!
! Cisco IOS-XE Sample Configuration
! Covers: Interfaces, VRF, BGP, OSPF, Route-maps, Prefix-lists
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1-IOSXE
!
!
vrf definition MGMT
 rd 65000:999
 !
 address-family ipv4
 exit-address-family
!
vrf definition CUSTOMER_A
 rd 65000:100
 route-target export 65000:100
 route-target import 65000:100
 route-target import 65000:200
 !
 address-family ipv4
  route-map IMPORT_FILTER import
  route-map EXPORT_FILTER export
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
interface Loopback0
 description Router ID and Management
 ip address 10.0.0.1 255.255.255.255
 ipv6 address 2001:DB8::1/128
 ip ospf 1 area 0.0.0.0
 ipv6 ospf 1 area 0
!
interface Loopback100
 description BGP Update Source
 ip address 192.168.1.1 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 description Uplink to ISP1
 ip address 10.100.1.2 255.255.255.252
 negotiation auto
 cdp enable
 lldp transmit
 lldp receive
 no shutdown
!
interface GigabitEthernet2
 description Core Link to R2
 ip address 10.1.1.1 255.255.255.252
 ip ospf 1 area 0
 ip ospf cost 10
 ip ospf network point-to-point
 ip ospf bfd
 negotiation auto
 no shutdown
!
interface GigabitEthernet3
 description NSSA Area Link
 ip address 10.1.2.1 255.255.255.252
 ip ospf 1 area 1
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 SecureKey123
 ip ospf priority 100
 negotiation auto
 no shutdown
!
interface GigabitEthernet4
 description Customer A VRF Interface
 vrf forwarding CUSTOMER_A
 ip address 172.16.1.1 255.255.255.0
 negotiation auto
 no shutdown
!
interface TenGigabitEthernet1/0/1
 description 10G Core Link
 ip address 10.2.1.1 255.255.255.252
 ip ospf 1 area 0
 ip ospf network point-to-point
 no negotiation auto
 no shutdown
!
interface Port-channel10
 description Etherchannel to Distribution
 ip address 10.3.1.1 255.255.255.252
 ip ospf 1 area 0
 no shutdown
!
interface TenGigabitEthernet1/0/2
 description Port-channel member
 channel-group 10 mode active
 no shutdown
!
interface TenGigabitEthernet1/0/3
 description Port-channel member
 channel-group 10 mode active
 no shutdown
!
interface Tunnel10
 description GRE to Branch Site
 ip address 172.31.10.1 255.255.255.252
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source Loopback0
 tunnel destination 10.0.0.10
 tunnel mode gre ip
 ip ospf 1 area 0
 ip ospf network point-to-point
!
interface Vlan10
 description Data VLAN
 ip address 192.168.10.1 255.255.255.0
 ip helper-address 192.168.100.10
 standby version 2
 standby 10 ip 192.168.10.254
 standby 10 timers 1 3
 standby 10 priority 120
 standby 10 preempt
 standby 10 authentication md5 key-string MyHSRPKey
 no shutdown
!
interface Vlan20
 description Voice VLAN
 ip address 192.168.20.1 255.255.255.0
 ip helper-address 192.168.100.10
 vrrp 20 ip 192.168.20.254
 vrrp 20 priority 110
 vrrp 20 preempt
 no shutdown
!
!
router ospf 1
 router-id 10.0.0.1
 log-adjacency-changes detail
 auto-cost reference-bandwidth 100000
 bfd all-interfaces
 passive-interface default
 no passive-interface GigabitEthernet2
 no passive-interface GigabitEthernet3
 no passive-interface TenGigabitEthernet1/0/1
 no passive-interface Port-channel10
 no passive-interface Tunnel10
 area 1 nssa no-summary default-information-originate
 area 1 authentication message-digest
 area 0 range 10.0.0.0 255.255.0.0
 redistribute bgp 65000 subnets route-map BGP_TO_OSPF metric 100
 redistribute connected subnets route-map CONNECTED_TO_OSPF
 default-information originate always metric 1 metric-type 1 route-map DEFAULT_ROUTE_CHECK
 max-lsa 12000
!
!
router bgp 65000
 bgp router-id 192.168.1.1
 bgp log-neighbor-changes
 bgp deterministic-med
 bgp bestpath as-path multipath-relax
 bgp bestpath compare-routerid
 bgp bestpath med missing-as-worst
 bgp graceful-restart
 neighbor RR_CLIENTS peer-group
 neighbor RR_CLIENTS remote-as 65000
 neighbor RR_CLIENTS update-source Loopback100
 neighbor RR_CLIENTS password MyIBGPPass
 neighbor RR_CLIENTS send-community both
 neighbor RR_CLIENTS route-reflector-client
 neighbor 192.168.1.2 peer-group RR_CLIENTS
 neighbor 192.168.1.2 description R2-RR-Client
 neighbor 192.168.1.3 peer-group RR_CLIENTS
 neighbor 192.168.1.3 description R3-RR-Client
 neighbor 192.168.1.4 peer-group RR_CLIENTS
 neighbor 192.168.1.4 description R4-RR-Client
 neighbor 10.100.1.1 remote-as 65001
 neighbor 10.100.1.1 description ISP1-Primary
 neighbor 10.100.1.1 ebgp-multihop 2
 neighbor 10.100.1.1 update-source GigabitEthernet1
 neighbor 10.100.1.1 password MyEBGPPass
 neighbor 10.100.1.1 timers 10 30
 neighbor 10.100.1.1 route-map ISP1_IN in
 neighbor 10.100.1.1 route-map ISP1_OUT out
 neighbor 10.100.1.1 prefix-list ISP1_PREFIX_IN in
 neighbor 10.100.1.1 maximum-prefix 500000 85 restart 30
 neighbor 10.100.2.1 remote-as 65002
 neighbor 10.100.2.1 description ISP2-Backup
 neighbor 10.100.2.1 ebgp-multihop 2
 neighbor 10.100.2.1 route-map ISP2_IN in
 neighbor 10.100.2.1 route-map ISP2_OUT out
 !
 address-family ipv4
  network 10.0.0.0 mask 255.255.0.0
  network 192.168.1.0 mask 255.255.255.0
  aggregate-address 10.0.0.0 255.255.0.0 summary-only
  redistribute ospf 1 route-map OSPF_TO_BGP
  redistribute connected route-map CONNECTED_TO_BGP
  neighbor RR_CLIENTS activate
  neighbor RR_CLIENTS next-hop-self
  neighbor RR_CLIENTS soft-reconfiguration inbound
  neighbor 192.168.1.2 activate
  neighbor 192.168.1.3 activate
  neighbor 192.168.1.4 activate
  neighbor 10.100.1.1 activate
  neighbor 10.100.1.1 send-community
  neighbor 10.100.2.1 activate
  maximum-paths 8
  maximum-paths ibgp 8
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8::/32
  neighbor 2001:DB8:100::1 remote-as 65001
  neighbor 2001:DB8:100::1 activate
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER_A
  neighbor 172.16.1.10 remote-as 65100
  neighbor 172.16.1.10 description Customer-A-CE-Router
  neighbor 172.16.1.10 activate
  neighbor 172.16.1.10 as-override
  neighbor 172.16.1.10 route-map CUSTOMER_A_IN in
  neighbor 172.16.1.10 route-map CUSTOMER_A_OUT out
  neighbor 172.16.1.10 maximum-prefix 10000
  redistribute connected
  redistribute static
 exit-address-family
!
!
ip prefix-list ISP1_PREFIX_IN seq 5 description Accept default only
ip prefix-list ISP1_PREFIX_IN seq 10 permit 0.0.0.0/0
ip prefix-list ISP1_PREFIX_IN seq 100 deny 0.0.0.0/0 le 32
!
ip prefix-list ISP1_PREFIX_OUT seq 10 permit 10.0.0.0/16 le 24
ip prefix-list ISP1_PREFIX_OUT seq 20 permit 192.168.0.0/16 le 24
ip prefix-list ISP1_PREFIX_OUT seq 100 deny 0.0.0.0/0 le 32
!
ip prefix-list CONNECTED_LOOPBACKS seq 10 permit 10.0.0.0/24 le 32
ip prefix-list CONNECTED_LOOPBACKS seq 20 permit 192.168.1.0/24 le 32
!
ip prefix-list CUSTOMER_A_ALLOWED seq 10 permit 172.16.0.0/16 le 24
ip prefix-list CUSTOMER_A_ALLOWED seq 20 permit 192.168.0.0/16 le 32
!
!
route-map ISP1_IN permit 10
 description Accept default from ISP1 with high local-pref
 match ip address prefix-list ISP1_PREFIX_IN
 set local-preference 250
 set metric 50
 set community 65000:100 additive
!
route-map ISP1_IN deny 100
!
route-map ISP1_OUT permit 10
 description Advertise aggregated prefixes to ISP1
 match ip address prefix-list ISP1_PREFIX_OUT
 set as-path prepend 65000
 set community 65000:200
 set metric 100
!
route-map ISP1_OUT deny 100
!
route-map ISP2_IN permit 10
 description Accept default from ISP2 with lower local-pref
 set local-preference 150
 set metric 100
 set community 65000:101 additive
!
route-map ISP2_OUT permit 10
 description Advertise to ISP2 with AS-path prepend
 match ip address prefix-list ISP1_PREFIX_OUT
 set as-path prepend 65000 65000 65000
 set community 65000:201
!
route-map OSPF_TO_BGP permit 10
 description Redistribute OSPF routes to BGP
 match ip address prefix-list CONNECTED_LOOPBACKS
 set metric 500
 set origin igp
 set community no-export
!
route-map OSPF_TO_BGP deny 100
!
route-map BGP_TO_OSPF permit 10
 description Redistribute BGP routes to OSPF
 set metric 1000
 set metric-type type-1
 set tag 65000
!
route-map BGP_TO_OSPF deny 100
!
route-map CONNECTED_TO_BGP permit 10
 description Redistribute connected routes to BGP
 match ip address prefix-list CONNECTED_LOOPBACKS
 set origin igp
 set community 65000:300
!
route-map CONNECTED_TO_BGP deny 100
!
route-map CONNECTED_TO_OSPF permit 10
 description Redistribute connected to OSPF
 match ip address prefix-list CONNECTED_LOOPBACKS
!
route-map CONNECTED_TO_OSPF deny 100
!
route-map DEFAULT_ROUTE_CHECK permit 10
 description Check before advertising default in OSPF
!
route-map IMPORT_FILTER permit 10
 description VRF import policy
 set community 65000:100 additive
!
route-map EXPORT_FILTER permit 10
 description VRF export policy
 set community 65000:200 additive
!
route-map CUSTOMER_A_IN permit 10
 description Customer A inbound policy
 match ip address prefix-list CUSTOMER_A_ALLOWED
 set local-preference 180
 set community 65000:400 additive
!
route-map CUSTOMER_A_IN deny 100
!
route-map CUSTOMER_A_OUT permit 10
 description Customer A outbound policy
 set community 65000:500
!
!
end