rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

firewall: consolidate IPv4 and IPv6 address families for BGP

Browse source
This commit is contained in:
Timotej Lazar 2025-03-26 01:46:28 +01:00
parent 8a0113ea49
commit cafa938da3
2 changed files with 8 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/exit/templates/frr.conf.j2
View file

@ -77,10 +77,12 @@ router bgp {{ asn.asn }} vrf outside
{% endfor %} {% endfor %}
address-family ipv4 unicast address-family ipv4 unicast
neighbor peerlink.4 activate
neighbor peerlink.4 soft-reconfiguration inbound neighbor peerlink.4 soft-reconfiguration inbound
neighbor peerlink.4 route-map peer.4->me in neighbor peerlink.4 route-map peer.4->me in
neighbor peerlink.4 route-map me->peer.4 out neighbor peerlink.4 route-map me->peer.4 out
neighbor firewall activate
neighbor firewall allowas-in 1 neighbor firewall allowas-in 1
neighbor firewall default-originate neighbor firewall default-originate
neighbor firewall soft-reconfiguration inbound neighbor firewall soft-reconfiguration inbound

22
roles/firewall/templates/frr.conf.j2
View file

@ -40,26 +40,14 @@ router bgp {{ asn.asn }}
neighbor {{ iface.name }}.4 bfd profile fast neighbor {{ iface.name }}.4 bfd profile fast
{% endfor %} {% endfor %}
address-family ipv4 unicast {% for family in ['ipv4', 'ipv6'] %}
address-family {{ family }} unicast
{% if family == 'ipv4' %}
{% for network in nat %} {% for network in nat %}
network {{ network }} network {{ network }}
{% endfor %} {% endfor %}
redistribute connected route-map loopback {% endif %}
maximum-paths 16
neighbor outside soft-reconfiguration inbound
neighbor outside route-map outside->default in
neighbor outside route-map default->outside out
neighbor inside allowas-in origin
neighbor inside default-originate
neighbor inside soft-reconfiguration inbound
neighbor inside route-map inside->default in
neighbor inside route-map default->inside out
exit-address-family
address-family ipv6 unicast
redistribute connected route-map loopback redistribute connected route-map loopback
maximum-paths 16 maximum-paths 16
@ -76,6 +64,8 @@ router bgp {{ asn.asn }}
neighbor inside route-map default->inside out neighbor inside route-map default->inside out
exit-address-family exit-address-family
{% endfor %}
# Prefix lists. # Prefix lists.
ip prefix-list default permit 0.0.0.0/0 ip prefix-list default permit 0.0.0.0/0
ipv6 prefix-list default permit ::/0 ipv6 prefix-list default permit ::/0