!! Cisco ASR - IOS XR Configuration 6.1.4 ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS ACL ------------------------------------------------------------------------------ ! ipv4 access-list TRAFFIC-POLICY-IX-V4 5 deny udp any eq snmp host 200.192.110.220 10 deny udp any eq ntp host 200.192.110.220 15 deny udp any eq domain host 200.192.110.220 20 deny tcp any eq domain host 200.192.110.220 999 permit ipv4 any any ! ipv6 access-list TRAFFIC-POLICY-IX-V6 5 deny udp any eq snmp host 2001:12f8:0:13::220 10 deny udp any eq ntp host 2001:12f8:0:13::220 15 deny udp any eq domain host 2001:12f8:0:13::220 20 deny tcp any eq domain host 2001:12f8:0:13::220 999 permit ipv6 any any ! ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS INTERFACES ------------------------------------------------------------------------------ interface TenGigE0/0/0/0 ipv6 nd suppress-ra ! interface TenGigE0/0/0/0.2150 description IXBR-IPV4 ipv4 address 200.192.110.220 255.255.255.0 encapsulation dot1q 2150 ipv4 access-group TRAFFIC-POLICY-IX-V4 ingress ! interface TenGigE0/0/0/0.2151 description IXBR-IPV6 ipv6 nd suppress-ra ipv6 address 2001:12f8:0:13::220/64 encapsulation dot1q 2151 ipv6 access-group TRAFFIC-POLICY-IX-V6 ingress ! interface TenGigE0/0/0/0.2155 description OPENCDN ipv4 address 168.181.23.61 255.255.255.254 ipv6 nd suppress-ra ipv6 address 2801:80:17b1::23:61/127 encapsulation dot1q 2155 ! ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS LISTAS DE PREFIXOS ------------------------------------------------------------------------------ prefix-set BLOCOS_MEU_AS-V4 203.0.113.0/24 end-set ! prefix-set BLOCOS_MEU_AS-V6 2001:db8::/32 end-set ! prefix-set BOGONS_V4 0.0.0.0/0, 0.0.0.0/8 le 32, 10.0.0.0/8 le 32, 100.64.0.0/10 le 32, 127.0.0.0/8 le 32, 169.254.0.0/16 le 32, 172.16.0.0/12 le 32, 192.0.0.0/24 le 32, 192.0.2.0/24 le 32, 192.88.99.0/24 le 32, 192.168.0.0/16 le 32, 198.18.0.0/15 le 32, 198.51.100.0/24 le 32, 203.0.113.0/24 le 32, 224.0.0.0/4 le 32, 240.0.0.0/4 le 32, end-set prefix-set BOGONS_V6 ::/0, ::/96 le 128, ::1/128, ::ffff:0.0.0.0/96 le 128, 100::/64 le 128, 2001::/32 le 128, 2001:2::/48 le 128, 2001:10::/28 le 128, 2001:db8::/32 le 128, fc00::/7 le 128, fe80::/10 le 128, fec0::/10 le 128, ff00::/8 le 128 end-set prefix-set IPV6_GLOBAL 2001:200::/23 le 48, 2001:400::/23 le 48, 2001:600::/23 le 48, 2001:800::/23 le 48, 2001:a00::/23 le 48, 2001:c00::/23 le 48, 2001:e00::/23 le 48, 2001:1200::/23 le 48, 2001:1400::/23 le 48, 2001:1600::/23 le 48, 2001:1800::/23 le 48, 2001:1a00::/23 le 48, 2001:1c00::/22 le 48, 2001:2000::/20 le 48, 2001:3000::/21 le 48, 2001:3800::/22 le 48, 2001:4000::/23 le 48, 2001:4200::/23 le 48, 2001:4400::/23 le 48, 2001:4600::/23 le 48, 2001:5000::/20 le 48, 2001:8000::/19 le 48, 2001:a000::/20 le 48, 2001:b000::/20 le 48, 2002::/16 le 48, 2610::/23 le 48, 2620::/23 le 48, 2800::/12 le 48, 2a00::/12 le 48, 2c00::/12 le 48 2003::/18 le 48, 2400::/12 le 48, 2600::/12 le 48 end-set ! ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS POLÍTICAS DE ROTEAMENTO ------------------------------------------------------------------------------ router static address-family ipv4 unicast 203.0.113.0/24 Null0 ! address-family ipv6 unicast 2001:db8::/32 Null0 ! ! ------------------------------------------------------------------------------ community-set NETFLIX_OPENCDN 40027:40000 end-set ! ------------------------------------------------------------------------------ route-policy IX_BR_IPV4_IN if destination in BOGONS_V4 or destination in BLOCOS_MEU_AS-V4 then drop else set local-preference 200 done endif end-policy ! ------------------------------------------------------------------------------ route-policy IX_BR_IPV6_IN if destination in BOGONS_V6 or destination in BLOCOS_MEU_AS-V6 then drop elseif destination in IPV6_GLOBAL then set local-preference 200 done else drop endif end-policy ! ------------------------------------------------------------------------------ route-policy IX_BR_IPV4_OUT if destination in BLOCOS_MEU_AS-V4 then done else drop endif end-policy ! ------------------------------------------------------------------------------ route-policy IX_BR_IPV6_OUT if destination in BLOCOS_MEU_AS-V6 then done else drop endif end-policy ! ------------------------------------------------------------------------------ route-policy OPENCDN_IPV4_IN if destination in BOGONS_V4 or destination in BLOCOS_MEU_AS-V4 then drop else set local-preference 250 done endif end-policy ! ------------------------------------------------------------------------------ route-policy OPENCDN_IPV6_IN if destination in BOGONS_V6 or destination in BLOCOS_MEU_AS-V6 then drop elseif destination in IPV6_GLOBAL then set local-preference 250 done else drop endif end-policy ! ------------------------------------------------------------------------------ route-policy OPENCDN_IPV4_OUT if destination in BLOCOS_MEU_AS-V4 then set community NETFLIX_OPENCDN additive done else drop endif end-policy ! ------------------------------------------------------------------------------ route-policy OPENCDN_IPV6_OUT if destination in BLOCOS_MEU_AS-V6 then set community NETFLIX_OPENCDN additive done else drop endif end-policy ! ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS SESSÕES BGP ------------------------------------------------------------------------------ router bgp 65550 neighbor-group IXBR-V4 remote-as 26162 enforce-first-as disable address-family ipv4 unicast route-policy IX_BR_IPV4_IN in route-policy IX_BR_IPV4_OUT out soft-reconfiguration inbound always ! ! neighbor-group IXBR-V6 remote-as 26162 enforce-first-as disable address-family ipv6 unicast route-policy IX_BR_IPV6_IN in route-policy IX_BR_IPV6_OUT out soft-reconfiguration inbound always ! ! neighbor 200.192.110.253 remote-as 26162 use neighbor-group IXBR-V4 description rs1.brasilia.df.ix.br address-family ipv4 unicast ! ! neighbor 200.192.110.254 remote-as 26162 use neighbor-group IXBR-V4 description rs2.brasilia.df.ix.br address-family ipv4 unicast ! ! neighbor 168.181.23.60 remote-as 61580 description OPENCDN_IPV4 address-family ipv4 unicast send-community-ebgp route-policy IX_BR_IPV4_IN in route-policy IX_BR_IPV4_OUT out soft-reconfiguration inbound always ! ! neighbor 2001:12f8:0:13::253 remote-as 26162 use neighbor-group IXBR-V6 description rs1.brasilia.df.ix.br address-family ipv6 unicast ! ! neighbor 2001:12f8:0:13::254 remote-as 26162 use neighbor-group IXBR-V6 description rs2.brasilia.df.ix.br address-family ipv6 unicast ! ! neighbor 2801:80:17b1::23:60 remote-as 61580 description OPENCDN_IPV6 address-family ipv6 unicast send-community-ebgp route-policy IX_BR_IPV6_IN in route-policy IX_BR_IPV6_OUT out soft-reconfiguration inbound always ! !