add blackhole signalling by BGP
This commit is contained in:
parent
ec1905f1bd
commit
88f6215e8b
@ -1,7 +1,7 @@
|
|||||||
#!/bin/vbash
|
#!/bin/vbash
|
||||||
source /opt/vyatta/etc/functions/script-template
|
source /opt/vyatta/etc/functions/script-template
|
||||||
configure
|
configure
|
||||||
load /config/config.new
|
load /config/config.new || exit 1
|
||||||
compare
|
compare
|
||||||
commit && save
|
commit && save || exit 1
|
||||||
exit
|
exit
|
||||||
|
|||||||
63
vyos.conf.j2
63
vyos.conf.j2
@ -230,6 +230,7 @@ protocols {
|
|||||||
neighbor {{ neighbor }} {
|
neighbor {{ neighbor }} {
|
||||||
remote-as {{ neighbor_data['remote-as'] }}
|
remote-as {{ neighbor_data['remote-as'] }}
|
||||||
{% if 'update-source' in neighbor_data %}update-source {{ neighbor_data['update-source'] }}{% endif %}
|
{% if 'update-source' in neighbor_data %}update-source {{ neighbor_data['update-source'] }}{% endif %}
|
||||||
|
{% if 'ebgp-multihop' in neighbor_data %}ebgp-multihop {{ neighbor_data['ebgp-multihop'] }}{% endif %}
|
||||||
|
|
||||||
{% if 'address-family' in neighbor_data %}
|
{% if 'address-family' in neighbor_data %}
|
||||||
address-family {
|
address-family {
|
||||||
@ -241,6 +242,12 @@ protocols {
|
|||||||
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %}
|
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %}
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if 'route-map' in neighbor_data['address-family']['ipv4-unicast'] %}
|
||||||
|
route-map {
|
||||||
|
{% if 'export' in neighbor_data['address-family']['ipv4-unicast']['route-map'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['route-map']['export'] }}{% endif %}
|
||||||
|
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['route-map'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['route-map']['import'] }}{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %}
|
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %}
|
||||||
soft-reconfiguration {
|
soft-reconfiguration {
|
||||||
{% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %}
|
{% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %}
|
||||||
@ -258,6 +265,12 @@ protocols {
|
|||||||
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %}
|
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %}
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if 'route-map' in neighbor_data['address-family']['ipv6-unicast'] %}
|
||||||
|
route-map {
|
||||||
|
{% if 'export' in neighbor_data['address-family']['ipv6-unicast']['route-map'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['route-map']['export'] }}{% endif %}
|
||||||
|
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['route-map'] %}import {{ neighbor_data['address-family']['ipipv6v4-unicast']['route-map']['import'] }}{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %}
|
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %}
|
||||||
soft-reconfiguration {
|
soft-reconfiguration {
|
||||||
{% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %}
|
{% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %}
|
||||||
@ -683,6 +696,56 @@ policy {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
prefix-list hphr-BLACKHOLE-IPv4 {
|
||||||
|
rule 1 {
|
||||||
|
prefix 0.0.0.0/0
|
||||||
|
ge 32
|
||||||
|
le 32
|
||||||
|
action permit
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
prefix-list6 hphr-BLACKHOLE-IPv6 {
|
||||||
|
rule 1 {
|
||||||
|
prefix ::/0
|
||||||
|
ge 64
|
||||||
|
le 128
|
||||||
|
action permit
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
route-map hphr-BLACKHOLE-IPv4 {
|
||||||
|
rule 1 {
|
||||||
|
match {
|
||||||
|
ip {
|
||||||
|
address {
|
||||||
|
prefix-list hphr-BLACKHOLE-IPv4
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
action permit
|
||||||
|
set {
|
||||||
|
ip-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv4') }}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
route-map hphr-BLACKHOLE-IPv6 {
|
||||||
|
rule 1 {
|
||||||
|
match {
|
||||||
|
ipv6 {
|
||||||
|
address {
|
||||||
|
prefix-list hphr-BLACKHOLE-IPv6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
action permit
|
||||||
|
set {
|
||||||
|
ipv6-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv6') }}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
{% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %}
|
{% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %}
|
||||||
prefix-list {{ prefix_list_name }} {
|
prefix-list {{ prefix_list_name }} {
|
||||||
{% if 'bgpq3' in prefix_data %}
|
{% if 'bgpq3' in prefix_data %}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user