EOX GitLab Instance

Skip to content
Snippets Groups Projects
Commit d901032b authored by Karl Grube's avatar Karl Grube
Browse files

internet router work for today done

parent 312e783c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 31 additions and 9 deletions
templates/frr_conf.j2
+ 31
9
View file @ d901032b
...@@ -16,15 +16,15 @@ router bgp {{bgp_asn}} ...@@ -16,15 +16,15 @@ router bgp {{bgp_asn}}
neighbor outside peer-group neighbor outside peer-group
neighbor outside remote-as external neighbor outside remote-as external
neighbor nat peer-group neighbor nat peer-group
neighbor nat remote-as internal neighbor nat remote-as external
neighbor nat bfd neighbor nat bfd
neighbor nat capability extended-nexthop neighbor nat capability extended-nexthop
neighbor firewall4s peer-group neighbor firewall4s peer-group
neighbor firewall4s remote-as internal neighbor firewall4s remote-as external
neighbor firewall4s bfd neighbor firewall4s bfd
neighbor firewall4s capability extended-nexthop neighbor firewall4s capability extended-nexthop
neighbor firewalls peer-group neighbor firewalls peer-group
neighbor firewalls remote-as internal neighbor firewalls remote-as external
neighbor firewalls bfd neighbor firewalls bfd
{% for neighbor in firewall4s %} {% for neighbor in firewall4s %}
{% if (neighbor|ansible.utils.ipv6) or (neighbor|ansible.utils.ipv4) %} {% if (neighbor|ansible.utils.ipv6) or (neighbor|ansible.utils.ipv4) %}
...@@ -49,13 +49,16 @@ router bgp {{bgp_asn}} ...@@ -49,13 +49,16 @@ router bgp {{bgp_asn}}
{% endfor %} {% endfor %}
! !
address-family ipv4 unicast address-family ipv4 unicast
{% for range in dc4_ranges %}
aggregate-address {{range}} route-map reject_local_origin
{% endfor %}
network 0.0.0.0/0 network 0.0.0.0/0
neighbor firewall4s activate neighbor firewall4s activate
neighbor firewall4s prefix-list all out neighbor firewall4s prefix-list all out
neighbor firewall4s prefix-list my-networks in neighbor firewall4s prefix-list internal in
neighbor nat activate neighbor nat activate
neighbor nat prefix-list all out neighbor nat prefix-list all out
neighbor nat prefix-list nat in neighbor nat prefix-list internal in
{% for neighbor in internet_connections %} {% for neighbor in internet_connections %}
{% for ip in neighbor.peer_ips %} {% for ip in neighbor.peer_ips %}
{% if ip|ansible.utils.ipv4 %} {% if ip|ansible.utils.ipv4 %}
...@@ -67,13 +70,16 @@ router bgp {{bgp_asn}} ...@@ -67,13 +70,16 @@ router bgp {{bgp_asn}}
{% endfor %} {% endfor %}
! !
address-family ipv6 unicast address-family ipv6 unicast
{% for range in dc_ranges %}
aggregate-address {{range}} route-map reject_local_origin
{% endfor %}
network ::/0 network ::/0
neighbor nat activate neighbor nat activate
neighbor nat prefix-list internet out neighbor nat prefix-list internet out
neighbor nat prefix-list none in neighbor nat prefix-list none in
neighbor firewalls activate neighbor firewalls activate
neighbor firewalls prefix-list all out neighbor firewalls prefix-list all out
neighbor firewalls prefix-list my-networks in neighbor firewalls prefix-list internal in
{% for neighbor in internet_connections %} {% for neighbor in internet_connections %}
{% for ip in neighbor.peer_ips %} {% for ip in neighbor.peer_ips %}
{% if ip|ansible.utils.ipv6 %} {% if ip|ansible.utils.ipv6 %}
...@@ -141,6 +147,14 @@ ipv6 prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any ...@@ -141,6 +147,14 @@ ipv6 prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
{% endif %} {% endif %}
{% endfor %} {% endfor %}
! !
{% for range in dc_ranges %}
ipv6 prefix-list internal seq {{(loop.index|int)*20-10}} permit {{range}}
ipv6 prefix-list internal seq {{(loop.index|int)*20}} permit {{range}} ge {{((range|regex_replace('.*/',''))|int)+1}}
{% if loop.last %}
ipv6 prefix-list internal seq {{(loop.index|int)*20+10}} deny any
{% endif %}
{% endfor %}
!
ip prefix-list none seq 10 deny any ip prefix-list none seq 10 deny any
{% if allow_default_ipv4 == True %} {% if allow_default_ipv4 == True %}
ip prefix-list internet seq 5 permit 0.0.0.0/0 ip prefix-list internet seq 5 permit 0.0.0.0/0
...@@ -169,10 +183,10 @@ ip prefix-list internet seq {{(loop.index|int)*10+170}} permit any ...@@ -169,10 +183,10 @@ ip prefix-list internet seq {{(loop.index|int)*10+170}} permit any
{% endfor %} {% endfor %}
! !
{% for range in dc4_ranges %} {% for range in dc4_ranges %}
ip prefix-list nat seq {{(loop.index|int)*20-10}} permit {{range}} ip prefix-list internal seq {{(loop.index|int)*20-10}} permit {{range}}
ip prefix-list nat seq {{(loop.index|int)*20}} permit {{range}} ge {{((range|regex_replace('.*/',''))|int)+1}} ip prefix-list internal seq {{(loop.index|int)*20}} permit {{range}} ge {{((range|regex_replace('.*/',''))|int)+1}}
{% if loop.last %} {% if loop.last %}
ip prefix-list nat seq {{(loop.index|int)*20+10}} deny any ip prefix-list internal seq {{(loop.index|int)*20+10}} deny any
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% for range in dc4_ranges + anycast4_ranges %} {% for range in dc4_ranges + anycast4_ranges %}
...@@ -183,3 +197,11 @@ ip prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any ...@@ -183,3 +197,11 @@ ip prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
{% endfor %} {% endfor %}
ip prefix-list all seq 10 permit any ip prefix-list all seq 10 permit any
ipv6 prefix-list all seq 10 permit any ipv6 prefix-list all seq 10 permit any
!
route-map reject_local_origin deny 10
match as-path {{bgp_asn}}
exit
!
route-map reject_local_origin permit 20
exit
!
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment