firewall { group { address-group AS207556 { address 23.136.232.0-23.136.232.255 } ipv6-address-group Management { address redcated } ipv6-network-group AS207556 { network 2602:fb68::/40 network 2a06:a005:720::/44 network 2a10:2f00:181::/48 network 2a0e:b100:100::/42 } } interface bond0.3 { out { ipv6-name HOME } } interface dum1 { local { ipv6-name management } } ipv6-name HOME { default-action drop rule 10 { action accept source { group { network-group AS207556 } } } rule 11 { action accept state { established enable related enable } } } ipv6-name management { default-action drop rule 1 { action accept source { group { address-group Management } } } rule 10 { action accept state { established enable related enable } } } } high-availability { vrrp { group 7 { address 172.16.7.1/24 { } interface bond0.7 priority 240 vrid 7 } group 106 { address 2a0e:b100:106::1/48 { } interface bond0.106 priority 100 vrid 106 } group 107 { address 2a0e:b100:107::1/48 { } interface bond0.107 priority 100 vrid 107 } group 207 { address 2a0e:b100:102::1/48 { } interface bond0.207 priority 100 vrid 207 } group 2602 { address 2602:fb68:3::1/48 { } interface bond0.2602 priority 100 vrid 202 } } } interfaces { bonding bond0 { address 172.16.1.1/24 hash-policy layer3+4 member { interface eth0 interface eth1 } mode 802.3ad vif 3 { } vif 4 { address 172.16.4.1/24 } vif 7 { address 172.16.7.253/24 } vif 14 { address 172.16.14.1/24 } vif 22 { } vif 100 { address 2602:fb68:c1::1/64 vrf AS23428 } vif 106 { address 2a0e:b100:106::3/48 vrf AS207556 } vif 107 { address 2a0e:b100:107::101/48 vrf AS207556 } vif 207 { address 2a0e:b100:102::3/48 vrf AS207556 } vif 2602 { address 2602:fb68:3::4/48 address 23.136.232.26/29 vrf AS207556 } } bonding bond4093 { address 2a10:2f00:181:8::/127 member { interface eth2 interface eth5 } mode 802.3ad vif 10 { address 10.0.0.1/30 } vrf AS207556 } dummy dum1 { address 2602:fb68:8::1/128 vrf AS207556 } ethernet eth0 { hw-id 28:80:23:dd:22:e0 offload { gro gso rps sg tso } } ethernet eth1 { hw-id 28:80:23:dd:22:e4 offload { gro gso rps sg tso } } ethernet eth2 { hw-id 0c:c4:7a:58:bb:c6 offload { gro gso lro rps sg tso } } ethernet eth3 { hw-id 0c:c4:7a:58:bb:c9 offload { gro gso lro rps sg tso } } ethernet eth4 { hw-id 0c:c4:7a:58:bb:c8 offload { gro gso lro rps sg tso } } ethernet eth5 { hw-id 0c:c4:7a:58:bb:c7 offload { gro gso lro rps sg tso } } ethernet eth6 { address dhcp hw-id 0c:c4:7a:58:bb:ca ipv6 { address { autoconf } } offload { gro gso lro rps sg tso } } ethernet eth7 { hw-id 0c:c4:7a:58:bb:cb offload { gro gso lro rps sg tso } } loopback lo { } tunnel tun20 { address 2a10:2f00:181:c::1/127 address 23.136.232.6/30 description "ORF1 <--> IAD" encapsulation gre parameters { ip { key **************** } } remote 173.231.218.42 source-interface eth6 vrf AS207556 } tunnel tun21 { address 2a10:2f00:181:d::1/127 description "ORF1 <--> LAX" encapsulation gre parameters { ip { key **************** } } remote 173.231.201.145 source-interface eth6 vrf AS207556 } tunnel tun70 { address 2602:fb68:c0::/127 description "ORF1 <--> YYZ-2" encapsulation gre parameters { ip { key **************** } } remote 74.119.150.234 source-interface eth6 vrf AS23428 } tunnel tun80 { address 23.136.232.21/30 address 2602:fb68::b/127 description IX-1.YYZ-1 encapsulation gre parameters { ip { key **************** } } remote 23.159.16.136 source-interface eth6 vrf AS207556 } wireguard wg1 { address 172.19.0.6/30 description "edge-1.orf-1 <--> interconnect2.iad1" peer iad1 { address 173.231.218.13 allowed-ips 0.0.0.0/0 allowed-ips ::/0 public-key **************** } private-key **************** } } nat { destination { rule 100 { description "JS1 SSH" destination { port 22 } inbound-interface eth6 protocol tcp translation { address 172.16.4.55 } } rule 200 { destination { port 2222 } inbound-interface eth6 protocol tcp translation { address 172.16.4.49 port 22 } } } source { rule 100 { outbound-interface eth6 source { address 172.16.0.0/16 } translation { address masquerade } } } } policy { prefix-list 207556 { rule 1 { action permit prefix 23.136.232.0/24 } } prefix-list6 23428 { rule 1 { action permit le 49 prefix 2a06:a005:1180::/44 } } prefix-list6 50842 { rule 1 { action permit le 49 prefix 2a12:dd47:81a0::/44 } rule 2 { action permit le 49 prefix 2602:FB68:80::/42 } } prefix-list6 207556 { rule 1 { action permit ge 39 le 49 prefix 2602:fb68::/36 } rule 2 { action permit ge 39 le 49 prefix 2a05:b0c7:200::/40 } rule 3 { action permit ge 43 le 49 prefix 2a06:a005:720::/44 } rule 4 { action permit ge 41 le 49 prefix 2a0e:b100:100::/42 } rule 5 { action permit ge 47 le 49 prefix 2a10:2f00:181::/48 } } prefix-list6 207556-48 { rule 1 { action permit ge 44 prefix 2a06:a005:720::/44 } rule 2 { action permit prefix 2a05:b0c7:200::/40 } } prefix-list6 ServerForge { rule 1 { action permit le 49 prefix 2602:fb68::/36 } rule 2 { action permit le 49 prefix 2a05:b0c7:200::/40 } rule 3 { action permit le 49 prefix 2a06:a005:720::/44 } rule 4 { action permit le 49 prefix 2a06:a005:1180::/44 } rule 5 { action permit le 49 prefix 2a12:dd47:81a0::/44 } rule 6 { action permit le 49 prefix 2602:FB68:80::/42 } rule 7 { action permit le 49 prefix 2a0e:b100:100::/42 } rule 8 { action permit prefix 2a10:2f00:181::/48 } } route-map AS207556 { rule 1 { action permit match { ipv6 { address { prefix-list 207556 } } } } } route-map AS207556-48 { rule 1 { action permit match { ipv6 { address { prefix-list 207556-48 } } } } } route-map AS207556-R64-OUT { rule 1 { action permit match { ipv6 { address { prefix-list 207556 } } } set { as-path { prepend "207556 207556" } } } } route-map LP-300 { rule 10 { action permit set { local-preference 300 } } } } protocols { ospf { area 01 { area-type { normal } } interface bond0 { area 01 } interface bond0.14 { area 01 } interface wg1 { area 01 } } static { route 0.0.0.0/0 { interface eth6 { } } } } service { dhcp-server { shared-network-name Bridge-Net { subnet 172.16.14.0/24 { default-router 172.16.14.1 name-server 172.16.1.5 range stuff { start 172.16.14.10 stop 172.16.14.59 } } } } lldp { interface all { } interface alll { } } monitoring { telegraf { prometheus-client { allow-from 2602:fb68:4::47/128 } } } snmp { listen-address 2a10:2f00:181:c::1 { } location "ORF Datacenter" v3 { engineid 000000000000000000000008 group IX { mode ro view IX } user vyos { auth { encrypted-password **************** type sha } group IX privacy { encrypted-password **************** type aes } } view IX { oid 1 { } } } vrf AS207556 } ssh { } } system { config-management { commit-revisions 100 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } console { device ttyS0 { speed 115200 } } host-name edge-1.orf-1.serverforge.org name-server 2a0e:b100:104::368 name-server 2a0e:b100:103::1bb name-server 8.8.8.8 ntp { server time1.vyos.net { } server time2.vyos.net { } server time3.vyos.net { } } syslog { global { facility all { level info } facility protocols { level debug } } } } vrf { bind-to-all name AS23428 { protocols { bgp { neighbor 2602:fb68:c0::1 { address-family { ipv6-unicast { soft-reconfiguration { inbound } } } description IX-2.YYZ-1.serverforge.org remote-as 23428 } parameters { router-id 173.50.86.71 } system-as 23428 } ospfv3 { area 1.0.0.0 { } default-information { originate { always } } interface bond0.100 { area 1.0.0.0 } interface tun70 { area 1.0.0.0 } parameters { router-id 173.50.86.71 } } } table 23428 } name AS207556 { protocols { bgp { address-family { ipv4-unicast { maximum-paths { ibgp 2 } } ipv6-unicast { network 2a0e:b100:102::/48 { } network 2a0e:b100:106::/48 { } network 2a0e:b100:107::/48 { } network 2a0e:b100:108::/48 { } network 2a0e:b100:109::/48 { } network 2a0e:b100:110::/48 { } network 2a06:a005:720::/48 { } network 2a06:a005:721::/48 { } network 2602:fb68:3::/48 { } network 2602:fb68:4::/48 { } network 2602:fb68:9::/48 { } network 2602:fb68:10::/48 { } redistribute { ospfv3 { } } } } neighbor 23.136.232.5 { address-family { ipv4-unicast { soft-reconfiguration { inbound } } } description IX-1.IAD-1 remote-as 207556 } neighbor 23.136.232.22 { address-family { ipv4-unicast { soft-reconfiguration { inbound } weight 200 } } description IX-1.YYZ-1 remote-as 207556 } neighbor 2a10:2f00:181:8::1 { address-family { ipv6-unicast { soft-reconfiguration { inbound } weight 10 } } description Edge-2.orf-1 remote-as 207556 } neighbor 2a10:2f00:181:c:: { address-family { ipv6-unicast { soft-reconfiguration { inbound } weight 200 } } description IX-1.IAD-1 remote-as 207556 } neighbor 2a10:2f00:181:d:: { address-family { ipv6-unicast { soft-reconfiguration { inbound } weight 180 } } description IX-1.LAX-1 remote-as 207556 } neighbor 2602:fb68:3::5 { address-family { ipv6-unicast { soft-reconfiguration { inbound } } } remote-as 23428 } neighbor 2602:fb68:3::6 { address-family { ipv6-unicast { soft-reconfiguration { inbound } } } remote-as 50842 } neighbor 2602:fb68::a { address-family { ipv6-unicast { soft-reconfiguration { inbound } } } description IX-1.ZZY-1 remote-as 207556 } parameters { bestpath { as-path { multipath-relax } } router-id 72.84.78.47 } system-as 207556 } ospf { area 23.136.232.0 { area-type { normal } } interface bond0.2602 { area 23.136.232.0 } interface tun20 { area 23.136.232.0 } interface tun80 { area 23.136.232.0 } } ospfv3 { area 0.0.0.0 { } area 2.0.75.56 { } interface bond0.106 { area 0.0.0.0 } interface bond0.107 { area 0.0.0.0 } interface bond0.207 { area 0.0.0.0 } interface bond0.2602 { area 0.0.0.0 } interface bond4093 { area 2.0.75.56 } interface tun20 { area 2.0.75.56 } interface tun21 { area 2.0.75.56 } interface tun80 { area 2.0.75.56 } parameters { router-id 72.84.78.47 } redistribute { connected { } } } static { route 0.0.0.0/0 { next-hop 23.136.232.25 { } } route6 ::/0 { next-hop 2a10:2f00:181:8::1 { } } } } table 207 } }