routing-instances { NAT-LAN { forwarding-options { dhcp-relay { dhcpv6 { overrides { allow-snooped-clients; } group all-networks { active-server-group v6-dhcp; route-suppression access-internal; interface ae999.30; {% for distro in floor_distros %} {% if v.tree[distro] %} {% for key, switchname in v.tree[distro].items() %} {% if "nat" in objects["public/switches"].switches[switchname].tags %} {% set network = v.distro_networks[switchname] %} interface ae10.{{ network.vlan }}; {% endif %} {% endfor %} {% endif %} {% endfor %} {# NAT stuff ringen #} {% if v.tree['d1.ring'] %} {% for key, switchname in v.tree['d1.ring'].items() %} {% set network = v.distro_networks[switchname] %} {% if "nat" in objects["public/switches"].switches[switchname].tags %} interface ae11.{{ network.vlan }}; {% endif %} {% endfor %} {% endif %} } server-group { v6-dhcp { 2a06:5841:f:d::98; } } } server-group { v4-dhcp { 185.110.148.98; } } group all-networks { active-server-group v4-dhcp; overrides { allow-snooped-clients; trust-option-82; } route-suppression { access-internal; } interface ae999.30; {% for distro in floor_distros %} {% if v.tree[distro] %} {% for key, switchname in v.tree[distro].items() %} {% if "nat" in objects["public/switches"].switches[switchname].tags %} {% set network = v.distro_networks[switchname] %} interface ae10.{{ network.vlan }}; {% endif %} {% endfor %} {% endif %} {% endfor %} {# NAT stuff ringen #} {% if v.tree['d1.ring'] %} {% for key, switchname in v.tree['d1.ring'].items() %} {% set network = v.distro_networks[switchname] %} {% if "nat" in objects["public/switches"].switches[switchname].tags %} interface ae11.{{ network.vlan }}; {% endif %} {% endfor %} {% endif %} } } } protocols { ospf3 { realm ipv4-unicast { area 0.0.0.0 { /* natfw1 zone: NAT-LAN */ interface ae999.30; } reference-bandwidth 1000g; export v4-from-direct-to-ospf; import v4-only-default-from-ospf; } area 0.0.0.0 { /* natfw1 zone: NAT-LAN */ interface ae999.30; } reference-bandwidth 1000g; export v6-from-direct-to-ospf import v6-only-default-from-ospf; } } instance-type virtual-router; /* natfw1 zone: NAT-LAN */ interface ae999.30; /* Test interface */ interface lo0.2; } NAT-WIFI { forwarding-options { dhcp-relay { dhcpv6 { overrides { allow-snooped-clients; } group all-networks { active-server-group v6-dhcp; route-suppression access-internal; interface irb.778; } server-group { v6-dhcp { 2a06:5841:f:d::98; } } } server-group { v4-dhcp { 185.110.148.98; } } group all-networks { active-server-group v4-dhcp; overrides { allow-snooped-clients; trust-option-82; } route-suppression { access-internal; } interface ae999.20; interface irb.778; } } } protocols { ospf3 { realm ipv4-unicast { area 0.0.0.0 { interface ae999.20; } reference-bandwidth 1000g; import v4-only-default-from-ospf; export v4-from-direct-to-ospf; } area 0.0.0.0 { /* natfw1 zone: NAT-WIFI */ interface ae999.20; } reference-bandwidth 1000g; import v6-only-default-from-ospf; export v6-from-direct-to-ospf; } } instance-type virtual-router; /* natfw1 zone: NAT-WIFI */ interface ae999.20; /* s1.tele mgmt and lab (static-ip) */ interface ae11.20; /* Test interface */ interface lo0.1; /* All wifi clients for SSID The Gathering */ interface irb.778; } } routing-options { nonstop-routing; rib inet6.0 { static { route 2a06:5840::/29 { discard; no-install; } } } rib inet.0 { static { /* NAT POOL */ route 185.110.150.0/24 next-hop 185.110.148.163; /* vpn.tg23.gathering.org */ route 151.216.255.0/24 next-hop 185.110.148.110; /* Telenor */ route 88.92.0.0/17 { discard; no-install; } /* RIPE */ route 151.216.128.0/17 { discard; no-install; } /* KANDU */ route 185.110.148.0/22 { discard; no-install; } } } router-id 185.110.148.0; autonomous-system 21067; } protocols { ospf3 { realm ipv4-unicast { area 0.0.0.0 { /* natfw1 zone: inet */ interface ae999.10; /* stand */ interface ae12.0; } reference-bandwidth 1000g; export [ static-to-ospf direct-to-ospf v4-default-from-bgp ]; } area 0.0.0.0 { /* natfw1 zone: inet */ interface ae999.10; /* stand */ interface ae12.0; } export [ static-to-ospf direct-to-ospf v6-default-from-bgp ]; reference-bandwidth 1000g; } bgp { group telenor { authentication-key ""; ## SECRET-DATA peer-as 2119; neighbor 193.212.22.1 { import telenor-in-v4; export telenor-out-v4; } neighbor 2001:4600:9:300::291 { import telenor-in-v6; export telenor-out-v6; } } } }