aboutsummaryrefslogblamecommitdiffstats
path: root/roles/space_server/files/bird.conf
blob: 31904f2c18977f6c0998becf447d81e54ebad1e2 (plain) (tree)






















                                           
                            
                            
 









                              



                              



                              



                              







                             

                       





                                                                      







                                                             




                                                         




                                                         
                                             












                                                
                                       



                       
                                             


               




                                         

                         


                                                 



                                          


                                                 






                                                                  
                                        





















































































                                                         
                     




                                                 
                     




                                                          
                     




                                                          
                     





                                              
                     











                                                                                     
                     







                                                                                     

                       










                                                                                     








                                                                                     
                                                                 

          












                                                                                     
#
# BIRD 2 configuration for AS205235 Labitat
#

log syslog all;
#debug protocols all;
debug protocols { events, states };

watchdog warning 5 s;
watchdog timeout 30 s;

timeformat base     iso long;
timeformat log      iso long;
timeformat protocol iso long;
timeformat route    iso long;

router id 185.38.175.0;

# functions and filters

define local_asn   = 205235;
define fiberby_asn = 42541;
define asbjorn_asn = 207727;
define graffen_asn = 209616;
define hafnium_asn = 211153;

define asbjorn_prefixes_v4 = [
	194.165.56.0/24,
	194.165.58.0/24
];

define asbjorn_prefixes_v6 = [
	2a10:2a80:ac::/48,
	2a10:2a80:1ab::/48
];

define graffen_prefixes_v4 = [
	44.145.128.0/24
];

define graffen_prefixes_v6 = [
	2001:678:15c::/48
];

define hafnium_prefixes_v6 = [
	2a0e:8f02:f034::/48
];

# large communities
define lc_f_type = 1;

define lc_type_transit   = 1;
define lc_type_peering   = 2;
define lc_type_customer  = 3;
define lc_type_originate = 4;

# functions and filters

function set_peer_type(int new_type)
{
	bgp_large_community.delete([(local_asn, lc_f_type, *)]);
	bgp_large_community.add(    (local_asn, lc_f_type, new_type));
}

function is_default_route() {
	case net.type {
		NET_IP4: if net = 0.0.0.0/0 then return true;
		NET_IP6: if net = ::/0 then return true;
	}
	return false;
}

function is_propagated_route(){
	return bgp_large_community ~ [
		(local_asn, lc_f_type, lc_type_customer),
		(local_asn, lc_f_type, lc_type_originate)
		];
}

filter kernel_export {
	if source !~ [ RTS_BGP, RTS_STATIC ] then reject;
	if is_default_route() then accept;
	if is_propagated_route() then accept;
	reject;
}

function honor_graceful_shutdown()
{
	# RFC 8326 Graceful BGP Session Shutdown
	if (65535, 0) ~ bgp_community then {
		bgp_local_pref = 0;
	}
}

filter transit_import {
	honor_graceful_shutdown();
	set_peer_type(lc_type_transit);
	accept;
}

filter transit_export {
	if is_propagated_route() then accept;
	reject;
}

filter import_originating {
	set_peer_type(lc_type_originate);
	accept;
}

# generate local routes
protocol static static4 {
	ipv4 {
		import filter import_originating;
	};
	route 185.38.175.0/24 unreachable;
}

protocol static static6 {
	ipv6 {
		import filter import_originating;
	};
	route 2a01:4262:1ab::/48 unreachable;
}

# customer import
function customer_import(int peer_asn; prefix set peer_prefixes) {
	if net !~ peer_prefixes then reject;
	if bgp_path.first != peer_asn then reject;
	set_peer_type(lc_type_customer);
	accept;
}

# customer export functions
function customer_export_default_only() {
	if !is_default_route() then reject;
	accept;
}

function customer_export_dfz() {
	if source !~ [ RTS_BGP, RTS_STATIC ] then reject;
	if is_default_route() then reject;
	accept;
}

function customer_export_and_default() {
	if is_default_route() then {
		customer_export_default_only();
	} else {
		customer_export_dfz();
	}
}


# define basic protocols
protocol device {}

protocol direct {
	ipv4;
	ipv6;
}

protocol kernel kernel4 {
	ipv4 {
		import none;
		export filter kernel_export;
	};
	learn;
	persist;
	graceful restart;
	merge paths;
}

protocol kernel kernel6 {
	ipv6 {
		import none;
		export filter kernel_export;
	};
	learn;
	persist;
	graceful restart;
	merge paths;
}


# templates
template bgp bgp_customer {
	default bgp_local_pref 150;
}

template bgp bgp_transit_v4 {
	default bgp_local_pref 100;
	ipv4 {
		import limit off;
		receive limit off;
		import keep filtered on;
		import filter transit_import;
		export filter transit_export;
	};
}

template bgp bgp_transit_v6 {
	default bgp_local_pref 100;
	ipv6 {
		import limit off;
		receive limit off;
		import keep filtered on;
		import filter transit_import;
		export filter transit_export;
	};
}

# Transit
protocol bgp fiberby_tgc_v4 from bgp_transit_v4 {
	local 193.106.167.41 as local_asn;
	neighbor 193.106.167.40 as fiberby_asn;
	ttl security;
}

protocol bgp fiberby_inx_v4 from bgp_transit_v4 {
	local 193.106.167.43 as local_asn;
	neighbor 193.106.167.42 as fiberby_asn;
	ttl security;
}

protocol bgp fiberby_tgc_v6 from bgp_transit_v6 {
	local 2a03:5440:1:2935:1ab:1::2 as local_asn;
	neighbor 2a03:5440:1:2935:1ab:1::1 as fiberby_asn;
	ttl security;
}

protocol bgp fiberby_inx_v6 from bgp_transit_v6 {
	local 2a03:5440:1:2935:1ab:2::2 as local_asn;
	neighbor 2a03:5440:1:2935:1ab:2::1 as fiberby_asn;
	ttl security;
}

# BGP customer: asbjorn
protocol bgp asbjorn_ipv4 from bgp_customer {
	local 185.38.175.65 as local_asn;
	neighbor 185.38.175.75 as asbjorn_asn;
	ttl security;
	ipv4 {
		import limit 10 action block;
		receive limit 20 action disable;
		import keep filtered on;
		import filter { customer_import(asbjorn_asn, asbjorn_prefixes_v4); };
		export filter { customer_export_default_only(); };
	};
}

protocol bgp asbjorn_ipv6 from bgp_customer {
	local 2a01:4262:1ab:20::1 as local_asn;
	neighbor 2a01:4262:1ab:20::75 as asbjorn_asn;
	ttl security;
	ipv6 {
		import limit 10 action block;
		receive limit 20 action disable;
		import keep filtered on;
		import filter { customer_import(asbjorn_asn, asbjorn_prefixes_v6); };
		export filter { customer_export_default_only(); };
	};
}

# BGP customer: graffen
protocol bgp graffen_ipv4 from bgp_customer {
	local 185.38.175.65 as local_asn;
	neighbor 185.38.175.78 as graffen_asn;
	ipv4 {
		import limit 10 action block;
		receive limit 20 action disable;
		import keep filtered on;
		import filter { customer_import(graffen_asn, graffen_prefixes_v4); };
		export filter { customer_export_and_default(); };
	};
}

protocol bgp graffen_ipv6 from bgp_customer {
	local 2a01:4262:1ab:20::1 as local_asn;
	neighbor 2a01:4262:1ab:20::78 as graffen_asn;
	ipv6 {
		import limit 10 action block;
		receive limit 20 action disable;
		import keep filtered on;
		import filter { customer_import(graffen_asn, graffen_prefixes_v6); };
		export filter { customer_export_and_default(); };
	};
}

# BGP customer: hafnium
protocol bgp hafnium_ipv6 from bgp_customer {
	local 2a01:4262:1ab:20::1 as local_asn;
	neighbor 2a01:4262:1ab:20::81 as hafnium_asn;
	ipv6 {
		import limit 10 action block;
		receive limit 20 action disable;
		import keep filtered on;
		import filter { customer_import(hafnium_asn, hafnium_prefixes_v6); };
		export filter { customer_export_and_default(); };
	};
}