aboutsummaryrefslogtreecommitdiffstats
path: root/examples/tg23/templates/core-routing.conf
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tg23/templates/core-routing.conf')
-rw-r--r--examples/tg23/templates/core-routing.conf253
1 files changed, 253 insertions, 0 deletions
diff --git a/examples/tg23/templates/core-routing.conf b/examples/tg23/templates/core-routing.conf
new file mode 100644
index 0000000..05895c5
--- /dev/null
+++ b/examples/tg23/templates/core-routing.conf
@@ -0,0 +1,253 @@
+routing-instances {
+ NAT-LAN {
+ forwarding-options {
+ dhcp-relay {
+ dhcpv6 {
+ overrides {
+ allow-snooped-clients;
+ }
+ group all-networks {
+ active-server-group v6-dhcp;
+ route-suppression access-internal;
+ interface ae999.30;
+ {% for distro in floor_distros %}
+ {% if v.tree[distro] %}
+ {% for key, switchname in v.tree[distro].items() %}
+ {% if "nat" in objects["public/switches"].switches[switchname].tags %}
+ {% set network = v.distro_networks[switchname] %}
+ interface ae10.{{ network.vlan }};
+ {% endif %}
+ {% endfor %}
+ {% endif %}
+ {% endfor %}
+
+ {# NAT stuff ringen #}
+ {% if v.tree['d1.ring'] %}
+ {% for key, switchname in v.tree['d1.ring'].items() %}
+ {% set network = v.distro_networks[switchname] %}
+ {% if "nat" in objects["public/switches"].switches[switchname].tags %}
+ interface ae11.{{ network.vlan }};
+ {% endif %}
+ {% endfor %}
+ {% endif %}
+
+ }
+ server-group {
+ v6-dhcp {
+ 2a06:5841:f:d::98;
+ }
+ }
+ }
+ server-group {
+ v4-dhcp {
+ 185.110.148.98;
+ }
+ }
+ group all-networks {
+ active-server-group v4-dhcp;
+ overrides {
+ allow-snooped-clients;
+ trust-option-82;
+ }
+ route-suppression {
+ access-internal;
+ }
+ interface ae999.30;
+ {% for distro in floor_distros %}
+ {% if v.tree[distro] %}
+ {% for key, switchname in v.tree[distro].items() %}
+ {% if "nat" in objects["public/switches"].switches[switchname].tags %}
+ {% set network = v.distro_networks[switchname] %}
+ interface ae10.{{ network.vlan }};
+ {% endif %}
+ {% endfor %}
+ {% endif %}
+ {% endfor %}
+
+ {# NAT stuff ringen #}
+ {% if v.tree['d1.ring'] %}
+ {% for key, switchname in v.tree['d1.ring'].items() %}
+ {% set network = v.distro_networks[switchname] %}
+ {% if "nat" in objects["public/switches"].switches[switchname].tags %}
+ interface ae11.{{ network.vlan }};
+ {% endif %}
+ {% endfor %}
+ {% endif %}
+ }
+ }
+ }
+ protocols {
+ ospf3 {
+ realm ipv4-unicast {
+ area 0.0.0.0 {
+ /* natfw1 zone: NAT-LAN */
+ interface ae999.30;
+ }
+ reference-bandwidth 1000g;
+ export v4-from-direct-to-ospf;
+ import v4-only-default-from-ospf;
+ }
+ area 0.0.0.0 {
+ /* natfw1 zone: NAT-LAN */
+ interface ae999.30;
+ }
+ reference-bandwidth 1000g;
+ export v6-from-direct-to-ospf
+ import v6-only-default-from-ospf;
+ }
+ }
+ instance-type virtual-router;
+
+ /* natfw1 zone: NAT-LAN */
+ interface ae999.30;
+
+ /* Test interface */
+ interface lo0.2;
+ }
+ NAT-WIFI {
+ forwarding-options {
+ dhcp-relay {
+ dhcpv6 {
+ overrides {
+ allow-snooped-clients;
+ }
+ group all-networks {
+ active-server-group v6-dhcp;
+ route-suppression access-internal;
+ interface irb.778;
+ }
+ server-group {
+ v6-dhcp {
+ 2a06:5841:f:d::98;
+ }
+ }
+ }
+ server-group {
+ v4-dhcp {
+ 185.110.148.98;
+ }
+ }
+ group all-networks {
+ active-server-group v4-dhcp;
+ overrides {
+ allow-snooped-clients;
+ trust-option-82;
+ }
+ route-suppression {
+ access-internal;
+ }
+ interface ae999.20;
+ interface irb.778;
+ }
+ }
+ }
+ protocols {
+ ospf3 {
+ realm ipv4-unicast {
+ area 0.0.0.0 {
+ interface ae999.20;
+ }
+ reference-bandwidth 1000g;
+ import v4-only-default-from-ospf;
+ export v4-from-direct-to-ospf;
+ }
+ area 0.0.0.0 {
+ /* natfw1 zone: NAT-WIFI */
+ interface ae999.20;
+ }
+ reference-bandwidth 1000g;
+ import v6-only-default-from-ospf;
+ export v6-from-direct-to-ospf;
+ }
+ }
+ instance-type virtual-router;
+
+ /* natfw1 zone: NAT-WIFI */
+ interface ae999.20;
+
+ /* s1.tele mgmt and lab (static-ip) */
+ interface ae11.20;
+
+ /* Test interface */
+ interface lo0.1;
+
+ /* All wifi clients for SSID The Gathering */
+ interface irb.778;
+ }
+}
+
+routing-options {
+ nonstop-routing;
+ rib inet6.0 {
+ static {
+ route 2a06:5840::/29 {
+ discard;
+ no-install;
+ }
+ }
+ }
+ rib inet.0 {
+ static {
+ /* NAT POOL */
+ route 185.110.150.0/24 next-hop 185.110.148.163;
+
+ /* vpn.tg23.gathering.org */
+ route 151.216.255.0/24 next-hop 185.110.148.110;
+
+ /* Telenor */
+ route 88.92.0.0/17 {
+ discard;
+ no-install;
+ }
+ /* RIPE */
+ route 151.216.128.0/17 {
+ discard;
+ no-install;
+ }
+ /* KANDU */
+ route 185.110.148.0/22 {
+ discard;
+ no-install;
+ }
+ }
+ }
+ router-id 185.110.148.0;
+ autonomous-system 21067;
+}
+
+protocols {
+ ospf3 {
+ realm ipv4-unicast {
+ area 0.0.0.0 {
+ /* natfw1 zone: inet */
+ interface ae999.10;
+ /* stand */
+ interface ae12.0;
+ }
+ reference-bandwidth 1000g;
+ export [ static-to-ospf direct-to-ospf v4-default-from-bgp ];
+ }
+ area 0.0.0.0 {
+ /* natfw1 zone: inet */
+ interface ae999.10;
+ /* stand */
+ interface ae12.0;
+ }
+ export [ static-to-ospf direct-to-ospf v6-default-from-bgp ];
+ reference-bandwidth 1000g;
+ }
+ bgp {
+ group telenor {
+ authentication-key "<removed>"; ## SECRET-DATA
+ peer-as 2119;
+ neighbor 193.212.22.1 {
+ import telenor-in-v4;
+ export telenor-out-v4;
+ }
+ neighbor 2001:4600:9:300::291 {
+ import telenor-in-v6;
+ export telenor-out-v6;
+ }
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 15:49:55 +0000