最近要打包一些系统驱动挂载ISO,特地找了一些操作记录下。
如果要创建带引导的iso,建议用工具。
Linux下用mkisofs,简单粗暴。
mkisofs -o name.iso source/path
mount -o loop name.iso /mnt/
MACOS下用磁盘工具创建cdr或者dmg,然后再转ISO。
打开Teminal,操作命令.
如果需要将DMG转换为ISO,那么输入以下命令:
hdiutil source.dmg -format UDTO -o name.iso
如果需要将ISO转换为DMG,那么输入以下命令:
hdiutil convert source.iso -format UDRW -o name.dmg
cdr转iso
hdiutil makehybrid -iso -joliet -o name.iso source.cdr
存本地文档里面,每次都懒得翻干脆贴上来
#加epel源和安装常用的包
yum install epel-release -y -q
yum install -y -q net-tools iftop wget tcpdump zip unzip wget rsync vim-enhanced
#设置时区
cat >/etc/sysconfig/clock<<EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
cat /usr/share/zoneinfo/Asia/Shanghai>/etc/localtime
date
hwclock --systohc
#开始安装solusvm被控端
wget https://files.soluslabs.com/install.sh
sh install.sh<<EOF
2
EOF
#(选装)升级e2fsprogs
curl -s http://dl.kvm.la/shell/e2fspros.el6.sh|bash
elrepo-release-6-8的命名不是很友好更新后的文件名得靠猜, 或者去https://elrepo.org/linux/elrepo/el6/SRPMS/下面搜关键词elrepo-release
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install -y http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-lt -y
sed -i 's/default=1/default=0/g' /boot/grub/grub.conf
sed -i 's/timeout=5/timeout=15/g' /boot/grub/grub.conf
安装好后可以重启系统或者用kexec直接切内核。
今晚趁有空记录下NVMe的SSD新服务器,什么都是新的CPU内存这些没啥亮点,所以主要看PCI-e的SSD硬盘dd速度。
主板 intel S1200SP
CPU E3-1270 v6 3.80GHz 四核四线程
内存 2条 x 三星16G DDR4 DIMM 2400MHz 1.2v
SSD 2块 Intel P3520 450G PCIe 3.0 SSDPE2MX450G7
撸起袖子就是干,sudo到root操作或者直接sudo sed也行。
sudo su
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
service ssh restart
最近要为几十台服务器预装操作系统,手上没几根网线又懒得部署PXE,干脆把ISO dd到U盘装系统,因为脑子没转过弯,一直把U盘当成CD/DVD导致浪费了一天的时间,故在此记录此事。
U盘制作可以unetbootin或者UltraISO都可以,前者免费后者是收费软件。
如果你是用的MACOS或者Linux又不想下载工具,可以直接用dd把ISO写进U盘
unetbootin下载网页地址:https://unetbootin.github.io/
备用下载地址: http://dl.kvm.la/tools/
或者用rufus https://rufus.ie/zh/
dd if=/tmp/linux.iso of=/dev/sdX bs=10M
常规选择安装,进入安装源步骤这里,需要选择Hard drive(U盘视为硬盘,之前选择Local CD/DVD一直装不上,彻底傻逼了。)
要打开服务器的电源,请运行以下命令:ipmiutil power -u -N fsp_ip_address -P ipmi_password,其中,fsp_ip_ipaddress 是IPMI的 IP 地址,ipmi_password 是为 IPMI 设置的密码。
要激活 IPMI 控制台:ipmiutil sol -a -r -N fsp_ip_address -P ipmi_password
如果需要重新引导系统:
取消激活控制台:ipmiutil sol -d -N fsp_ip_address -P ipmi_password
关闭系统电源:ipmiutil power -d -N fsp_ip_address -P ipmi_password
打开系统电源:ipmiutil power -u -N fsp_ip_address -P ipmi_password
重启BMC:ipmiutil reset -k
服务器加电:ipmiutil reset -u
硬重启服务器:ipmiutil reset -r
重启进入bios:ipmiutil reset -b
重启进入efi:ipmiutil reset -e
重启进入硬盘引导:ipmiutil reset -h
重启进入CD-ROM:ipmiutil reset -v
更改为DHCP模式:ipmiutil lan set -l -D
设置IP地址:ipmiutil lan -l -I 192.168.0.55
设置网关地址:ipmiutil lan -l -G 192.168.0.1
设置子网掩码:ipmiutil lan -l -S 255.255.255.0
步骤1.得到所有的列表BMC的用户:
C:\ipmiutil\ipmiutil user list
ipmiutil user ver 3.16User 1: chan=1 enabled Admin admin
User 2: chan=1 enabled User testuser1
User 3: chan=1 enabled User testuser2
步骤2.为了重置密码使用从上一个输出的用户编号:
C:\ipmiutil\ipmiutil user set 1 password UserPassword
ipmiutil user ver 3.16
GET_USERNAME: 62 72 69, STATUS = 0, CCODE=0
SETUSERNAME - 2 62 72 STATUS =0, CCODE=0
SETUSER_ACCESS - inputData 91 2 12, status = 0 ccode=0
ipmiutil user, completed successfully.
ipmiutil下载地址http://dl.kvm.la/windows/ipmiutil-3.0.8-win32.zip
解压后管理员身份运行启动cmd窗口
cd命令到ipmiutil的解压目录
执行install.cmd
然后就可以运行ipmiutil.exe命令了
更多使用还是参考官方说明 http://ipmiutil.sourceforge.net/docs/UserGuide
先使用diskutil list命令查看U盘代号
然后用下面的命令把它格式化:
sudo diskutil eraseDisk FAT32 usb_name MBRFormat /dev/disk2
其中usb_name是格式化后的卷标。
/dev/disk2是格式化的盘符
如下图所示:
使用DISKPART.exe命令 解除策略
1.运行:cmd
2.输入:
DISKPART.exe
DISKPART> san
DISKPART> san policy=onlineall
DISKPART>list disk
DISKPART> select disk 1
DISKPART>attributes disk clear readonly
DISKPART>online disk
方法1:命令行模式
进入服务器后 点击 开始——运行 输入命令:
netsh advfirewall firewall set icmpsetting 8
这样就可以在外部ping到服务器了 非常简单实用!
同样道理,如果想禁止Ping,那运行如下命令即可实现:
netsh advfirewall firewall set icmpsetting 8 disable
方法2:防火墙高级面板方式
1. 进入控制面板——>管理工具——>找到 “高级安全 Windows防火墙”
2. 点击 入站规则
3. 找到 回显请求-ICMPv4-In (Echo Request – ICMPv4-In)
4. 右键 点击规则 点击“启用规则(Enable)”
for I in $(seq 10 100); do nmcli con mod eth0 +ipv4.addresses 10.0.2.${I}; done
nmcli con up eth0
IPADDR_START=192.168.1.2
IPADDR_END=192.168.1.254
PREFIX=24
CLONENUM_STAR=0
据说是巴基斯坦人写的,用litespeed在跑web服务,管理和放置一些小站不用操心安装环境。
带vps.group修正部分问题后的中文语言包。
wget http://dl.kvm.la/cyberpanel/install.sh
sh install.sh
yum install -y ipmitool epel-release openssh-clients wget
yum install -y nodejs npm
npm install forever -g
forever start /root/jnlp/main.js
转载自:http://www.team-cymru.org/bgp-examples.html
This page aggregates all of the examples referenced on the Bogon Route Server Project (Bogons via BGP) page.
Please see that page for full details of the Bogon Route Server Project, system requirements, caveats, etc.
router bgp <your asn> neighbor x.x.x.x remote-as 65333 neighbor x.x.x.x ebgp-multihop 255 neighbor x.x.x.x description <your description> neighbor x.x.x.x prefix-list cymru-out out neighbor x.x.x.x route-map CYMRUBOGONS in neighbor x.x.x.x password <your password> neighbor x.x.x.x maximum-prefix 100 threshold 90 ! You'll need to increase the maximum to at least 50000 with an ! appropriate thresholds if you're receiving one or both fullbogons ! feeds. ! ! Depending on IOS version, you may need to configure your router ! for new-style community syntax. ip bgp-community new-format ! ! Set a bogon next-hop on all routers that receive the bogons. ip route 192.0.2.1 255.255.255.255 null0 ! ! Configure a community list to accept the bogon prefixes into the ! route-map. ip community-list 10 permit 65333:888 ! ! Configure the route-map. Remember to apply it to the proper ! peering sessions. route-map CYMRUBOGONS permit 10 description Filter bogons learned from cymru.com bogon route-servers match community 10 set ip next-hop 192.0.2.1 ! ip prefix-list cymru-out seq 5 deny 0.0.0.0/0 le 32
With the advent of multiple bogon route-servers, the use of BGP peer-groups on Cisco routers is very convenient. Thanks to John Brown for the original example.
router bgp <your asn> neighbor cymru-bogon peer-group neighbor cymru-bogon ebgp-multihop 255 neighbor cymru-bogon description <general description> neighbor cymru-bogon prefix-list cymru-out out neighbor cymru-bogon route-map CYMRUBOGONS in neighbor cymru-bogon maximum-prefix 100 threshold 90 ! You'll need to increase the maximum to at least 50000 with an ! appropriate thresholds if you're receiving one or both fullbogons ! feeds. ! neighbor x.x.x.x remote-as 65333 neighbor x.x.x.x peer-group cymru-bogon neighbor x.x.x.x description <specific description> neighbor x.x.x.x password <your password>
routing-options {
static {
route 192.0.2.1/32 {
discard;
no-readvertise;
retain;
}
}
/* If you have declared 192.0.2.0/24 as a bogon add this entry. */
martians {
192.0.2.1/32 exact allow;
}
autonomous-system <your AS here>;
}
protocols {
bgp {
group CYMRU {
type external;
description "peering to receive bogons from CYMRU";
import CYMRU-bogons-in;
authentication-key "secretkey"; # SECRET-DATA
export deny-all;
peer-as 65333;
/* Below may also be expressed as "multihop 255;" depending on your version */
multihop {
ttl 255;
}
neighbor <bogon rs IP>;
local-address <your IP we are peering with>;
family inet {
unicast {
/* You'll need to increase the prefix limit below to
at least 50000 if you're receiving one or both of
the fullbogons feeds
*/
prefix-limit {
maximum 100;
teardown 100;
}
}
}
}
}
}
policy-options {
policy-statement CYMRU-bogons-in {
term 1 {
from {
protocol bgp;
as-path CYMRU-private-asn;
community CYMRU-bogon-community;
}
then {
/* backup in case no-export is cleared internally */
community add dont-announce;
next-hop 192.0.2.1;
accept;
}
}
then reject; # default action
}
policy-statement deny-all {
then reject;
}
community dont-announce members <your as here>:<some community that supresses anouncements outside your as>;
community CYMRU-bogon-community members [ no-export 65333:888 ];
as-path CYMRU-private-asn 65333;
}
router bgp <your asn> neighbor IPV4_BOGONS peer-group neighbor IPV4_BOGONS route-map CYMRUBOGONS in neighbor IPV4_BOGONS distribute-list CYMRU-OUT out neighbor IPV4_BOGONS maximum-prefix 100 90 neighbor IPV4_BOGONS soft-reconfiguration inbound neighbor IPV4_BOGONS no shutdown neighbor x.x.x.x remote-as 65333 neighbor x.x.x.x peer-group IPV4_BOGONS neighbor x.x.x.x description <your description> neighbor x.x.x.x ebgp-multihop 255 neighbor x.x.x.x password <your password> neighbor x.x.x.x no shutdown ! Set a bogon next-hop on all routers that receive the bogons. ip route 192.0.2.1 255.255.255.255 null0 ! ! Configure a community list to accept the bogon prefixes into the ! route-map. ip community-list CYMRU_COMMUNITY permit 65333:888 ! ! Configure the route-map. Remember to apply it to the proper ! peering sessions. route-map CYMRU_BOGONS permit 10 description Filter bogons learned from cymru.com bogon route-servers match community CYMRU_COMMUNITY set next-hop 192.0.2.1 ! ip prefix-list CYMRU_OUT seq 5 deny any
OpenBSD's bgpd project can also be used to peer with the bogon route-servers. Our thanks to Pete Vickers for this example.
# config snippet for /etc/bgpd.conf
#
# Based on config by Pete Vickers 05/2004.
#
# Modified slightly to intermingle with pf, and
# also to apply policy to cymru-sourced routes
# received from IBGP peers.
#
# Configure sessions with cymru reprobates
#
group "peering bogon" {
remote-as 65333
local-address <MY-ROUTER-IP>
multihop 64
announce none
max-prefix 1000
# You'll need to increase the max-prefix number above to at least
# 50000 if you're receiving either or both of the fullbogons feeds
tcp md5sig password <PASSWORD>
neighbor <BOGON-ROUTE-SERVER-1-IP>
neighbor <BOGON-ROUTE-SERVER-2-IP>
# ... etc
}
#
#
# What to do with updates (can be used with updates from
# cymru peers, and also from IBGP peers if other routers
# in this AS also take a bogon feed). The "nexthop
# blackhole" is a little extraneous given the pf config,
# worth keeping in case the packet filter is disabled
# at any point.
#
allow from any community 65333:888 set pftable "bogons"
allow from any community 65333:888 set nexthop blackhole
# config snippet for /etc/pf.conf
#
table <bogons> persist
#
# no bogon sources or destinations
block quick from <bogons> to any
block quick from any to <bogons>
This example of how to configure a Mikrotik RouterOS box to use the Bogon Route Server Project is thanks to Ariel S. Weher.
# Config by Ariel S. Weher, based on Team Cymru's Cisco Template.
# Working in the 3.X version of Mikrotik RouterOS.
# 2009-02-06 Modified by Sam Norris, Fine Tuned. Removed static routes
# and used "set-type=blackhole".
/routing bgp instance
set default as=<YOUR_ASN_NUMBER> router-id=<Your router wan ip address>
/ip firewall address-list
add address=<SESSION#1.Team-Cymru's.IP.Address> comment="TEAM-CYMRU BOGON Server #1" \
disabled=no list=BGP-NEIGHBORS
add address=<SESSION#2.Team-Cymru's.IP.Address> comment="TEAM-CYMRU BOGON Server #2" \
disabled=no list=BGP-NEIGHBORS
/ip firewall filter
add action=accept chain=input comment="BGP Neighbors" disabled=no dst-port=179 \
protocol=tcp src-address-list=BGP-NEIGHBORS
# You'll need to increase the max-prefix-limit values in the lines below to
# at least 50000 if you're receiving either or both of the fullbogons feeds
/routing bgp peer
add comment="TEAM-CYMRU BOGON Server #1" hold-time=3m in-filter=BOGON-SERVER-IN \
instance=default max-prefix-limit=50 multihop=yes name=CYMRU-1 nexthop-choice=default \
out-filter=BGP-DROP remote-address=<SESSION#1.Team-Cymru's.IP.Address> \
remote-as=65333 route-reflect=no tcp-md5-key=<Password_Received_From_Cymru> ttl=255
add comment="TEAM-CYMRU BOGON Server #2" hold-time=3m in-filter=BOGON-SERVER-IN \
instance=default max-prefix-limit=50 multihop=yes name=CYMRU-1 nexthop-choice=default \
out-filter=BGP-DROP remote-address=<SESSION#2.Team-Cymru's.IP.Address> \
remote-as=65333 route-reflect=no tcp-md5-key=<Password_Received_From_Cymru> ttl=255
/routing filter
add action=accept bgp-communities=65333:888 chain=BOGON-SERVER-IN comment="" \
disabled=no invert-match=no set-type=blackhole
add action=discard chain=BOGON-SERVER-IN comment="" disabled=no invert-match=no
add action=discard chain=BGP-DROP comment="" disabled=no invert-match=no
router bgp <your asn> ! Session 1 neighbor A.B.C.D remote-as 65332 neighbor A.B.C.D description <your description> neighbor A.B.C.D ebgp-multihop 255 neighbor A.B.C.D password <your password> ! Session 2 neighbor E.F.G.H remote-as 65332 neighbor E.F.G.H description <your description> neighbor E.F.G.H ebgp-multihop 255 neighbor E.F.G.H password <your password> ! address-family ipv4 ! Session 1 neighbor A.B.C.D activate neighbor A.B.C.D soft-reconfiguration inbound neighbor A.B.C.D prefix-list cymru-out-v4 out neighbor A.B.C.D route-map CYMRUBOGONS-V4 in ! Session 2 neighbor E.F.G.H activate neighbor E.F.G.H soft-reconfiguration inbound neighbor E.F.G.H prefix-list cymru-out-v4 out neighbor E.F.G.H route-map CYMRUBOGONS-V4 in ! address-family ipv6 ! Session 1 neighbor A.B.C.D activate neighbor A.B.C.D soft-reconfiguration inbound neighbor A.B.C.D prefix-list cymru-out-v6 out neighbor A.B.C.D route-map CYMRUBOGONS-V6 in ! Session 2 neighbor E.F.G.H activate neighbor E.F.G.H soft-reconfiguration inbound neighbor E.F.G.H prefix-list cymru-out-v6 out neighbor E.F.G.H route-map CYMRUBOGONS-V6 in ! ! Depending on IOS version, you may need to configure your router ! for new-style community syntax. ip bgp-community new-format ! ip community-list 100 permit 65332:888 ! ip route 192.0.2.1 255.255.255.255 Null0 ! ip prefix-list cymru-out-v4 seq 5 deny 0.0.0.0/0 le 32 ! ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0 ! ipv6 prefix-list cymru-out-v6 seq 5 deny ::/0 le 128 ! route-map CYMRUBOGONS-V6 permit 10 description IPv6 Filter bogons learned from cymru.com bogon route-servers match community 100 set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1 ! route-map CYMRUBOGONS-V4 permit 10 description IPv4 Filter bogons learned from cymru.com bogon route-servers match community 100 set ip next-hop 192.0.2.1
Note: You can receive both IPv4 and IPv6 fullbogons over IPv4 transport.
If you only requested one set of fullbogons, simply remove all references to the other set from the example above.
Thanks to Thomas Brandstetter for this example of configuring a Cisco router to receive the IPv4 and IPv6 fullbogons over IPv6 transit.
router bgp <your asn> neighbor XXXX:XXX:XXXX::XXXX:XXXX remote-as 65332 neighbor XXXX:XXX:XXXX::XXXX:XXXX description <your description> neighbor XXXX:XXX:XXXX::XXXX:XXXX ebgp-multihop 255 neighbor XXXX:XXX:XXXX::XXXX:XXXX password <your password> ! address-family ipv4 neighbor XXXX:XXX:XXXX::XXXX:XXXX activate neighbor XXXX:XXX:XXXX::XXXX:XXXX soft-reconfiguration inbound neighbor XXXX:XXX:XXXX::XXXX:XXXX prefix-list cymru-out-v4 out neighbor XXXX:XXX:XXXX::XXXX:XXXX route-map CYMRUBOGONS-V4 in ! address-family ipv6 neighbor XXXX:XXX:XXXX::XXXX:XXXX activate neighbor XXXX:XXX:XXXX::XXXX:XXXX soft-reconfiguration inbound neighbor XXXX:XXX:XXXX::XXXX:XXXX prefix-list cymru-out-v6 out neighbor XXXX:XXX:XXXX::XXXX:XXXX route-map CYMRUBOGONS-V6 in ! ! Depending on IOS version, you may need to configure your router ! for new-style community syntax. ip bgp-community new-format ! ip community-list 100 permit 65332:888 ! ip route 192.0.2.1 255.255.255.255 Null0 ! ip prefix-list cymru-out-v4 seq 5 deny 0.0.0.0/0 le 32 ! ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0 ! ipv6 prefix-list cymru-out-v6 seq 5 deny ::/0 le 128 ! route-map CYMRUBOGONS-V6 permit 10 description IPv6 Filter bogons learned from cymru.com bogon route-servers match community 100 set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1 ! route-map CYMRUBOGONS-V4 permit 10 description IPv4 Filter bogons learned from cymru.com bogon route-servers match community 100 set ip next-hop 192.0.2.1
Note: You can receive both IPv4 and IPv6 fullbogons over IPv6 transport.
If you only requested one set of fullbogons, simply remove all references to the other set from the example above.
Thanks to David Hill at Hostcentral for the below example!
/* * Define BGP peer group */ delete protocols bgp group cymru-bogons set protocols bgp group cymru-bogons type external set protocols bgp group cymru-bogons description "cymru fullbogon bgp feed (ipv4 + 6)" set protocols bgp group cymru-bogons multihop ttl 255 set protocols bgp group cymru-bogons import cymru-bogons-in /* * Define MD5 password in quotes */ set protocols bgp group cymru-bogons authentication-key "<YOUR PASSWORD>" set protocols bgp group cymru-bogons export deny-all set protocols bgp group cymru-bogons peer-as 65332 /* * Replace values below as appropriate */ set protocols bgp group cymru-bogons neighbor A.B.C.D local-address <YOUR IP> set protocols bgp group cymru-bogons neighbor A.B.C.D family inet unicast set protocols bgp group cymru-bogons neighbor A.B.C.D family inet6 unicast set protocols bgp group cymru-bogons neighbor E.F.G.H local-address <YOUR IP> set protocols bgp group cymru-bogons neighbor E.F.G.H family inet unicast set protocols bgp group cymru-bogons neighbor E.F.G.H family inet6 unicast /* * Define CYMRU import policy */ delete policy-options policy-statement cymru-bogons-in set policy-options policy-statement cymru-bogons-in term 1 from family inet set policy-options policy-statement cymru-bogons-in term 1 from community comm-cymru-bogon set policy-options policy-statement cymru-bogons-in term 1 then community add no-export set policy-options policy-statement cymru-bogons-in term 1 then next-hop discard set policy-options policy-statement cymru-bogons-in term 1 then accept set policy-options policy-statement cymru-bogons-in term 2 from family inet6 set policy-options policy-statement cymru-bogons-in term 2 from community comm-cymru-bogon set policy-options policy-statement cymru-bogons-in term 2 then community add no-export set policy-options policy-statement cymru-bogons-in term 2 then next-hop discard set policy-options policy-statement cymru-bogons-in term 2 then accept set policy-options policy-statement cymru-bogons-in then reject /* * Define deny-all export policy */ delete policy-options policy-statement deny-all set policy-options policy-statement deny-all then reject /* * Define CYMRU Bogon community */ delete policy-options community comm-cymru-bogon set policy-options community comm-cymru-bogon members no-export set policy-options community comm-cymru-bogon members 65332:888 /* * Define internal no-export community */ delete policy-options community comm-no-export set policy-options community comm-no-export members no-export
The following example will import and null-route the IPv6 fullbogons, peered over IPv4 transit, using the Quagga software router package.
router bgp <your asn> no bgp default ipv4-unicast timers bgp 3600 10800 neighbor cymru-bogon peer-group neighbor cymru-bogon remote-as 65332 neighbor cymru-bogon ebgp-multihop 255 neighbor cymru-bogon activate neighbor cymru-bogon soft-reconfiguration inbound neighbor cymru-bogon prefix-list cymru-out out neighbor cymru-bogon route-map CYMRUBOGONS in neighbor xx.xx.xx.xx peer-group cymru-bogon ! address-family ipv6 neighbor cymru-bogon activate neighbor cymru-bogon prefix-list v6cymru-out out neighbor xx.xx.xx.xx peer-group cymru-bogon neighbor xx.xx.xx.xx soft-reconfiguration inbound exit-address-family ! ip prefix-list cymru-except description Don't want to import these networks ip prefix-list cymru-except seq 20 permit 0.0.0.0/0 ge 8 ! ipv6 prefix-list cymru-out seq 5 deny ::/0 le 128 ipv6 prefix-list v6cymru-out seq 5 deny any ! ip community-list 10 permit 65332:888 ! route-map CYMRUBOGONS permit 10 description Filter bogons learned from cymru.com bogon route-servers match community 10 match ip address prefix-list cymru-except set ip next-hop 192.0.2.1 set ipv6 next-hop global 2001:DB8:0:DEAD:BEEF::1
If you wish to receive both IPv4 and IPv6 fullbogons over the same peering session, you will typically need to replicate the statements in the above example's "address-family ipv6" section to an "address-family ipv4" section, with an appropriate change to the prefix-list applied to the peer-group.
# Full Bogons Mikrotik Template # Work on RouterOS 4.X # 2010-11-01 by Ricardo Ozelo # BGP instance setup /routing bgp instance set default as=<YOUR_ASN> \ router-id=<WAN_IP_ADDRESS> # ROUTING FILTERS - Install these routes as blackholes, # does NOT receive or announce anything else /routing filter add action=accept bgp-communities=65332:888 \ chain=cymru-in comment="" disabled=no invert-match=no \ set-type=blackhole /routing filter add action=discard chain=cymru-in comment="" \ disabled=no invert-match=no /routing filter add action=discard chain=cymru-out comment="" \ disabled=no invert-match=no # Peering #1 /routing bgp peer add address-families=ip,ipv6 disabled=no in-filter=cymru-in \ instance=default multihop=yes name=FULLBOGONS-CYMRU-1 out-filter=cymru-out \ remote-address=<CYMRU_IP_ADDRESS_1> remote-as=65332 tcp-md5-key=<CYMRU_MD5_PASSWORD> # Peering #2 /routing bgp peer add address-families=ip,ipv6 disabled=no in-filter=cymru-in \ instance=default multihop=yes name=FULLBOGONS-CYMRU-2 out-filter=cymru-out \ remote-address=<CYMRU_IP_ADDRESS_2> remote-as=65332 tcp-md5-key=<CYMRU_MD5_PASSWORD>
Courtesy of Miłosz Oller.
PLEASE NOTE: As of version 1.3.11 Bird does not allow you to run IPv4 and IPv6 simultaneously. Therefore you should use EITHER bgp_cymru_v4_1 and bgp_cymru_v4_2 OR bgp_cymru_v6_1 and bgp_cymru_v6_2 in your config. x For dual-stack systems can run two instances of Bird with one peering over IPv4 and the other over IPv6.
filter cymru_bogons_import
{
bgp_community.add((65332,888));
dest = RTD_BLACKHOLE;
accept;
}
filter cymru_bogons_export
{
reject;
}
protocol bgp bgp_cymru_v4_1 {
description "Cymru Bogons RS1";
import filter cymru_bogons_import;
export filter cymru_bogons_export;
multihop 255;
password "pass_here";
local as my_asn;
neighbor 38.229.66.20 as 65332;
source address IPv4_here;
}
protocol bgp bgp_cymru_v4_2 {
description "Cymru Bogons RS2";
import filter cymru_bogons_import;
export filter cymru_bogons_export;
multihop 255;
password "pass_here";
local as my_asn;
neighbor 193.231.140.82 as 65332;
source address IPv4_here;
}
protocol bgp bgp_cymru_v6_1 {
description "Cymru Bogons RS1 v6";
import filter cymru_bogons_import;
export filter cymru_bogons_export;
multihop 255;
password "pass_here";
local as my_asn;
neighbor 2620:0:6B0::26E5:4207 as 65332;
source address IPv6_here;
}
protocol bgp bgp_cymru_v6_2 {
description "Cymru Bogons RS2 v6";
import filter cymru_bogons_import;
export filter cymru_bogons_export;
multihop 255;
password "pass_here";
local as my_asn;
neighbor 2001:B30:1000:19::2 as 65332;
source address IPv6_here;
}
Courtesy of Abe Marji.
PLEASE NOTE: ASA Firewalls began supporting BGP as of version 9.2.
! ! ASA 55xx - IOS Version 9.2.1 ! conf terminal ! ! Prefix list used to BLOCK any route annoucement to Cymru Service prefix-list CYMRU-OUT-V4 seq 1000 deny 0.0.0.0/0 le 32 ! ! We like bgp new-format bgp-community new-format ! create a new community list, 100, to validate Cymru ASN:Community community-list expanded 100 permit 65332:888 ! ! ! Route map is used to set the next hop for any route being learned with a Cyrmu community tag to specific route which points to null0 route-map CYMRU-IN-V4 permit 10 match community 100 set ip next-hop 192.0.2.1 ! ! Basic BGP Routing configuration router bgp [your_ASN_here] bgp log-neighbor-changes timers bgp 15 45 0 address-family ipv4 unicast neighbor [Cymru bgp peer1 IP] remote-as [Cymru ASN] neighbor [Cymru bgp peer1 IP] description Cymru Peer 1 neighbor [Cymru bgp peer1 IP] ebgp-multihop 255 neighbor [Cymru bgp peer1 IP] password [password] neighbor [Cymru bgp peer1 IP] version 4 neighbor [Cymru bgp peer1 IP] activate neighbor [Cymru bgp peer1 IP] send-community neighbor [Cymru bgp peer1 IP] prefix-list CYMRU-OUT-V4 out neighbor [Cymru bgp peer1 IP] route-map CYMRU-IN-V4 in neighbor [Cymru bgp peer2 IP] remote-as [Cymru ASN] neighbor [Cymru bgp peer2 IP] description Cymru Peer 2 neighbor [Cymru bgp peer2 IP] ebgp-multihop 255 neighbor [Cymru bgp peer2 IP] password [password] neighbor [Cymru bgp peer2 IP] version 4 neighbor [Cymru bgp peer2 IP] activate neighbor [Cymru bgp peer2 IP] send-community neighbor [Cymru bgp peer2 IP] prefix-list CYMRU-OUT-V4 out neighbor [Cymru bgp peer2 IP] route-map CYMRU-IN-V4 in maximum-paths 2 default-information originate no auto-summary no synchronization exit-address-family ! ! Create a dummy route pointing to Null0 route Null0 192.0.2.1 255.255.255.255 1 ! Route Cymru BGP Peer IP's route outside [Cymru bgp peer1 IP] 255.255.255.255 [Your Next Hop] 1 route outside [Cymru bgp peer2 IP] 255.255.255.255 [Your Next Hop] 1
Courtesy of Greg Hankins
# TiMOS-B-16.0.R3 both/hops64 Nokia 7750 SR Copyright (c) 2000-2018 Nokia.
# All rights reserved. All use subject to applicable license agreements.
# Built on Wed Aug 29 12:48:09 PDT 2018 by builder in /builds/160B/R3/panos/main
# Generated WED OCT 17 07:51:05 2018 UTC
exit all
configure
#--------------------------------------------------
echo "Router (Network Side) Configuration"
#--------------------------------------------------
router Base
autonomous-system <Your-ASN>
router-id <Your_router_ID>
#--------------------------------------------------
echo "Static Route Configuration"
#--------------------------------------------------
static-route-entry X.X.X.X
black-hole
no shutdown
exit
exit
static-route-entry X:X:X:X
black-hole
no shutdown
exit
exit
#--------------------------------------------------
echo "Router (Service Side) Configuration"
#--------------------------------------------------
router Base
#--------------------------------------------------
echo "Policy Configuration"
#--------------------------------------------------
policy-options
begin
policy-statement "DENY_ALL"
default-action drop
exit
exit
policy-statement "RP_IMPORT_BOGONS"
entry 10
from
protocol bgp
family ipv4
exit
action accept
next-hop X.X.X.X
exit
exit
entry 20
from
protocol bgp
family ipv6
exit
action accept
next-hop X:X:X:X
exit
exit
default-action drop
exit
exit
#--------------------------------------------------
echo "BGP Configuration"
#--------------------------------------------------
bgp
group "BOGONS"
description "Team Cymru Bogons"
multihop 255
import "RP_IMPORT_BOGONS"
export "DENY_ALL"
neighbor X.X.X.X
description "Team Cymru Bogons IPv4 Session #1"
family ipv4
authentication-key <Password>
prefix-limit ipv4 10000
peer-as 65332
exit
neighbor X.X.X.X
description "Team Cymru Bogons IPv4 Session #2"
family ipv4
authentication-key <Password>
prefix-limit ipv4 10000
peer-as 65332
exit
neighbor X:X:X:X
description "Team Cymru Bogons IPv6 Session #1"
family ipv6
authentication-key <Password>
prefix-limit ipv6 150000
peer-as 65332
exit
neighbor X:X:X:X
description "Team Cymru Bogons IPv6 Session #2"
family ipv6
authentication-key <Password>
prefix-limit ipv6 150000
peer-as 65332
exit
exit
no shutdown
exit
exit
exit all
Courtesy of Greg Hankins
# TiMOS-B-16.0.R3 both/hops64 Nokia 7750 SR Copyright (c) 2000-2018 Nokia.
# All rights reserved. All use subject to applicable license agreements.
# Built on Wed Aug 29 12:48:09 PDT 2018 by builder in /builds/160B/R3/panos/main
# Generated THU OCT 18 01:47:26 2018 UTC
configure {
policy-options {
policy-statement "DENY_ALL" {
default-action {
action-type reject
}
}
policy-statement "RP_IMPORT_BOGONS" {
entry 10 {
from {
family [ipv4]
protocol {
name [bgp]
}
}
action {
action-type accept
next-hop "X.X.X.X"
}
}
entry 20 {
from {
family [ipv6]
protocol {
name [bgp]
}
}
action {
action-type accept
next-hop "X:X:X:X"
}
}
default-action {
action-type reject
}
}
router "Base" {
autonomous-system <Your-ASN>
router-id <Your_router_ID>
bgp {
group "BOGONS" {
description "Team Cymru Bogons"
multihop 255
import {
policy ["RP_IMPORT_BOGONS"]
}
export {
policy ["DENY_ALL"]
}
}
neighbor "X.X.X.X" {
description "Team Cymru Bogons IPv4 Session #1"
group "BOGONS"
peer-as 65332
family {
ipv4 true
}
authentication-key {
authentication-key-hash <Password>
}
prefix-limit ipv4 {
maximum 10000
}
}
neighbor "X.X.X.X" {
description "Team Cymru Bogons IPv4 Session #2"
group "BOGONS"
peer-as 65332
family {
ipv4 true
}
authentication-key {
authentication-key-hash <Password>
}
prefix-limit ipv4 {
maximum 10000
}
}
neighbor "X:X:X:X" {
description "Team Cymru Bogons IPv6 Session #1"
group "BOGONS"
peer-as 65332
family {
ipv6 true
}
authentication-key {
authentication-key-hash <Password>
}
prefix-limit ipv6 {
maximum 150000
}
}
neighbor "X:X:X:X" {
description "Team Cymru Bogons IPv6 Session #2"
group "BOGONS"
peer-as 65332
family {
ipv6 true
}
authentication-key {
authentication-key-hash <Password>
}
prefix-limit ipv6 {
maximum 150000
}
}
static-routes {
route X.X.X.X route-type unicast {
blackhole {
admin-state enable
}
}
route X:X:X:X route-type unicast {
blackhole {
admin-state enable
}
}
}
}
}
Courtesy of Fulvio Picecchi
PLEASE NOTE: For traditional bogons you only need to update the remote-as directive.
!!!!!!!!!!!!!!!
router bgp <Your-ASN>
neighbor x.x.x.x
remote-as 65332
ebgp-multihop 255
password clear <Password>
description Team CYMRU full bogons
! Establish BGP session from local IP address
update-source Loopback0
address-family ipv4 unicast
route-policy CYMRU-IN in
! You may need to adjust depending to actual levels
maximum-prefix 5000 85
route-policy CYMRU-OUT out
soft-reconfiguration inbound always
!
!
neighbor XXXX:XXX:XXXX::XXXX:XXXX
remote-as 65332
ebgp-multihop 255
password clear <Password>
description Team CYMRU full bogons
! Establish BGP session from local IP address
update-source Loopback0
address-family ipv6 unicast
route-policy CYMRU-IN in
! You may need to adjust depending to actual levels
maximum-prefix 100000 90
route-policy CYMRU-OUT out
soft-reconfiguration inbound always
!
!
!
interface Loopback0
ipv4 address x.x.x.x 255.255.255.255
ipv6 address XXXX:XXX:XXXX::XXXX:XXXX/128
!
! set next-hop discard has been introduced in Cisco IOS XR Version 4.3.0
! if not available you may need to configure your router with local route to
Null0
route-policy CYMRU-IN
if community matches-every (65332:888, no-export) then
set next-hop discard
pass
endif
end-policy
!
route-policy CYMRU-OUT
! Don't export anything to Team Cymru
drop
end-policy
!
!!!!!!!!!!!!!!!
#
bgp <ASN number>
peer A.B.C.D as-number 65332
peer A.B.C.D description CYMRU_BOGONS.v4
peer A.B.C.D ebgp-max-hop 255
peer A.B.C.D password cipher <password>
peer XXXX:XXXX::XXXX:XXXX as-number 65332
peer XXXX:XXXX::XXXX:XXXX description CYMRU_BOGONS.v6
peer XXXX:XXXX::XXXX:XXXX ebgp-max-hop 255
peer XXXX:XXXX::XXXX:XXXX password cipher <password>
#
ipv4-family unicast
peer A.B.C.D enable
peer A.B.C.D route-policy CYMRU_BOGONS-in import
peer A.B.C.D route-policy CYMRU_BOGONS-out export # ipv6-family unicast
peer XXXX:XXXX::XXXX:XXXX enable
peer XXXX:XXXX::XXXX:XXXX route-policy CYMRU_BOGONS_v6-in import
peer XXXX:XXXX::XXXX:XXXX route-policy CYMRU_BOGONS_v6-out export
#
route-policy CYMRU_BOGONS-in permit node 10
if-match community-filter 2
apply ip-address next-hop 192.0.2.1
#
route-policy CYMRU_BOGONS-out deny node 10
if-match ip-prefix CYMRU_BOGONS-out
#
route-policy CYMRU_BOGONS_v6-in permit node 10
if-match community-filter 2
apply ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1
#
route-policy CYMRU_BOGONS_v6-out deny node 10
if-match ipv6 address prefix-list CYMRU_BOGONS_v6-out
#
ip ip-prefix CYMRU_BOGONS-out index 10 deny 0.0.0.0 0 less-equal 32
#
ip community-filter 2 permit 888
ip community-filter 2 permit 65332:888
ip community-filter 2 permit no-advertise
ip community-filter 2 permit no-export
#
ip route-static 192.0.2.1 255.255.255.255 NULL0 description
BLACKHOLE_BOGONS
#
ipv6 route-static 2001:DB8:0:DEAD:BEEF::1 128 NULL0 description
BLACKHOLE_BOGONS
#
ip ipv6-prefix CYMRU_BOGONS_v6-out index 10 deny :: 0 less-equal 128
#
Note: You can receive both IPv4 and IPv6 fullbogons over IPv4 transport. If you only requested one set of fullbogons, simply remove all references to the other set from the example above.
