if 'route-map' in neighbor_data['address-family']['ipv4-unicast'] %}
route-map {
{% if 'export' in neighbor_data['address-family']['ipv4-unicast']['route-map'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['route-map']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['route-map'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['route-map']['import'] }}{% endif %}
}
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %}
soft-reconfiguration {
{% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %}
@ -258,6 +265,12 @@ protocols {
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %}
}
{% endif %}
{% if 'route-map' in neighbor_data['address-family']['ipv6-unicast'] %}
route-map {
{% if 'export' in neighbor_data['address-family']['ipv6-unicast']['route-map'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['route-map']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['route-map'] %}import {{ neighbor_data['address-family']['ipipv6v4-unicast']['route-map']['import'] }}{% endif %}
}
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %}
soft-reconfiguration {
{% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %}
@ -683,6 +696,56 @@ policy {
}
}
prefix-list hphr-BLACKHOLE-IPv4 {
rule 1 {
prefix 0.0.0.0/0
ge 32
le 32
action permit
}
}
prefix-list6 hphr-BLACKHOLE-IPv6 {
rule 1 {
prefix ::/0
ge 64
le 128
action permit
}
}
route-map hphr-BLACKHOLE-IPv4 {
rule 1 {
match {
ip {
address {
prefix-list hphr-BLACKHOLE-IPv4
}
}
}
action permit
set {
ip-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv4') }}
}
}
}
route-map hphr-BLACKHOLE-IPv6 {
rule 1 {
match {
ipv6 {
address {
prefix-list hphr-BLACKHOLE-IPv6
}
}
}
action permit
set {
ipv6-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv6') }}
}
}
}
{% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %}
prefix-list {{ prefix_list_name }} {
{% if 'bgpq3' in prefix_data %}