VyOS LAB PBR

1. Topologia VyOS: https://ibb.co/kcqnR2S
2. Print (Traceroute CPE-1): https://ibb.co/F8XsHP5
3.  
4. *------------------ VyOS 1.4.0 Config -----------------*
5.  
6. set interfaces ethernet eth0 hw-id '50:00:00:01:00:00'
7. set interfaces ethernet eth1 address 'dhcp'
8. set interfaces ethernet eth1 description 'LAB-BGP-PBR'
9. set interfaces ethernet eth1 hw-id '50:00:00:01:00:01'
10. set interfaces ethernet eth2 address '10.100.1.1/30'
11. set interfaces ethernet eth2 description 'CGN-1'
12. set interfaces ethernet eth2 hw-id '50:00:00:01:00:02'
13. set interfaces ethernet eth3 address '10.100.1.5/30'
14. set interfaces ethernet eth3 description 'BNG-1'
15. set interfaces ethernet eth3 hw-id '50:00:00:01:00:03'
16. set interfaces loopback lo address '150.150.0.255/32'
17. set policy prefix-list EXPORT-V4 rule 5 action 'permit'
18. set policy prefix-list EXPORT-V4 rule 5 prefix '150.150.0.0/24'
19. set policy route PBR-CGNAT interface 'eth3'
20. set policy route PBR-CGNAT rule 5 action 'accept'
21. set policy route PBR-CGNAT rule 5 destination address '100.64.1.0/24'
22. set policy route PBR-CGNAT rule 5 set table 'main'
23. set policy route PBR-CGNAT rule 10 action 'accept'
24. set policy route PBR-CGNAT rule 10 set table '100'
25. set policy route PBR-CGNAT rule 10 source address '100.64.1.0/24'
26. set policy route-map EXPORT-V4 rule 5 action 'permit'
27. set policy route-map EXPORT-V4 rule 5 match ip address prefix-list 'EXPORT-V4'
28. set protocols bgp address-family ipv4-unicast network 150.150.0.0/24
29. set protocols bgp neighbor 10.12.1.1 address-family ipv4-unicast route-map export 'EXPORT-V4'
30. set protocols bgp neighbor 10.12.1.1 address-family ipv4-unicast soft-reconfiguration inbound
31. set protocols bgp neighbor 10.12.1.1 remote-as '100'
32. set protocols bgp parameters router-id '150.150.0.255'
33. set protocols bgp system-as '150'
34. set protocols ospf area 0.0.0.0 network '10.100.1.0/30'
35. set protocols ospf area 0.0.0.0 network '10.100.1.4/30'
36. set protocols ospf area 0.0.0.0 network '150.150.0.255/32'
37. set protocols ospf default-information originate always
38. set protocols ospf interface eth1 passive
39. set protocols ospf interface eth2 network 'point-to-point'
40. set protocols ospf interface eth3 network 'point-to-point'
41. set protocols ospf interface lo passive
42. set protocols ospf parameters router-id '150.150.0.255'
43. set protocols static route 150.150.0.0/24 blackhole
44. set protocols static table 100 route 0.0.0.0/0 next-hop 10.100.1.2
45. set service ntp allow-client address '0.0.0.0/0'
46. set service ntp allow-client address '::/0'
47. set service ntp server time1.vyos.net
48. set service ntp server time2.vyos.net
49. set service ntp server time3.vyos.net
50. set system config-management commit-revisions '100'
51. set system conntrack modules ftp
52. set system conntrack modules h323
53. set system conntrack modules nfs
54. set system conntrack modules pptp
55. set system conntrack modules sip
56. set system conntrack modules sqlnet
57. set system conntrack modules tftp
58. set system console device ttyS0 speed '115200'
59. set system host-name 'vyos'
60. set system login user vyos authentication encrypted-password '$6$rounds=656000$zJ7rWKS.b2E3R7k0$uZr/pqdvb.jVSgXXfoV3UaENe4q54iJ6oVxwGHsbZBaVSaBy1D47OwtgrEqzxncDFxc75plf2lwNOVIh.3koe0'
61. set system login user vyos authentication plaintext-password ''
62. set system syslog global facility all level 'info'
63. set system syslog global facility local7 level 'debug'
64.  
65. *------------------ CGN-1 Config -----------------*
66.  
67. /interface bridge
68. add name=Loopback
69. /interface ethernet
70. set [ find default-name=ether2 ] name=ether2-MK
71. /interface wireless security-profiles
72. set [ find default=yes ] supplicant-identity=MikroTik
73. /routing ospf instance
74. set [ find default=yes ] redistribute-static=as-type-1
75. /ip address
76. add address=10.100.1.2/30 interface=ether2-MK network=10.100.1.0
77. add address=150.150.0.254 interface=Loopback network=150.150.0.254
78. /ip firewall nat
79. add action=netmap chain=srcnat out-interface=ether2-MK src-address=100.64.1.0/24 to-addresses=150.150.0.0/30
80. /ip route
81. add distance=1 dst-address=150.150.0.0/30 type=blackhole
82. /routing ospf interface
83. add interface=Loopback network-type=point-to-point passive=yes
84. add interface=ether2-MK network-type=point-to-point
85. /routing ospf network
86. add area=backbone network=150.150.0.254/32
87. add area=backbone network=10.100.1.0/30
88. /system identity
89. set name=CGN-1
90. /tool romon
91. set enabled=yes
92.  
93. *------------------ BNG-1 Config -----------------*
94.  
95. /interface ethernet
96. set [ find default-name=ether3 ] name=ether3-MK
97. set [ find default-name=ether4 ] name=ether4-CPE-2
98. /ip pool
99. add name=Pool-PPPoE ranges=100.64.1.0/24
100. /port
101. set 0 name=serial0
102. /ppp profile
103. add local-address=150.150.0.253 name=PPPoE remote-address=Pool-PPPoE
104. /routing ospf instance
105. add disabled=no name=default redistribute=static router-id=150.150.0.253
106. /routing ospf area
107. add disabled=no instance=default name=0.0.0.0
108. /interface pppoe-server server
109. add disabled=no interface=ether4-CPE-2 max-mru=1480 max-mtu=1480 service-name=service1
110. /ip address
111. add address=150.150.0.253 interface=lo network=150.150.0.253
112. add address=10.100.1.6/30 interface=ether3-MK network=10.100.1.4
113. /ip route
114. add blackhole disabled=no dst-address=100.64.1.0/24 gateway="" routing-table=main suppress-hw-offload=no
115. /ppp secret
116. add name=cpe-1 profile=PPPoE service=pppoe
117. /routing ospf interface-template
118. add area=0.0.0.0 disabled=no interfaces=ether3-MK networks=10.100.1.4/30 type=ptp
119. add area=0.0.0.0 disabled=no interfaces=lo networks=150.150.0.253/32 passive type=ptp
120. /system identity
121. set name=BNG-1
122. /system note
123. set show-at-login=no
124. /tool romon
125. set enabled=yes
126.  
127. *------------------ CPE-1 Config -----------------*
128.  
129. /interface pppoe-client
130. add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=123 user=cpe-1
131. /interface wireless security-profiles
132. set [ find default=yes ] supplicant-identity=MikroTik
133. /ip dhcp-client
134. add disabled=no interface=ether1
135. /system identity
136. set name=CPE-1
137. /tool romon
138. set enabled=yes
139.  
140. =============================================================================================================================
141.  
142. Topologia MikroTik: https://ibb.co/hLBtXvs
143. Print (Traceroute CPE-2): https://ibb.co/4FcmjLj
144.  
145. *------------------ MikroTik Config -----------------*
146.  
147. /interface bridge
148. add name=Loopback
149. /interface ethernet
150. set [ find default-name=ether1 ] name=ether1-LAB-BGP-PBR
151. set [ find default-name=ether2 ] name=ether2-CGN-2
152. set [ find default-name=ether3 ] name=ether3-BNG-2
153. /interface wireless security-profiles
154. set [ find default=yes ] supplicant-identity=MikroTik
155. /routing bgp instance
156. set default as=200 router-id=200.200.0.255
157. /routing ospf instance
158. set [ find default=yes ] distribute-default=always-as-type-1 router-id=200.200.0.255
159. /ip address
160. add address=10.200.1.1/30 interface=ether2-CGN-2 network=10.200.1.0
161. add address=10.200.1.5/30 interface=ether3-BNG-2 network=10.200.1.4
162. add address=200.200.0.255 interface=Loopback network=200.200.0.255
163. /ip dhcp-client
164. add add-default-route=no disabled=no interface=ether1-LAB-BGP-PBR use-peer-dns=no use-peer-ntp=no
165. /ip route
166. add distance=1 gateway=10.200.1.2 routing-mark=CGN
167. /ip route rule
168. add src-address=100.65.1.0/24 table=CGN
169. /routing bgp network
170. add network=200.200.0.0/24 synchronize=no
171. /routing bgp peer
172. add in-filter=IN-peer1 name=peer1 out-filter=OUT-peer1 remote-address=10.12.1.1 remote-as=100
173. /routing filter
174. add action=accept chain=IN-peer1 prefix=0.0.0.0/0
175. add action=discard chain=IN-peer1
176. add action=accept chain=OUT-peer1 prefix=200.200.0.0/24
177. add action=discard chain=OUT-peer1
178. /routing ospf interface
179. add interface=Loopback network-type=point-to-point passive=yes
180. add interface=ether2-CGN-2 network-type=point-to-point
181. add interface=ether3-BNG-2 network-type=point-to-point
182. /routing ospf network
183. add area=backbone network=200.200.0.255/32
184. add area=backbone network=10.200.1.0/30
185. add area=backbone network=10.200.1.4/30
186. /tool romon
187. set enabled=yes
188.  
189. *------------------ CGN-2 Config -----------------*
190.  
191. /interface bridge
192. add name=Loopback
193. /interface ethernet
194. set [ find default-name=ether2 ] name=ether2-MK
195. /interface wireless security-profiles
196. set [ find default=yes ] supplicant-identity=MikroTik
197. /routing ospf instance
198. set [ find default=yes ] redistribute-static=as-type-1 router-id=200.200.0.254
199. /ip address
200. add address=10.200.1.2/30 interface=ether2-MK network=10.200.1.0
201. add address=200.200.0.254 interface=Loopback network=200.200.0.254
202. /ip firewall nat
203. add action=netmap chain=srcnat out-interface=ether2-MK src-address=100.65.1.0/24 to-addresses=200.200.0.0/30
204. /ip route
205. add distance=1 dst-address=200.200.0.0/30 type=blackhole
206. /routing ospf interface
207. add interface=ether2-MK network-type=point-to-point
208. add interface=Loopback network-type=point-to-point passive=yes
209. /routing ospf network
210. add area=backbone network=10.200.1.0/30
211. add area=backbone network=200.200.0.254/32
212. /system identity
213. set name=CGN-2
214. /tool romon
215. set enabled=yes
216.  
217. *------------------ BNG-2 Config -----------------*
218.  
219. /interface ethernet
220. set [ find default-name=ether3 ] name=ether3-MK
221. set [ find default-name=ether4 ] name=ether4-CPE-2
222. /ip pool
223. add name=Pool-PPPoE ranges=100.65.1.0/24
224. /port
225. set 0 name=serial0
226. /ppp profile
227. add local-address=200.200.0.253 name=PPPoE remote-address=Pool-PPPoE
228. /routing ospf instance
229. add disabled=no name=default redistribute=static router-id=200.200.0.253
230. /routing ospf area
231. add disabled=no instance=default name=0.0.0.0
232. /interface pppoe-server server
233. add disabled=no interface=ether4-CPE-2 max-mru=1480 max-mtu=1480 service-name=service1
234. /ip address
235. add address=10.200.1.6/30 interface=ether3-MK network=10.200.1.4
236. add address=200.200.0.253 interface=lo network=200.200.0.253
237. /ip route
238. add blackhole disabled=no dst-address=100.65.1.0/24 gateway="" routing-table=main suppress-hw-offload=no
239. /ppp secret
240. add name=cpe-2 profile=PPPoE service=pppoe
241. /routing ospf interface-template
242. add area=0.0.0.0 disabled=no interfaces=lo networks=200.200.0.253/32 passive type=ptp
243. add area=0.0.0.0 disabled=no interfaces=ether3-MK networks=10.200.1.4/30 type=ptp
244. /system identity
245. set name=BNG-2
246. /system note
247. set show-at-login=no
248. /tool romon
249. set enabled=yes
250.  
251. *------------------ CPE-2 Config -----------------*
252.  
253. /interface pppoe-client
254. add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=123 user=cpe-2
255. /interface wireless security-profiles
256. set [ find default=yes ] supplicant-identity=MikroTik
257. /ip dhcp-client
258. add disabled=no interface=ether1
259. /system identity
260. set name=CPE-2
261. /tool romon
262. set enabled=yes
263.