!Command: show running-config
!Running configuration last done at: Wed Feb 19 12:00:00 2025
!Time: Wed Feb 19 12:00:00 2025

version 10.3(3) Bios:version
hostname R1-NXOS

feature telnet
feature ospf
feature bgp
feature interface-vlan
feature hsrp
feature lacp
feature vpc
feature lldp
feature bfd

vrf context management
vrf context CUSTOMER_A
  rd 65000:100
  address-family ipv4 unicast
    route-target import 65000:100
    route-target import 65000:200
    route-target export 65000:100
    route-map import IMPORT_FILTER
    route-map export EXPORT_FILTER
  address-family ipv6 unicast

vrf context CUSTOMER_B
  rd 65000:200
  address-family ipv4 unicast
    route-target both 65000:200

interface Vlan1

interface Vlan10
  description Data VLAN
  no shutdown
  ip address 192.168.10.1/24
  hsrp version 2
  hsrp 10
    preempt
    priority 120
    authentication md5 key-string MyHSRPKey
    ip 192.168.10.254

interface Vlan20
  description Voice VLAN
  no shutdown
  ip address 192.168.20.1/24
  vrrp 20
    priority 110
    address 192.168.20.254

interface port-channel10
  description Port-channel to Distribution
  no switchport
  ip address 10.3.1.1/30
  ip router ospf 1 area 0.0.0.0
  ip ospf network point-to-point

interface Ethernet1/1
  description Core Link to R2
  no switchport
  ip address 10.1.1.1/30
  ip router ospf 1 area 0.0.0.0
  ip ospf cost 10
  ip ospf network point-to-point
  ip ospf bfd
  no shutdown

interface Ethernet1/2
  description NSSA Area Link
  no switchport
  ip address 10.1.2.1/30
  ip router ospf 1 area 0.0.0.1
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 SecureKey123
  ip ospf priority 100
  no shutdown

interface Ethernet1/3
  description VRF Customer A
  no switchport
  vrf member CUSTOMER_A
  ip address 172.16.1.1/24
  no shutdown

interface Ethernet1/4
  description ISP Uplink
  no switchport
  ip address 10.100.1.2/30
  no shutdown

interface Ethernet1/10
  description Bundle member
  channel-group 10 mode active
  no shutdown

interface Ethernet1/11
  description Bundle member
  channel-group 10 mode active
  no shutdown

interface Ethernet1/20
  description 40G Core Link
  no switchport
  mtu 9216
  ip address 10.2.1.1/30
  ip router ospf 1 area 0.0.0.0
  ip ospf network point-to-point
  no shutdown

interface loopback0
  description Router ID and Management
  ip address 10.0.0.1/32
  ip router ospf 1 area 0.0.0.0
  ip ospf network point-to-point

interface loopback100
  description BGP Update Source
  ip address 192.168.1.1/32
  ip router ospf 1 area 0.0.0.0

interface tunnel10
  ip address 172.31.10.1/30
  tunnel mode gre ip
  tunnel source loopback0
  tunnel destination 10.0.0.10
  ip router ospf 1 area 0.0.0.0
  ip ospf network point-to-point
  ip ospf cost 100

router ospf 1
  router-id 10.0.0.1
  log-adjacency-changes detail
  auto-cost reference-bandwidth 100000 Gbps
  bfd
  passive-interface default
  area 0.0.0.0 range 10.0.0.0/16
  area 0.0.0.1 nssa no-summary default-information-originate
  area 0.0.0.1 authentication message-digest
  redistribute bgp 65000 route-map BGP_TO_OSPF
  redistribute direct route-map CONNECTED_TO_OSPF
  default-information originate always route-map DEFAULT_ROUTE_CHECK metric 10 metric-type 1
  max-lsa 12000

route-map BGP_TO_OSPF permit 10
  set metric 1000
  set metric-type type-1
  set tag 65000
route-map BGP_TO_OSPF deny 100

route-map CONNECTED_TO_OSPF permit 10
  match ip address prefix-list CONNECTED_LOOPBACKS
route-map CONNECTED_TO_OSPF deny 100

route-map DEFAULT_ROUTE_CHECK permit 10

router bgp 65000
  router-id 192.168.1.1
  log-neighbor-changes
  bestpath as-path multipath-relax
  bestpath compare-routerid
  bestpath med missing-as-worst
  graceful-restart
  graceful-restart restart-time 120
  graceful-restart stalepath-time 360
  address-family ipv4 unicast
    network 10.0.0.0/16
    network 192.168.1.0/24
    aggregate-address 10.0.0.0/16 summary-only
    redistribute ospf 1 route-map OSPF_TO_BGP
    redistribute direct route-map CONNECTED_TO_BGP
    maximum-paths 8
    maximum-paths ibgp 8
  address-family ipv6 unicast
    network 2001:db8::/32
  template peer RR_CLIENTS
    remote-as 65000
    update-source loopback100
    password 3 MyIBGPEncryptedPass
    address-family ipv4 unicast
      send-community
      send-community extended
      route-reflector-client
      next-hop-self
      soft-reconfiguration inbound always
  neighbor 192.168.1.2
    inherit peer RR_CLIENTS
    description R2-RR-Client
    address-family ipv4 unicast
  neighbor 192.168.1.3
    inherit peer RR_CLIENTS
    description R3-RR-Client
    address-family ipv4 unicast
  neighbor 192.168.1.4
    inherit peer RR_CLIENTS
    description R4-RR-Client
    address-family ipv4 unicast
  neighbor 10.100.1.1
    remote-as 65001
    description ISP1-Primary-EBGP
    ebgp-multihop 2
    update-source Ethernet1/4
    password 3 MyEBGPEncryptedPass
    timers 10 30
    address-family ipv4 unicast
      send-community
      route-map ISP1_IN in
      route-map ISP1_OUT out
      prefix-list ISP1_PREFIX_IN in
      maximum-prefix 500000 85 restart 30
  neighbor 10.100.2.1
    remote-as 65002
    description ISP2-Backup-EBGP
    ebgp-multihop 2
    address-family ipv4 unicast
      route-map ISP2_IN in
      route-map ISP2_OUT out
  vrf CUSTOMER_A
    address-family ipv4 unicast
      redistribute direct
      redistribute static
    neighbor 172.16.1.10
      remote-as 65100
      description Customer-A-CE-Router
      address-family ipv4 unicast
        as-override
        route-map CUSTOMER_A_IN in
        route-map CUSTOMER_A_OUT out
        maximum-prefix 10000

ip prefix-list ISP1_PREFIX_IN seq 5 description Accept default only
ip prefix-list ISP1_PREFIX_IN seq 10 permit 0.0.0.0/0
ip prefix-list ISP1_PREFIX_IN seq 100 deny 0.0.0.0/0 le 32

ip prefix-list ISP1_PREFIX_OUT seq 10 permit 10.0.0.0/16 le 24
ip prefix-list ISP1_PREFIX_OUT seq 20 permit 192.168.0.0/16 le 24
ip prefix-list ISP1_PREFIX_OUT seq 100 deny 0.0.0.0/0 le 32

ip prefix-list CONNECTED_LOOPBACKS seq 10 permit 10.0.0.0/24 le 32
ip prefix-list CONNECTED_LOOPBACKS seq 20 permit 192.168.1.0/24 le 32

ip prefix-list CUSTOMER_A_ALLOWED seq 10 permit 172.16.0.0/16 le 24
ip prefix-list CUSTOMER_A_ALLOWED seq 20 permit 192.168.0.0/16 le 32

route-map ISP1_IN permit 10
  description Accept default from ISP1 with high local-pref
  match ip address prefix-list ISP1_PREFIX_IN
  set local-preference 250
  set metric 50
  set community 65000:100 additive
route-map ISP1_IN deny 100

route-map ISP1_OUT permit 10
  description Advertise aggregated prefixes to ISP1
  match ip address prefix-list ISP1_PREFIX_OUT
  set as-path prepend 65000
  set community 65000:200
  set metric 100
route-map ISP1_OUT deny 100

route-map ISP2_IN permit 10
  description Accept default from ISP2 with lower local-pref
  set local-preference 150
  set metric 100
  set community 65000:101 additive

route-map ISP2_OUT permit 10
  description Advertise to ISP2 with AS-path prepend
  match ip address prefix-list ISP1_PREFIX_OUT
  set as-path prepend 65000 65000 65000
  set community 65000:201

route-map OSPF_TO_BGP permit 10
  description Redistribute OSPF routes to BGP
  match ip address prefix-list CONNECTED_LOOPBACKS
  set metric 500
  set origin igp
  set community no-export
route-map OSPF_TO_BGP deny 100

route-map CONNECTED_TO_BGP permit 10
  description Redistribute connected routes to BGP
  match ip address prefix-list CONNECTED_LOOPBACKS
  set origin igp
  set community 65000:300
route-map CONNECTED_TO_BGP deny 100

route-map IMPORT_FILTER permit 10
  description VRF import policy
  set community 65000:100 additive

route-map EXPORT_FILTER permit 10
  description VRF export policy
  set community 65000:200 additive

route-map CUSTOMER_A_IN permit 10
  description Customer A inbound policy
  match ip address prefix-list CUSTOMER_A_ALLOWED
  set local-preference 180
  set community 65000:400 additive
route-map CUSTOMER_A_IN deny 100

route-map CUSTOMER_A_OUT permit 10
  description Customer A outbound policy
  set community 65000:500