Last active
March 20, 2023 00:32
-
-
Save shsingh/0cfbd32e8cd05ebda27c6c22c208ecfc to your computer and use it in GitHub Desktop.
Revisions
-
shsingh revised this gist
Mar 20, 2023 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,3 @@ - Ensure 'bash' access to device - SSH into device - Configure device before BGP -
Mar 19, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,25 @@ router bgp <BGP_ASN> no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 30 redistribute kernel timers bgp 4 12 neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> remote-as <BGP_REMOTE_AS_SUBSCRIBER_PEER> neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> fall-over bfd neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> activate neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> next-hop-self neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> soft-reconfiguration inbound neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> prefix-list ipv4-subscriber-only in neighbor <BGP_NEIGHBOUR_SUBSCRIBER_PEER> prefix-list default-only out neighbor <BGP_NEIGHBOUR_INTERNET_PEER> remote-as <BGP_REMOTE_AS_INTERNET_PEER> neighbor <BGP_NEIGHBOUR_INTERNET_PEER> fall-over bfd neighbor <BGP_NEIGHBOUR_INTERNET_PEER> activate neighbor <BGP_NEIGHBOUR_INTERNET_PEER> soft-reconfiguration inbound neighbor <BGP_NEIGHBOUR_INTERNET_PEER> prefix-list default-only in neighbor <BGP_NEIGHBOUR_INTERNET_PEER> prefix-list ipv4-cgnat-only out ! ! ip prefix-list default-only seq 5 permit 0.0.0.0/0 ip prefix-list ipv4-cgnat-only seq 5 permit <CGNAT_V4_CIDR> ip prefix-list ipv4-subscriber-only seq 5 permit <SUBSCRIBER_V4_CIDR> ! This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,59 @@ ############################# POWER UP =========================== tmsh modify sys management-route default gateway <OOB_DEFAULT_ROUTE> tmsh sys save config ### Activate License get_dossier -b <key> ### log into the license portal and get a license for the dossier cd /config vi bigip.license :%d ### paste the content of the provided license and save and exit :wq ### Reload License reloadlic #### Enable CGNAT tmsh mod sys feature-module cgnat enabled tmsh save sys config #### Change Device Name #### tmsh modify /sys global-settings hostname <DEVICE_HOSTNAME> tmsh save sys config #### Renew cert bigstart stop httpd cd /config/httpd/conf/ssl.crt/ mv -f server.crt server.crt.old cd /config/httpd/conf/ssl.key/ mv -f server.key server.key.old tmsh create sys crypto key server.key consumer webserver key-type rsa-private security-type normal key-size 2048 tmsh create sys crypto cert server.crt consumer webserver key server.key lifetime 3650 common-name <DEVICE_HOSTNAME> organization <ORGANISATION> ou <CITY_CODE> city <CITY> state <STATE> country <COUNTRY> bigstart start httpd ##### Create Trunks tmsh create net trunk <TRUNK_NAME> interfaces add { <INTERFACES_IN_TRUNK> } lacp enabled lacp-mode passive lacp-timeout long distribution-hash src-dst-ipport link-select-policy auto ##### Create VLANs tmsh create net vlan vl_subscriber app-service none cmp-hash src-ip interfaces add { <TRUNK_NAME> { tagged } } tag <VLAN_SUBSCRIBER> tmsh create net vlan vl_internet app-service none cmp-hash dst-ip interfaces add { <TRUNK_NAME> { tagged } } tag <VLAN_INTERNET> tmsh create net vlan vl_control app-service none cmp-hash src-ip interfaces add { <TRUNK_NAME> { tagged } } tag <VLAN_CONTROL> #### Create Route Domains tmsh create net route-domain Internet { id 100 routing-protocol { BGP } vlans { <VLAN_INTERNET> <VLAN_SUBSCRIBER> } } tmsh create net route-domain Control { id 500 routing-protocol { OSPFv2 } vlans { <VLAN_CONTROL> } } #### create SELF IPs tmsh create net self self_subcriber_v4 { address <SELFIP_SUBSCRIBER_V4>%100/<SELFIP_SUBSCRIBER_V4_SUBNET_MASK> traffic-group traffic-group-1 vlan <VLAN_SUBSCRIBER> } tmsh create net self self_internet_v4 { address <SELFIP_INTERNET_V4>%100/<SELFIP_INTERNET_V4_SUBNET_MASK> traffic-group traffic-group-1 vlan <VLAN_INTERNET> } tmsh create net self self_control_v4 { address <SELFIP_CONTROL_V4>%500/<SELFIP_CONTROL_V4_SUBNET_MASK> traffic-group traffic-group-1 vlan <VLAN_CONTROL> }