config-sanitized.boot
All Users
Actions

Authored By

	trae32566
	Dec 27 2023, 8:58 PM

Size

77 KB

Referenced Files

None

Subscribers

None

config-sanitized.boot
View Options

	firewall {
	global-options {
	all-ping "enable"
	broadcast-ping "disable"
	ip-src-route "disable"
	ipv6-receive-redirects "disable"
	ipv6-src-route "disable"
	log-martians "enable"
	}
	group {
	address-group ALL_WEBSERVERS {
	address "198.18.15.12"
	address "198.18.31.5"
	address "198.18.63.5"
	address "198.18.15.14"
	address "198.18.31.6"
	address "198.18.63.6"
	description "REDACTED"
	}
	address-group ATT_WEBSITES {
	address "192.0.2.227"
	address "192.0.2.230"
	address "192.0.2.233"
	description "REDACTED"
	}
	address-group BACKBONE_GLUSTER_CLIENTS {
	address "198.18.16.2"
	address "198.18.16.3"
	address "198.18.16.5"
	address "198.18.16.6"
	address "198.18.48.2"
	address "198.18.48.3"
	address "198.18.48.5"
	address "198.18.48.6"
	}
	address-group BACKBONE_JUMP_HOSTS {
	address "198.18.16.4"
	address "198.18.48.4"
	description "REDACTED"
	}
	address-group BACKBONE_MYSQL_SERVERS {
	address "198.18.31.5"
	address "198.18.63.5"
	address "198.18.31.6"
	address "198.18.63.6"
	address "198.18.16.7"
	address "198.18.48.7"
	description "REDACTED"
	}
	address-group BACKBONE_NAME_SERVERS {
	address "198.18.31.3"
	address "198.18.63.3"
	description "REDACTED"
	}
	address-group BACKBONE_SECURITY_SERVERS {
	address "198.18.31.4"
	address "198.18.63.4"
	description "REDACTED"
	}
	address-group INT_GLUSTER_SERVERS {
	address "198.18.255.5"
	address "198.18.9.3-198.18.9.5"
	description "REDACTED"
	}
	address-group INT_JUMP_HOSTS {
	address "198.18.15.13"
	address "192.0.2.229"
	description "REDACTED"
	}
	address-group INT_NAMESERVERS {
	address "198.18.255.1"
	address "198.18.15.10"
	description "REDACTED"
	}
	address-group INT_TIMESERVERS {
	address "198.18.255.2"
	address "198.18.15.11"
	description "REDACTED"
	}
	address-group INT_WEBSERVERS {
	address "198.18.15.12"
	address "198.18.15.14"
	description "REDACTED"
	}
	interface-group BACKBONE {
	interface "wg0"
	interface "wg1"
	interface "wg2"
	interface "wg3"
	interface "wg4"
	interface "wg5"
	interface "wg6"
	interface "wg7"
	interface "wg8"
	interface "wg9"
	interface "wg100"
	}
	ipv6-address-group ALL_WEBSERVERS-V6 {
	address "2001:db8:1:64::12"
	address "2001:db8:1:64::14"
	address "2001:db8:1:150b::5"
	address "2001:db8:1:150b::6"
	address "2001:db8:1:23e3::5"
	address "2001:db8:1:23e3::6"
	address "2001:db8:1:ffff::3"
	description "REDACTED"
	}
	ipv6-address-group BACKBONE_GLUSTER_CLIENTS-V6 {
	address "2001:db8:1:1538::2"
	address "2001:db8:1:1538::3"
	address "2001:db8:1:1538::5"
	address "2001:db8:1:1538::6"
	address "2001:db8:1:239d::2"
	address "2001:db8:1:239d::3"
	address "2001:db8:1:239d::5"
	address "2001:db8:1:239d::6"
	}
	ipv6-address-group BACKBONE_JUMP_HOSTS-V6 {
	address "2001:db8:1:239d::4"
	address "2001:db8:1:1538::4"
	description "REDACTED"
	}
	ipv6-address-group BACKBONE_MYSQL_SERVERS-V6 {
	address "2001:db8:1:150b::5"
	address "2001:db8:1:150b::6"
	address "2001:db8:1:23e3::5"
	address "2001:db8:1:23e3::6"
	address "2001:db8:1:1538::7"
	address "2001:db8:1:239d::7"
	description "REDACTED"
	}
	ipv6-address-group BACKBONE_NAME_SERVERS-V6 {
	address "2001:db8:1:150b::3"
	address "2001:db8:1:23e3::3"
	description "REDACTED"
	}
	ipv6-address-group BACKBONE_SECURITY_SERVERS-V6 {
	address "2001:db8:1:150b::4"
	address "2001:db8:1:23e3::4"
	description "REDACTED"
	}
	ipv6-address-group IBM_WEBSITES-V6 {
	address "2001:db8:1e01:80::227"
	address "2001:db8:1e01:80::230"
	address "2001:db8:1e01:80::233"
	description "REDACTED"
	}
	ipv6-address-group INT_GLUSTER_SERVERS-V6 {
	address "2001:db8:1:ffff::5"
	address "2001:db8:1:46::3-2001:db8:1:46::5"
	description "REDACTED"
	}
	ipv6-address-group INT_JUMP_HOSTS-V6 {
	address "2001:db8:1:64::13"
	address "2001:db8:1e01:80::229"
	description "REDACTED"
	}
	ipv6-address-group INT_NAMESERVERS-V6 {
	address "2001:db8:1:ffff::1"
	address "2001:db8:1:64::10"
	description "REDACTED"
	}
	ipv6-address-group INT_TIMESERVERS-V6 {
	address "2001:db8:1:ffff::2"
	address "2001:db8:1:64::11"
	description "REDACTED"
	}
	ipv6-address-group INT_WEBSERVERS-V6 {
	address "2001:db8:1:64::12"
	address "2001:db8:1:64::14"
	description "REDACTED"
	}
	ipv6-network-group IBM_SERVERS-V6 {
	description "REDACTED"
	network "2001:db8:1:239d::/64"
	network "2001:db8:1:23e3::/64"
	network "2001:db8:1:1538::/64"
	network "2001:db8:1:150b::/64"
	}
	ipv6-network-group INT_SERVERS-V6 {
	description "REDACTED"
	network "2001:db8:1:a::/64"
	network "2001:db8:1:46::/64"
	network "2001:db8:1:64::/64"
	}
	network-group IBM_MGMT {
	network "169.254.85.240/28"
	network "169.254.49.0/26"
	}
	network-group IBM_SERVERS {
	description "REDACTED"
	network "198.18.16.0/24"
	network "198.18.31.0/28"
	network "198.18.48.0/24"
	network "198.18.63.0/28"
	}
	network-group INT_SERVERS {
	description "REDACTED"
	network "198.18.0.0/24"
	network "198.18.15.8/29"
	network "198.18.9.0/24"
	}
	network-group RFC1918 {
	description "REDACTED"
	network "198.18.0.0/16"
	network "10.0.0.0/8"
	}
	port-group GLUSTER_CLIENT {
	description "REDACTED"
	port "24007"
	port "24009"
	port "49152-65535"
	}
	port-group WEB {
	description "REDACTED"
	port "80"
	port "443"
	}
	port-group WIREGUARD {
	port "51820-51830"
	port "51920"
	}
	}
	ipv4 {
	forward {
	filter {
	default-action "drop"
	rule 2 {
	action "accept"
	state "established"
	state "related"
	}
	rule 4 {
	action "drop"
	state "invalid"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	inbound-interface {
	group "BACKBONE"
	}
	outbound-interface {
	group "BACKBONE"
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	inbound-interface {
	name "bond0.110"
	}
	outbound-interface {
	group "BACKBONE"
	}
	}
	rule 100 {
	action "accept"
	description "REDACTED"
	inbound-interface {
	name "bond0.110"
	}
	outbound-interface {
	name "bond0.20"
	}
	}
	rule 200 {
	action "jump"
	description "REDACTED"
	inbound-interface {
	group "BACKBONE"
	}
	jump-target "BACKBONE_TO_INT"
	outbound-interface {
	name "bond0.110"
	}
	}
	rule 210 {
	action "jump"
	description "REDACTED"
	inbound-interface {
	name "bond0.20"
	}
	jump-target "PUBLIC_TO_INT"
	outbound-interface {
	name "bond0.110"
	}
	}
	}
	}
	input {
	filter {
	default-action "drop"
	rule 1 {
	action "accept"
	state "established"
	state "related"
	}
	rule 2 {
	action "drop"
	state "invalid"
	}
	rule 10 {
	action "jump"
	inbound-interface {
	group "BACKBONE"
	}
	jump-target "BACKBONE_TO_LOCAL"
	}
	rule 20 {
	action "jump"
	inbound-interface {
	name "bond0.110"
	}
	jump-target "INT_TO_LOCAL"
	}
	rule 30 {
	action "jump"
	inbound-interface {
	name "bond0.20"
	}
	jump-target "PUBLIC_TO_LOCAL"
	}
	}
	}
	name BACKBONE_TO_INT {
	default-action "drop"
	description "REDACTED"
	enable-default-log
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "icmp"
	source {
	group {
	network-group "RFC1918"
	}
	}
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	source {
	group {
	address-group "BACKBONE_JUMP_HOSTS"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.15.11"
	}
	protocol "tcp_udp"
	source {
	group {
	address-group "BACKBONE_SECURITY_SERVERS"
	}
	}
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.255.4"
	port "162,2055"
	}
	protocol "udp"
	source {
	address "198.18.253.0/24"
	}
	}
	rule 40 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.9.3"
	port "ssh"
	}
	protocol "tcp"
	source {
	address "198.18.253.0/24"
	}
	}
	rule 50 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.15.11"
	port "www,ldap,https,ldaps"
	}
	protocol "tcp"
	source {
	group {
	network-group "IBM_SERVERS"
	}
	}
	}
	rule 60 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.15.11"
	port "kerberos,kpasswd"
	}
	protocol "tcp_udp"
	source {
	group {
	network-group "IBM_SERVERS"
	}
	}
	}
	rule 70 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.15.10"
	port "5300"
	}
	protocol "tcp_udp"
	source {
	group {
	address-group "BACKBONE_NAME_SERVERS"
	}
	}
	}
	rule 80 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_WEBSERVERS"
	}
	port "3306,4444,4567,4568"
	}
	protocol "tcp"
	source {
	group {
	address-group "BACKBONE_MYSQL_SERVERS"
	}
	}
	}
	rule 90 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS"
	}
	port "ssh"
	}
	protocol "tcp"
	}
	rule 100 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS"
	}
	port "5201-5213"
	}
	protocol "tcp"
	}
	rule 110 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_NAMESERVERS"
	}
	port "domain,514"
	}
	protocol "tcp_udp"
	}
	rule 120 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_NAMESERVERS"
	}
	port "19532"
	}
	protocol "tcp"
	}
	rule 130 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_TIMESERVERS"
	}
	port "ntp,radius,radius-acct"
	}
	protocol "udp"
	}
	rule 140 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.19.27.65"
	port "51413"
	}
	protocol "tcp_udp"
	}
	rule 142 {
	action "drop"
	description "REDACTED"
	destination {
	address "54.39.27.65"
	}
	protocol "icmp"
	}
	rule 144 {
	action "drop"
	description "REDACTED"
	destination {
	address "54.39.27.65"
	port "!51413"
	}
	protocol "tcp_udp"
	}
	rule 150 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "ATT_WEBSITES"
	port-group "WEB"
	}
	}
	protocol "tcp"
	}
	rule 160 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_GLUSTER_SERVERS"
	port-group "GLUSTER_CLIENT"
	}
	}
	protocol "tcp"
	source {
	group {
	address-group "BACKBONE_GLUSTER_CLIENTS"
	}
	}
	}
	}
	name BACKBONE_TO_LOCAL {
	default-action "drop"
	description "REDACTED"
	enable-default-log
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "icmp"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	destination {
	port "ssh"
	}
	protocol "tcp"
	source {
	group {
	address-group "BACKBONE_JUMP_HOSTS"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	port "snmp"
	}
	protocol "udp"
	source {
	group {
	address-group "ALL_WEBSERVERS"
	}
	}
	}
	}
	name INT_TO_LOCAL {
	default-action "drop"
	description "REDACTED"
	enable-default-log
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "icmp"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	destination {
	port "ssh"
	}
	protocol "tcp"
	source {
	group {
	address-group "INT_JUMP_HOSTS"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	port "bgp"
	}
	protocol "tcp"
	source {
	address "198.18.15.0/29"
	}
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	destination {
	port "3780"
	}
	protocol "udp"
	source {
	address "198.18.15.3-198.18.15.4"
	}
	}
	rule 40 {
	action "accept"
	description "REDACTED"
	destination {
	port "3784-3785,4784"
	}
	protocol "udp"
	source {
	address "198.18.15.0/29"
	}
	}
	rule 50 {
	action "accept"
	description "REDACTED"
	protocol "vrrp"
	}
	rule 60 {
	action "accept"
	description "REDACTED"
	destination {
	port "snmp"
	}
	protocol "udp"
	source {
	group {
	address-group "ALL_WEBSERVERS"
	}
	}
	}
	rule 70 {
	action "accept"
	description "REDACTED"
	destination {
	address "198.18.253.2-198.18.253.3"
	port "https"
	}
	protocol "tcp"
	source {
	address "198.18.253.2-198.18.253.3"
	}
	}
	}
	name PUBLIC_TO_INT {
	default-action "drop"
	description "REDACTED"
	rule 10 {
	action "drop"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS"
	}
	port "55875"
	}
	protocol "tcp"
	recent {
	count "3"
	time "hour"
	}
	state "new"
	}
	rule 15 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS"
	}
	port "55875"
	}
	protocol "tcp"
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS"
	}
	port "5201-5232"
	}
	disable
	protocol "tcp_udp"
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "ATT_WEBSITES"
	port-group "WEB"
	}
	}
	protocol "tcp"
	}
	}
	name PUBLIC_TO_LOCAL {
	default-action "drop"
	description "REDACTED"
	rule 10 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	port-group "WIREGUARD"
	}
	}
	protocol "tcp_udp"
	source {
	group {
	port-group "WIREGUARD"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	protocol "vrrp"
	}
	}
	output {
	filter {
	default-action "accept"
	}
	}
	}
	ipv6 {
	forward {
	filter {
	default-action "drop"
	rule 2 {
	action "accept"
	state "established"
	state "related"
	}
	rule 4 {
	action "drop"
	state "invalid"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	inbound-interface {
	group "BACKBONE"
	}
	outbound-interface {
	group "BACKBONE"
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	inbound-interface {
	name "bond0.110"
	}
	outbound-interface {
	group "BACKBONE"
	}
	}
	rule 100 {
	action "accept"
	inbound-interface {
	name "bond0.110"
	}
	outbound-interface {
	name "bond0.20"
	}
	}
	rule 200 {
	action "jump"
	description "REDACTED"
	inbound-interface {
	group "BACKBONE"
	}
	jump-target "BACKBONE_TO_INT-V6"
	outbound-interface {
	name "bond0.110"
	}
	}
	rule 210 {
	action "jump"
	description "REDACTED"
	inbound-interface {
	name "bond0.20"
	}
	jump-target "PUBLIC_TO_INT-V6"
	outbound-interface {
	name "bond0.110"
	}
	}
	}
	}
	input {
	filter {
	default-action "drop"
	rule 1 {
	action "accept"
	state "established"
	state "related"
	}
	rule 2 {
	action "drop"
	state "invalid"
	}
	rule 10 {
	action "jump"
	inbound-interface {
	group "BACKBONE"
	}
	jump-target "BACKBONE_TO_LOCAL-V6"
	}
	rule 20 {
	action "jump"
	inbound-interface {
	name "bond0.110"
	}
	jump-target "INT_TO_LOCAL-V6"
	}
	rule 30 {
	action "jump"
	inbound-interface {
	name "bond0.20"
	}
	jump-target "PUBLIC_TO_LOCAL-V6"
	}
	}
	}
	name BACKBONE_TO_INT-V6 {
	default-action "drop"
	description "REDACTED"
	enable-default-log
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "ipv6-icmp"
	source {
	address "2001:db8:1::/48"
	}
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	source {
	group {
	address-group "BACKBONE_JUMP_HOSTS-V6"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1:64::11"
	}
	protocol "tcp_udp"
	source {
	group {
	address-group "BACKBONE_SECURITY_SERVERS-V6"
	}
	}
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1:ffff::4"
	port "162,2055"
	}
	protocol "udp"
	source {
	address "2001:db8:1:fffe::/64"
	}
	}
	rule 40 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1:46::3"
	port "ssh"
	}
	protocol "tcp"
	source {
	address "2001:db8:1:fffe::/64"
	}
	}
	rule 50 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1:64::11"
	port "www,ldap,https,ldaps"
	}
	protocol "tcp"
	source {
	group {
	network-group "IBM_SERVERS-V6"
	}
	}
	}
	rule 60 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1:64::11"
	port "kerberos,kpasswd"
	}
	protocol "tcp_udp"
	source {
	group {
	network-group "IBM_SERVERS-V6"
	}
	}
	}
	rule 70 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1:64::10"
	port "5300"
	}
	protocol "tcp_udp"
	source {
	group {
	address-group "BACKBONE_NAME_SERVERS-V6"
	}
	}
	}
	rule 80 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_WEBSERVERS-V6"
	}
	port "3306,4444,4567,4568"
	}
	protocol "tcp"
	source {
	group {
	address-group "BACKBONE_MYSQL_SERVERS-V6"
	}
	}
	}
	rule 90 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS-V6"
	}
	port "ssh"
	}
	protocol "tcp"
	}
	rule 100 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_JUMP_HOSTS-V6"
	}
	port "5201-5213"
	}
	protocol "tcp"
	}
	rule 110 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_NAMESERVERS-V6"
	}
	port "domain,514"
	}
	protocol "tcp_udp"
	}
	rule 120 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_NAMESERVERS-V6"
	}
	port "19532"
	}
	protocol "tcp"
	}
	rule 130 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_TIMESERVERS-V6"
	}
	port "ntp,radius,radius-acct"
	}
	protocol "udp"
	}
	rule 140 {
	action "accept"
	description "REDACTED"
	destination {
	address "2001:db8:1e01:80::/64"
	}
	protocol "all"
	}
	rule 150 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	address-group "INT_GLUSTER_SERVERS-V6"
	port-group "GLUSTER_CLIENT"
	}
	}
	protocol "tcp"
	source {
	group {
	address-group "BACKBONE_GLUSTER_CLIENTS-V6"
	}
	}
	}
	}
	name BACKBONE_TO_LOCAL-V6 {
	default-action "drop"
	description "REDACTED"
	enable-default-log
	rule 1 {
	action "accept"
	protocol "ipv6-icmp"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	destination {
	port "ssh"
	}
	protocol "tcp"
	source {
	group {
	address-group "BACKBONE_JUMP_HOSTS-V6"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	port "bgp"
	}
	protocol "tcp"
	source {
	address "fe80::/10"
	}
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	destination {
	port "3784-3785,4784"
	}
	protocol "udp"
	source {
	address "fe80::/10"
	}
	}
	rule 40 {
	action "accept"
	description "REDACTED"
	destination {
	port "snmp"
	}
	protocol "udp"
	source {
	group {
	address-group "ALL_WEBSERVERS-V6"
	}
	}
	}
	}
	name INT_TO_LOCAL-V6 {
	default-action "drop"
	description "REDACTED"
	enable-default-log
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "ipv6-icmp"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	destination {
	port "ssh"
	}
	protocol "tcp"
	source {
	group {
	address-group "INT_JUMP_HOSTS-V6"
	}
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	port "bgp"
	}
	protocol "tcp"
	source {
	address "2001:db8:1:6e::/64"
	}
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	destination {
	port "3784-3785,4784"
	}
	protocol "udp"
	source {
	address "2001:db8:1:6e::/64"
	}
	}
	rule 40 {
	action "accept"
	description "REDACTED"
	protocol "vrrp"
	}
	rule 50 {
	action "accept"
	description "REDACTED"
	destination {
	port "snmp"
	}
	protocol "udp"
	source {
	group {
	address-group "ALL_WEBSERVERS-V6"
	}
	}
	}
	rule 60 {
	action "accept"
	description "REDACTED"
	destination {
	port "443"
	}
	protocol "tcp"
	source {
	address "2001:db8:1:fffe::2-2001:db8:1:fffe::3"
	}
	}
	}
	name PUBLIC_TO_INT-V6 {
	default-action "drop"
	description "REDACTED"
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "ipv6-icmp"
	}
	}
	name PUBLIC_TO_LOCAL-V6 {
	default-action "drop"
	description "REDACTED"
	rule 1 {
	action "accept"
	description "REDACTED"
	protocol "ipv6-icmp"
	}
	rule 10 {
	action "accept"
	description "REDACTED"
	destination {
	port "546"
	}
	protocol "udp"
	source {
	port "547"
	}
	}
	rule 20 {
	action "accept"
	description "REDACTED"
	destination {
	group {
	port-group "WIREGUARD"
	}
	}
	protocol "udp"
	}
	rule 30 {
	action "accept"
	description "REDACTED"
	protocol "vrrp"
	}
	}
	output {
	filter {
	default-action "accept"
	}
	}
	}
	}
	high-availability {
	vrrp {
	group ATT-V4 {
	address 198.19.52.249/22 {
	}
	authentication {
	password "somePassword"
	type "plaintext-password"
	}
	interface "bond0.20"
	priority "254"
	vrid "1"
	}
	group ATT-V6 {
	address 2001:db8:6ec:b000::249/64 {
	}
	authentication {
	password "somePassword2"
	type "plaintext-password"
	}
	interface "bond0.20"
	priority "254"
	vrid "2"
	}
	snmp
	sync-group CR01.INT {
	member "ATT-V4"
	member "ATT-V6"
	}
	}
	}
	interfaces {
	bonding bond0 {
	description "REDACTED"
	hash-policy "layer3+4"
	ipv6 {
	address {
	no-default-link-local
	}
	}
	lacp-rate "fast"
	member {
	interface "eth0"
	interface "eth1"
	}
	mode "802.3ad"
	mtu "9214"
	vif 20 {
	address "198.18.100.4/29"
	address "192.0.2.226/32"
	address "2001:db8:6ec:b000::226/64"
	description "REDACTED"
	dhcpv6-options {
	duid "00:01:00:01:c7:92:bc:12:34:56:78:9a:bc:de"
	pd 0 {
	interface dum1 {
	address "0"
	}
	}
	pd 1 {
	interface dum1 {
	address "0"
	}
	}
	pd 2 {
	interface dum1 {
	address "0"
	}
	}
	pd 3 {
	interface dum1 {
	address "0"
	}
	}
	rapid-commit
	}
	mtu "1500"
	}
	vif 110 {
	address "198.18.15.4/29"
	address "fe80::198:18:15:4/64"
	address "2001:db8:1:6e::4/64"
	description "REDACTED"
	ipv6 {
	address {
	no-default-link-local
	}
	}
	mtu "9214"
	}
	}
	dummy dum0 {
	address "2001:db8:1:fffe::3/128"
	address "198.18.253.3/32"
	description "REDACTED"
	}
	dummy dum1 {
	description "REDACTED"
	}
	ethernet eth0 {
	description "REDACTED"
	disable-flow-control
	hw-id "12:34:56:78:9a:bc"
	offload {
	gro
	gso
	sg
	tso
	}
	ring-buffer {
	rx "4096"
	tx "4096"
	}
	}
	ethernet eth1 {
	description "REDACTED"
	disable-flow-control
	hw-id "de:f0:12:34:56:78"
	offload {
	gro
	gso
	sg
	tso
	}
	ring-buffer {
	rx "4096"
	tx "4096"
	}
	}
	loopback lo {
	}
	wireguard wg0 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01-VYOS.BHSv4 {
	address "198.19.115.181"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51822"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51820"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg1 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01-VYOS.BHSv6 {
	address "2001:db8:203:b0b5::1"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51823"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51821"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg2 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01A-VYOS.DAL10v4 {
	address "198.19.77.126"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51822"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51822"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg3 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01A-VYOS.DAL10v6 {
	address "2001:db8:1e01:7d::4"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51823"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51823"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg4 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01B-VYOS.DAL10v4 {
	address "198.19.77.123"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51822"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51824"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg5 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01B-VYOS.DAL10v6 {
	address "2001:db8:1e01:7d::5"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51823"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51825"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg6 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01A-VYOS.WDC07v4 {
	address "198.19.15.10"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51822"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51826"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg7 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01A-VYOS.WDC07v6 {
	address "2001:db8:3a01:a5::3"
	allowed-ips "0.0.0.0/0"
	allowed-ips "::/0"
	port "51823"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51827"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg8 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01B-VYOS.WDC07v4 {
	address "198.19.15.11"
	allowed-ips "::/0"
	allowed-ips "0.0.0.0/0"
	port "51822"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51828"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg9 {
	description "REDACTED"
	fwmark "51820"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer CR01B-VYOS.WDC07v6 {
	address "2001:db8:3a01:a5::2"
	allowed-ips "::/0"
	allowed-ips "0.0.0.0/0"
	port "51823"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51829"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	wireguard wg100 {
	address "198.18.7.1/24"
	address "2001:db8:1:fff::1/64"
	description "REDACTED"
	ip {
	adjust-mss "clamp-mss-to-pmtu"
	}
	ipv6 {
	adjust-mss "clamp-mss-to-pmtu"
	}
	peer PEER1 {
	allowed-ips "198.18.7.0/24"
	allowed-ips "2001:db8:1:fff::/64"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	peer PEER2 {
	allowed-ips "198.18.7.0/24"
	allowed-ips "2001:db8:1:fff::/64"
	public-key "yuRTzsKzPYy87Rn8Sgm7a0soJit3hmcDPptGxlZ9jlg="
	}
	port "51920"
	private-key "2MtQ7ssxg5kIiHmS3d9nhGTzPCpVGjBmIPUWE3IVJ3g="
	}
	}
	nat {
	source {
	rule 999 {
	description "REDACTED"
	outbound-interface {
	name "bond0.20"
	}
	source {
	address "198.18.0.0/20"
	}
	translation {
	address "198.19.52.249"
	}
	}
	}
	}
	nat66 {
	source {
	rule 10 {
	description "REDACTED"
	outbound-interface {
	name "bond0.20"
	}
	source {
	prefix "2001:db8:1:a::/64"
	}
	translation {
	address "2001:db8:6ec:b00c::/64"
	}
	}
	rule 20 {
	description "REDACTED"
	outbound-interface {
	name "bond0.20"
	}
	source {
	prefix "2001:db8:1:46::/64"
	}
	translation {
	address "2001:db8:6ec:b00d::/64"
	}
	}
	rule 30 {
	description "REDACTED"
	outbound-interface {
	name "bond0.20"
	}
	source {
	prefix "2001:db8:1:c8::/64"
	}
	translation {
	address "2001:db8:6ec:b00e::/64"
	}
	}
	rule 40 {
	description "REDACTED"
	outbound-interface {
	name "bond0.20"
	}
	source {
	prefix "2001:db8:1:f0::/64"
	}
	translation {
	address "2001:db8:6ec:b00f::/64"
	}
	}
	}
	}
	policy {
	as-path-list DAL10 {
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "4242420668_$"
	}
	}
	as-path-list IBM {
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "^_42424206(68\|70)_$"
	}
	}
	as-path-list INT {
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "_"
	}
	}
	as-path-list WDC07 {
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "4242420670_$"
	}
	}
	large-community-list ANYCAST_ALL {
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "4242420696:100:.*"
	}
	}
	large-community-list ANYCAST_INT {
	description "REDACTED"
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "4242420696:100:1"
	}
	}
	large-community-list BLACKHOLE_ALL {
	description "REDACTED"
	rule 10 {
	action "permit"
	regex "4242420696:86:.*"
	}
	}
	large-community-list LOOPBACK_ALL {
	rule 10 {
	action "permit"
	description "REDACTED"
	regex "4242420696:10:.*"
	}
	}
	prefix-list BGP-DAL10 {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "23"
	prefix "198.18.16.0/20"
	}
	}
	prefix-list BGP-INT {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "23"
	prefix "198.18.0.0/20"
	}
	}
	prefix-list BGP-REDISTRIBUTE {
	description "REDACTED"
	rule 10 {
	action "permit"
	description "REDACTED"
	prefix "198.18.100.0/29"
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	prefix "198.18.15.0/29"
	}
	rule 30 {
	action "permit"
	description "REDACTED"
	prefix "198.18.7.0/24"
	}
	}
	prefix-list BGP-SERVICES {
	description "REDACTED"
	rule 10 {
	action "permit"
	description "REDACTED"
	prefix "10.0.0.0/8"
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	ge "9"
	prefix "10.0.0.0/8"
	}
	}
	prefix-list BGP-WDC07 {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "23"
	prefix "198.18.48.0/20"
	}
	}
	prefix-list DEFAULT {
	description "REDACTED"
	rule 10 {
	action "permit"
	description "REDACTED"
	prefix "0.0.0.0/0"
	}
	}
	prefix-list LOOPBACK {
	description "REDACTED"
	rule 10 {
	action "permit"
	ge "32"
	prefix "198.18.253.0/24"
	}
	}
	prefix-list6 BGP-DAL10-V6 {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "64"
	prefix "2001:db8:1:1000::/52"
	}
	}
	prefix-list6 BGP-INT-V6 {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "64"
	prefix "2001:db8:1::/52"
	}
	}
	prefix-list6 BGP-WDC07-V6 {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "64"
	prefix "2001:db8:1:2000::/52"
	}
	}
	prefix-list6 DEFAULT-V6 {
	description "REDACTED"
	rule 10 {
	action "permit"
	description "REDACTED"
	prefix "::/0"
	}
	}
	prefix-list6 LOOPBACK-V6 {
	rule 10 {
	action "permit"
	description "REDACTED"
	ge "128"
	prefix "2001:db8:1:fffe::/64"
	}
	}
	route LAN_OUT {
	description "REDACTED"
	interface "bond0.110"
	rule 10 {
	description "REDACTED"
	set {
	table "110"
	}
	source {
	address "198.19.27.64/28"
	}
	}
	rule 9999 {
	set {
	table "main"
	}
	}
	}
	route-map BGP-BACKBONE-COSTED {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "LOOPBACK"
	}
	}
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "LOOPBACK-V6"
	}
	}
	}
	}
	rule 30 {
	action "permit"
	call "BGP-BACKBONE-OUT"
	description "REDACTED"
	set {
	local-preference "0"
	}
	}
	}
	route-map BGP-BACKBONE-IN {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	as-path "WDC07"
	large-community {
	large-community-list "ANYCAST_ALL"
	}
	}
	set {
	metric "+150"
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "ANYCAST_ALL"
	}
	}
	set {
	metric "+100"
	}
	}
	rule 30 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "BLACKHOLE_ALL"
	}
	}
	set {
	ip-next-hop "198.18.253.0"
	ipv6-next-hop {
	global "2001:db8:1:fffe:198:18:253:0"
	}
	}
	}
	rule 40 {
	action "permit"
	description "REDACTED"
	match {
	as-path "WDC07"
	ip {
	address {
	prefix-list "BGP-SERVICES"
	}
	}
	}
	set {
	metric "+150"
	}
	}
	rule 50 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "LOOPBACK_ALL"
	}
	}
	}
	rule 60 {
	action "permit"
	description "REDACTED"
	match {
	as-path "IBM"
	ip {
	address {
	prefix-list "BGP-SERVICES"
	}
	}
	}
	}
	rule 70 {
	action "permit"
	description "REDACTED"
	match {
	as-path "DAL10"
	ip {
	address {
	prefix-list "BGP-DAL10"
	}
	}
	}
	}
	rule 80 {
	action "permit"
	description "REDACTED"
	match {
	as-path "DAL10"
	ipv6 {
	address {
	prefix-list "BGP-DAL10-V6"
	}
	}
	}
	}
	rule 90 {
	action "permit"
	description "REDACTED"
	match {
	as-path "WDC07"
	ip {
	address {
	prefix-list "BGP-WDC07"
	}
	}
	}
	}
	rule 100 {
	action "permit"
	description "REDACTED"
	match {
	as-path "WDC07"
	ipv6 {
	address {
	prefix-list "BGP-WDC07-V6"
	}
	}
	}
	}
	rule 999 {
	action "permit"
	call "BGP-REDISTRIBUTE"
	description "REDACTED"
	}
	}
	route-map BGP-BACKBONE-OUT {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "ANYCAST_INT"
	}
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "BLACKHOLE_ALL"
	}
	}
	}
	rule 30 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "LOOPBACK_ALL"
	}
	}
	}
	rule 40 {
	action "permit"
	match {
	as-path "INT"
	ip {
	address {
	prefix-list "BGP-INT"
	}
	}
	}
	}
	rule 50 {
	action "permit"
	match {
	as-path "INT"
	ipv6 {
	address {
	prefix-list "BGP-INT-V6"
	}
	}
	}
	}
	rule 999 {
	action "permit"
	call "BGP-REDISTRIBUTE"
	description "REDACTED"
	}
	}
	route-map BGP-CORE-COSTED {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "LOOPBACK"
	}
	}
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "LOOPBACK-V6"
	}
	}
	}
	}
	rule 30 {
	action "permit"
	call "BGP-CORE-OUT"
	description "REDACTED"
	set {
	local-preference "0"
	}
	}
	}
	route-map BGP-CORE-IN {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "ANYCAST_INT"
	}
	}
	set {
	ipv6-next-hop {
	prefer-global
	}
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "BGP-INT"
	}
	}
	}
	}
	rule 30 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "BGP-INT-V6"
	}
	}
	}
	set {
	ipv6-next-hop {
	prefer-global
	}
	}
	}
	rule 40 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "DEFAULT"
	}
	}
	}
	}
	rule 50 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "DEFAULT-V6"
	}
	}
	}
	set {
	ipv6-next-hop {
	prefer-global
	}
	}
	}
	rule 60 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "LOOPBACK_ALL"
	}
	}
	set {
	ipv6-next-hop {
	prefer-global
	}
	}
	}
	}
	route-map BGP-CORE-OUT {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "ANYCAST_ALL"
	}
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "BGP-SERVICES"
	}
	}
	}
	}
	rule 30 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "BGP-DAL10"
	}
	}
	}
	}
	rule 40 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "BGP-DAL10-V6"
	}
	}
	}
	}
	rule 50 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "BGP-WDC07"
	}
	}
	}
	}
	rule 60 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "BGP-WDC07-V6"
	}
	}
	}
	}
	rule 70 {
	action "permit"
	description "REDACTED"
	match {
	large-community {
	large-community-list "LOOPBACK_ALL"
	}
	}
	}
	rule 999 {
	action "permit"
	call "BGP-REDISTRIBUTE"
	description "REDACTED"
	}
	}
	route-map BGP-REDISTRIBUTE {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	tag "86"
	}
	set {
	large-community {
	add "4242420696:86:1"
	}
	origin "igp"
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "LOOPBACK"
	}
	}
	}
	set {
	large-community {
	add "4242420696:10:1"
	}
	origin "igp"
	}
	}
	rule 30 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "LOOPBACK-V6"
	}
	}
	}
	set {
	large-community {
	add "4242420696:10:1"
	}
	origin "igp"
	}
	}
	rule 40 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "BGP-REDISTRIBUTE"
	}
	}
	}
	set {
	origin "igp"
	}
	}
	rule 50 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "BGP-INT-V6"
	}
	}
	}
	set {
	origin "igp"
	}
	}
	}
	route-map DEFAULT-ZEBRA-IN {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	ip {
	address {
	prefix-list "DEFAULT"
	}
	}
	}
	set {
	src "192.0.2.226"
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	set {
	src "198.18.253.3"
	}
	}
	}
	route-map DEFAULT-ZEBRA-IN-V6 {
	rule 10 {
	action "permit"
	description "REDACTED"
	match {
	ipv6 {
	address {
	prefix-list "DEFAULT-V6"
	}
	}
	}
	set {
	src "2600:1700:6ec:b000::226"
	}
	}
	rule 20 {
	action "permit"
	description "REDACTED"
	set {
	src "2001:db8:1:fffe::3"
	}
	}
	}
	route6 LAN_OUT-V6 {
	description "REDACTED"
	interface "bond0.110"
	rule 10 {
	description "REDACTED"
	set {
	table "110"
	}
	source {
	address "2001:db8:203:64ef::/64"
	}
	}
	rule 20 {
	description "REDACTED"
	set {
	table "100"
	}
	source {
	address "2001:db8:1e01:80::/64"
	}
	}
	rule 999 {
	set {
	table "main"
	}
	}
	}
	}
	protocols {
	bfd {
	profile FAR {
	interval {
	receive "100"
	transmit "100"
	}
	}
	profile NEAR {
	interval {
	receive "50"
	transmit "50"
	}
	}
	}
	bgp {
	address-family {
	ipv4-unicast {
	redistribute {
	connected {
	route-map "BGP-REDISTRIBUTE"
	}
	}
	}
	ipv6-unicast {
	redistribute {
	connected {
	route-map "BGP-REDISTRIBUTE"
	}
	}
	}
	}
	neighbor 198.18.15.1 {
	peer-group "CORE"
	}
	neighbor 198.18.15.3 {
	peer-group "CORE"
	}
	neighbor 198.18.15.5 {
	peer-group "CORE"
	}
	neighbor 2001:db8:1:6e::1 {
	peer-group "COREv6"
	}
	neighbor 2001:db8:1:6e::3 {
	peer-group "COREv6"
	}
	neighbor 2001:db8:1:6e::5 {
	peer-group "COREv6"
	}
	neighbor wg0 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420669"
	}
	}
	}
	neighbor wg1 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420669"
	}
	}
	}
	neighbor wg2 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420668"
	}
	}
	}
	neighbor wg3 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420668"
	}
	}
	}
	neighbor wg4 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420668"
	}
	}
	}
	neighbor wg5 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420668"
	}
	}
	}
	neighbor wg6 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420670"
	}
	}
	}
	neighbor wg7 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420670"
	}
	}
	}
	neighbor wg8 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420670"
	}
	}
	}
	neighbor wg9 {
	interface {
	v6only {
	peer-group "BACKBONE"
	remote-as "4242420670"
	}
	}
	}
	parameters {
	bestpath {
	as-path {
	confed
	multipath-relax
	}
	}
	confederation {
	identifier "4242420696"
	peers "4242420668"
	peers "4242420669"
	peers "4242420670"
	}
	fast-convergence
	graceful-restart
	network-import-check
	router-id "198.18.253.3"
	}
	peer-group BACKBONE {
	address-family {
	ipv4-unicast {
	nexthop-self
	route-map {
	export "BGP-BACKBONE-OUT"
	import "BGP-BACKBONE-IN"
	}
	soft-reconfiguration {
	inbound
	}
	}
	ipv6-unicast {
	nexthop-self
	route-map {
	export "BGP-BACKBONE-OUT"
	import "BGP-BACKBONE-IN"
	}
	soft-reconfiguration {
	inbound
	}
	}
	}
	bfd {
	profile "FAR"
	}
	capability {
	extended-nexthop
	}
	}
	peer-group CORE {
	address-family {
	ipv4-unicast {
	default-originate
	nexthop-self
	route-map {
	export "BGP-CORE-OUT"
	import "BGP-CORE-IN"
	}
	soft-reconfiguration {
	inbound
	}
	}
	}
	bfd {
	profile "NEAR"
	}
	remote-as "4242420666"
	}
	peer-group COREv6 {
	address-family {
	ipv6-unicast {
	default-originate
	nexthop-self
	route-map {
	export "BGP-CORE-OUT"
	import "BGP-CORE-IN"
	}
	soft-reconfiguration {
	inbound
	}
	}
	}
	bfd {
	profile "NEAR"
	}
	remote-as "4242420666"
	}
	system-as "4242420666"
	}
	static {
	route 0.0.0.0/0 {
	next-hop 198.19.52.1 {
	}
	}
	route 10.0.0.0/8 {
	blackhole {
	distance "253"
	}
	}
	route 192.0.2.224/28 {
	blackhole
	}
	route 192.0.2.225/32 {
	next-hop 198.18.253.2 {
	}
	}
	route 100.64.0.0/10 {
	blackhole
	}
	route 198.19.52.0/22 {
	interface bond0.20 {
	}
	}
	route 169.254.0.0/16 {
	blackhole
	}
	route 172.16.0.0/12 {
	blackhole
	}
	route 198.18.0.0/15 {
	blackhole
	}
	route6 2001:db8:3a01:2::/64 {
	blackhole {
	distance "253"
	}
	}
	route6 2001:db8:2701:1ad::/64 {
	blackhole {
	distance "253"
	}
	}
	route6 2001:db8:2701:1c9::/64 {
	blackhole {
	distance "253"
	}
	}
	route6 ::/0 {
	next-hop 2001:db8:6ec:b000::1 {
	}
	}
	route6 fc00::/7 {
	blackhole
	}
	table 100 {
	route6 ::/0 {
	next-hop 2001:db8:1:fffe::6 {
	}
	next-hop 2001:db8:1:fffe::7 {
	}
	}
	}
	table 110 {
	route 0.0.0.0/0 {
	next-hop 198.18.253.12 {
	}
	}
	route6 ::/0 {
	next-hop 2001:db8:1:fffe::12 {
	}
	}
	}
	}
	}
	service {
	conntrack-sync {
	disable-external-cache
	failover-mechanism {
	vrrp {
	sync-group "CR01.INT"
	}
	}
	ignore-address "fe80::/10"
	ignore-address "ff00::/8"
	ignore-address "169.254.0.0/16"
	ignore-address "224.0.0.0/4"
	ignore-address "127.0.0.0/8"
	interface bond0.110 {
	}
	sync-queue-size "10"
	}
	https {
	api {
	graphql {
	authentication {
	type "token"
	}
	introspection
	}
	keys {
	id CR01A-VYOS.INT {
	key "Key123"
	}
	}
	}
	virtual-host CONFIG-SYNC {
	allow-client {
	address "198.18.253.2"
	}
	listen-address "198.18.253.3"
	server-name "cr01b-vyos.int.rtr.trae32566.org"
	}
	virtual-host CONFIG-SYNC-V6 {
	allow-client {
	address "2001:db8:1:fffe::2"
	}
	listen-address "2001:db8:1:fffe::3"
	server-name "cr01b-vyos.int.rtr.trae32566.org"
	}
	}
	lldp
	ntp {
	allow-client {
	address "0.0.0.0/0"
	address "::/0"
	}
	server ntp01.ac.trae32566.org {
	prefer
	}
	server sec01-cs9.dal10.trae32566.org {
	}
	server sec01-cs9.int.trae32566.org {
	}
	}
	snmp {
	community REDACTED {
	client "198.18.15.12"
	client "198.18.31.5"
	client "198.18.63.5"
	client "2001:db8:1:64::12"
	client "2001:db8:1:150b::5"
	client "2001:db8:1:23e3::5"
	}
	contact "Trae Santiago <[email protected]>"
	listen-address 198.18.253.3 {
	}
	listen-address 2001:db8:1:fffe::3 {
	}
	location "A LAND FAR FAR AWAY"
	trap-target 198.18.255.4 {
	community "REDACTED"
	}
	trap-target 2001:db8:1:ffff::4 {
	community "REDACTED"
	}
	}
	ssh {
	disable-host-validation
	listen-address "198.18.253.3"
	listen-address "2001:db8:1:fffe::3"
	}
	}
	system {
	config-management {
	commit-archive {
	location "sftp://SOMEUSER:[email protected]/int/cr01b-vyos"
	source-address "198.18.253.3"
	}
	commit-revisions "10000"
	}
	conntrack {
	flow-accounting
	table-size "1000000"
	timeout {
	icmp "10"
	other "60"
	tcp {
	close-wait "20"
	established "3600"
	fin-wait "30"
	syn-recv "30"
	syn-sent "60"
	}
	udp {
	stream "60"
	}
	}
	}
	console {
	device ttyS0 {
	speed "115200"
	}
	}
	domain-name "int.trae32566.org"
	domain-search {
	domain "int.trae32566.org"
	domain "rtr.trae32566.org"
	domain "trae32566.org"
	}
	frr {
	snmp {
	bgpd
	zebra
	}
	}
	host-name "cr01b-vyos"
	ip {
	multipath {
	layer4-hashing
	}
	protocol bgp {
	route-map "DEFAULT-ZEBRA-IN"
	}
	protocol static {
	route-map "DEFAULT-ZEBRA-IN"
	}
	}
	ipv6 {
	multipath {
	layer4-hashing
	}
	protocol bgp {
	route-map "DEFAULT-ZEBRA-IN-V6"
	}
	protocol static {
	route-map "DEFAULT-ZEBRA-IN-V6"
	}
	}
	login {
	radius {
	server 198.18.15.11 {
	key "someKey123!"
	}
	server 198.18.31.4 {
	key "someKey123!"
	}
	server 198.18.255.2 {
	key "someKey123!"
	priority "10"
	}
	source-address "198.18.253.3"
	}
	user vyos {
	authentication {
	plaintext-password "vyos"
	}
	}
	}
	name-server "2001:db8:1:ffff::1"
	name-server "198.18.255.1"
	name-server "2001:db8:1:64::10"
	name-server "198.18.15.10"
	name-server "2001:db8:1:150b::3"
	name-server "198.18.31.3"
	option {
	ctrl-alt-delete "reboot"
	performance "latency"
	reboot-on-panic
	time-format "24-hour"
	}
	sysctl {
	parameter net.core.rmem_default {
	value "1703936"
	}
	parameter net.core.rmem_max {
	value "8388608"
	}
	parameter net.ipv4.fib_multipath_use_neigh {
	value "1"
	}
	}
	syslog {
	global {
	facility all {
	level "info"
	}
	facility local7 {
	level "debug"
	}
	preserve-fqdn
	}
	host log01.ac.trae32566.org {
	facility all {
	level "all"
	}
	}
	}
	time-zone "US/Central"
	}


	// Warning: Do not remove the following line.
	// vyos-config-version: "bgp@4:broadcast-relay@1:cluster@2:config-management@1:conntrack@4:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@7:dhcpv6-server@2:dns-dynamic@3:dns-forwarding@4:firewall@13:flow-accounting@1:https@5:ids@1:interfaces@32:ipoe-server@2:ipsec@12:isis@3:l2tp@5:lldp@1:mdns@1:monitoring@1:nat@7:nat66@2:ntp@3:openconnect@2:openvpn@1:ospf@2:pim@1:policy@7:pppoe-server@7:pptp@3:qos@2:quagga@11:rip@1:rpki@1:salt@1:snmp@3:ssh@2:sstp@5:system@26:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
	// Release version: 1.5-rolling-202312130023

File Metadata

Mime Type: text/plain
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 333663
Default Alt Text: config-sanitized.boot (77 KB)

config-sanitized.bootAll UsersActions

config-sanitized.bootView Options

File Metadata

Event Timeline

config-sanitized.boot
All Users
Actions

config-sanitized.boot
View Options