Changes in 84a5821: Updated vyos (markdown)

				howto/vyos.md
			
          @@ -151,5 +151,66 @@ set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-

           set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA   

           ```

          - 

          +## Example Route Map

          +### No RPKI/ROA and Internal Network Falls Into DN42 Range

          +```

          +##Build prefix list to match personal internal network

          +set policy prefix-list BlockIPConflicts description 'Prevent Conflicting Routes'

          +set policy prefix-list BlockIPConflicts rule 10 action 'permit'

          +set policy prefix-list BlockIPConflicts rule 10 description 'Internal IP Space'

          +set policy prefix-list BlockIPConflicts rule 10 le '32'

          +set policy prefix-list BlockIPConflicts rule 10 prefix '10.10.0.0/16'

          +

          +

          +##Build prefix list to match personal internal network

          +set policy prefix-list6 BlockIPConflicts-v6 description 'Prevent Conflicting Routes'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 action 'permit'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 description 'Internal IP Space'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 le '128'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 prefix 'fd42:4242:1111::/48'

          +

          +

          +

          +##Build prefix list to match DN42's IPv4 network

          +set policy prefix-list DN42-Network rule 10 action 'permit'

          +set policy prefix-list DN42-Network rule 10 le '32'

          +set policy prefix-list DN42-Network rule 10 prefix '172.20.0.0/14'

          +set policy prefix-list DN42-Network rule 20 action 'permit'

          +set policy prefix-list DN42-Network rule 20 le '32'

          +set policy prefix-list DN42-Network rule 20 prefix '10.0.0.0/8'

          +

          +

          +##Build prefix list to match DN42's IPv6 network

          +set policy prefix-list6 DN42-Network-v6 rule 10 action 'permit'

          +set policy prefix-list6 DN42-Network-v6 rule 10 le '128'

          +set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'

          +

          +

          +

          +

          +##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.

          +set policy route-map Default-Peering rule 10 action 'deny'

          +set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'

          +set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'

          +set policy route-map Default-Peering rule 11 action 'deny'

          +set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'

          +set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'

          +set policy route-map Default-Peering rule 20 action 'permit'

          +set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'

          +set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'

          +set policy route-map Default-Peering rule 21 action 'permit'

          +set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'

          +set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'

          +set policy route-map Default-Peering rule 99 action 'deny'

          +

          +

          +##Apply the route-map on import/export

          +

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'

          +```

          +

          +

           This page is a work-in-progress by Owens Research.  If you have any suggestions or questions please reach out.

          \ No newline at end of file

...	...	@@ -151,5 +151,66 @@ set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-
151	151	set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA
152	152	```
153	153
154		-
	154	+## Example Route Map
	155	+### No RPKI/ROA and Internal Network Falls Into DN42 Range
	156	+```
	157	+##Build prefix list to match personal internal network
	158	+set policy prefix-list BlockIPConflicts description 'Prevent Conflicting Routes'
	159	+set policy prefix-list BlockIPConflicts rule 10 action 'permit'
	160	+set policy prefix-list BlockIPConflicts rule 10 description 'Internal IP Space'
	161	+set policy prefix-list BlockIPConflicts rule 10 le '32'
	162	+set policy prefix-list BlockIPConflicts rule 10 prefix '10.10.0.0/16'
	163	+
	164	+
	165	+##Build prefix list to match personal internal network
	166	+set policy prefix-list6 BlockIPConflicts-v6 description 'Prevent Conflicting Routes'
	167	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 action 'permit'
	168	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 description 'Internal IP Space'
	169	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 le '128'
	170	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 prefix 'fd42:4242:1111::/48'
	171	+
	172	+
	173	+
	174	+##Build prefix list to match DN42's IPv4 network
	175	+set policy prefix-list DN42-Network rule 10 action 'permit'
	176	+set policy prefix-list DN42-Network rule 10 le '32'
	177	+set policy prefix-list DN42-Network rule 10 prefix '172.20.0.0/14'
	178	+set policy prefix-list DN42-Network rule 20 action 'permit'
	179	+set policy prefix-list DN42-Network rule 20 le '32'
	180	+set policy prefix-list DN42-Network rule 20 prefix '10.0.0.0/8'
	181	+
	182	+
	183	+##Build prefix list to match DN42's IPv6 network
	184	+set policy prefix-list6 DN42-Network-v6 rule 10 action 'permit'
	185	+set policy prefix-list6 DN42-Network-v6 rule 10 le '128'
	186	+set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'
	187	+
	188	+
	189	+
	190	+
	191	+##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.
	192	+set policy route-map Default-Peering rule 10 action 'deny'
	193	+set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'
	194	+set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'
	195	+set policy route-map Default-Peering rule 11 action 'deny'
	196	+set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'
	197	+set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'
	198	+set policy route-map Default-Peering rule 20 action 'permit'
	199	+set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'
	200	+set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'
	201	+set policy route-map Default-Peering rule 21 action 'permit'
	202	+set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'
	203	+set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'
	204	+set policy route-map Default-Peering rule 99 action 'deny'
	205	+
	206	+
	207	+##Apply the route-map on import/export
	208	+
	209	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'
	210	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'
	211	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'
	212	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'
	213	+```
	214	+
	215	+
155	216	This page is a work-in-progress by Owens Research. If you have any suggestions or questions please reach out.
...	...	\ No newline at end of file