-
Notifications
You must be signed in to change notification settings - Fork 1
/
lothlorien-config.j2
86 lines (86 loc) · 1.92 KB
/
lothlorien-config.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
system {
root-authentication {
encrypted-password "{{ encrypted_root_pw }}"; ## SECRET-DATA
}
login {
user meshrr {
class super-user;
uid 100;
authentication {
ssh-ed25519 "ssh-ed25519 TBD"; ## SECRET-DATA
}
}
}
services {
netconf {
ssh;
}
}
license {
keys {
key "{{ LICENSE_KEY }}";
}
}
processes {
routing {
bgp {
rib-sharding;
update-threading;
}
}
}
}
groups {
MESHRR {
protocols {
bgp {
group MESHRR-MESH {
type internal
}
group MESHRR-CLIENTS {
type internal;
cluster {{ POD_IP }};
allow [ {% for prefix in bgpgroups_subtractive['MESHRR-CLIENTS'].prefixes %}{{ prefix }} {% endfor %}];
}
group MESHRR-UPSTREAM {
type internal;
export UPSTREAM-OUT;
}
}
}
}
}
policy-options {
policy-statement UPSTREAM-OUT {
term DROP-INREGION-ONLY {
from community INREGION-ONLY;
then reject;
}
term INREGION-PREFERRED {
from community INREGION-PREFERRED;
then {
local-preference 20;
}
}
then accept;
}
community INREGION-ONLY members 65000:101;
community INREGION-PREFERRED members 65000:102;
}
routing-options {
autonomous-system {{ asn }};
router-id {{ POD_IP }};
}
protocols {
bgp {
apply-groups MESHRR;
family inet {
unicast {
nexthop-resolution {
no-resolution;
}
no-install;
}
}
}
}