|
|
|
@ -228,7 +228,9 @@ protocols {
|
|
|
|
|
bgp {{ bgp_as }} {
|
|
|
|
|
parameters {
|
|
|
|
|
router-id {{ as_data['parameters']['router-id'] }}
|
|
|
|
|
default no-ipv4-unicast
|
|
|
|
|
default {
|
|
|
|
|
no-ipv4-unicast
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
{% if as_data.get('address-family',None) %}
|
|
|
|
|
address-family {
|
|
|
|
@ -481,6 +483,97 @@ policy {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list hphr-DFZ-LONG-IPv4 {
|
|
|
|
|
rule 100 {
|
|
|
|
|
prefix 192.168.0.0/16
|
|
|
|
|
description "RFC1918"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 101 {
|
|
|
|
|
prefix 172.16.0.0/12
|
|
|
|
|
description "RFC1918"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 102 {
|
|
|
|
|
prefix 10.0.0.0/8
|
|
|
|
|
description "RFC1918"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 103 {
|
|
|
|
|
prefix 169.254.0.0/16
|
|
|
|
|
description "link-local"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 104 {
|
|
|
|
|
prefix 100.64.0.0/10
|
|
|
|
|
description "CGNAT"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 105 {
|
|
|
|
|
prefix 127.0.0.0/8
|
|
|
|
|
description "loopback"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 106 {
|
|
|
|
|
prefix 192.0.0.0/24
|
|
|
|
|
description "IETF protocol assignments"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 107 {
|
|
|
|
|
prefix 192.0.2.0/24
|
|
|
|
|
description "TEST-NET-1"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 108 {
|
|
|
|
|
prefix 198.18.0.0/15
|
|
|
|
|
description "Network interconnect device benchmark testing"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 109 {
|
|
|
|
|
prefix 198.51.100.0/24
|
|
|
|
|
description "TEST-NET-2"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 110 {
|
|
|
|
|
prefix 203.0.113.0/24
|
|
|
|
|
description "TEST-NET-3"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 111 {
|
|
|
|
|
prefix 224.0.0.0/4
|
|
|
|
|
description "multicast"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 112 {
|
|
|
|
|
prefix 240.0.0.0/4
|
|
|
|
|
description "reserved"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 1000 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
|
le 32
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
rule 65535 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list hphr-DFZ-DEFAULT-IPv4 {
|
|
|
|
|
rule 10 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
@ -576,6 +669,101 @@ policy {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list hphr-DFZ-DEFAULT-LONG-IPv4 {
|
|
|
|
|
rule 10 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
rule 100 {
|
|
|
|
|
prefix 192.168.0.0/16
|
|
|
|
|
description "RFC1918"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 101 {
|
|
|
|
|
prefix 172.16.0.0/12
|
|
|
|
|
description "RFC1918"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 102 {
|
|
|
|
|
prefix 10.0.0.0/8
|
|
|
|
|
description "RFC1918"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 103 {
|
|
|
|
|
prefix 169.254.0.0/16
|
|
|
|
|
description "link-local"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 104 {
|
|
|
|
|
prefix 100.64.0.0/10
|
|
|
|
|
description "CGNAT"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 105 {
|
|
|
|
|
prefix 127.0.0.0/8
|
|
|
|
|
description "loopback"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 106 {
|
|
|
|
|
prefix 192.0.0.0/24
|
|
|
|
|
description "IETF protocol assignments"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 107 {
|
|
|
|
|
prefix 192.0.2.0/24
|
|
|
|
|
description "TEST-NET-1"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 108 {
|
|
|
|
|
prefix 198.18.0.0/15
|
|
|
|
|
description "Network interconnect device benchmark testing"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 109 {
|
|
|
|
|
prefix 198.51.100.0/24
|
|
|
|
|
description "TEST-NET-2"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 110 {
|
|
|
|
|
prefix 203.0.113.0/24
|
|
|
|
|
description "TEST-NET-3"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 111 {
|
|
|
|
|
prefix 224.0.0.0/4
|
|
|
|
|
description "multicast"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 112 {
|
|
|
|
|
prefix 240.0.0.0/4
|
|
|
|
|
description "reserved"
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 1000 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
|
le 32
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
rule 65535 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
|
le 32
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list6 hphr-NO-IPv6 {
|
|
|
|
|
rule 1 {
|
|
|
|
|
prefix ::/0
|
|
|
|
@ -682,6 +870,84 @@ policy {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list6 hphr-DFZ-LONG-IPv6 {
|
|
|
|
|
rule 100 {
|
|
|
|
|
prefix ::/128
|
|
|
|
|
description "not self"
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 101 {
|
|
|
|
|
prefix ::1/128
|
|
|
|
|
description "self"
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 102 {
|
|
|
|
|
prefix ::ffff:0:0/96
|
|
|
|
|
description "IPv4-mapped"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 103 {
|
|
|
|
|
prefix ::/96
|
|
|
|
|
description "IPv4-compatible"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 104 {
|
|
|
|
|
prefix 100::/64
|
|
|
|
|
description "RTBH addresses"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 105 {
|
|
|
|
|
prefix 2001:10::/28
|
|
|
|
|
description "ORCHID addresses"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 106 {
|
|
|
|
|
prefix 2001:db8::/32
|
|
|
|
|
description "documentation prefix"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 107 {
|
|
|
|
|
prefix fc00::/7
|
|
|
|
|
description "ULA address"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 108 {
|
|
|
|
|
prefix fe80::/10
|
|
|
|
|
description "link-local"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 109 {
|
|
|
|
|
prefix fec0::/10
|
|
|
|
|
description "site-local"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 110 {
|
|
|
|
|
prefix ff0e::/16
|
|
|
|
|
description "global multicast"
|
|
|
|
|
le 64
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
rule 111 {
|
|
|
|
|
prefix ff00::/8
|
|
|
|
|
description "multicast"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 1000 {
|
|
|
|
|
prefix ::/0
|
|
|
|
|
le 128
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list6 hphr-DFZ-DEFAULT-IPv6 {
|
|
|
|
|
rule 10 {
|
|
|
|
|
prefix ::/0
|
|
|
|
@ -764,6 +1030,88 @@ policy {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list6 hphr-DFZ-DEFAULT-LONG-IPv6 {
|
|
|
|
|
rule 10 {
|
|
|
|
|
prefix ::/0
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
rule 100 {
|
|
|
|
|
prefix ::/128
|
|
|
|
|
description "not self"
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 101 {
|
|
|
|
|
prefix ::1/128
|
|
|
|
|
description "self"
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 102 {
|
|
|
|
|
prefix ::ffff:0:0/96
|
|
|
|
|
description "IPv4-mapped"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 103 {
|
|
|
|
|
prefix ::/96
|
|
|
|
|
description "IPv4-compatible"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 104 {
|
|
|
|
|
prefix 100::/64
|
|
|
|
|
description "RTBH addresses"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 105 {
|
|
|
|
|
prefix 2001:10::/28
|
|
|
|
|
description "ORCHID addresses"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 106 {
|
|
|
|
|
prefix 2001:db8::/32
|
|
|
|
|
description "documentation prefix"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 107 {
|
|
|
|
|
prefix fc00::/7
|
|
|
|
|
description "ULA address"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 108 {
|
|
|
|
|
prefix fe80::/10
|
|
|
|
|
description "link-local"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 109 {
|
|
|
|
|
prefix fec0::/10
|
|
|
|
|
description "site-local"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 110 {
|
|
|
|
|
prefix ff0e::/16
|
|
|
|
|
description "global multicast"
|
|
|
|
|
le 64
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
rule 111 {
|
|
|
|
|
prefix ff00::/8
|
|
|
|
|
description "multicast"
|
|
|
|
|
le 128
|
|
|
|
|
action deny
|
|
|
|
|
}
|
|
|
|
|
rule 1000 {
|
|
|
|
|
prefix ::/0
|
|
|
|
|
le 128
|
|
|
|
|
action permit
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix-list hphr-BLACKHOLE-IPv4 {
|
|
|
|
|
rule 1 {
|
|
|
|
|
prefix 0.0.0.0/0
|
|
|
|
|