diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2020-02-29 14:09:39 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2020-02-29 23:48:24 +0100 |
commit | ca467c55d8bbd633870c1fcaff0677bc2c6eaa9f (patch) | |
tree | 563ec89a5690de52204379dab46556b0926d7a39 /roles/space_server/files/bird.conf | |
parent | 543907b4fb61a529f81e0cbe86fd7e7d967b6d60 (diff) | |
download | labitat-ansible-ca467c55d8bbd633870c1fcaff0677bc2c6eaa9f.tar.gz labitat-ansible-ca467c55d8bbd633870c1fcaff0677bc2c6eaa9f.tar.xz labitat-ansible-ca467c55d8bbd633870c1fcaff0677bc2c6eaa9f.zip |
space_server: update to Fedora 31
Diffstat (limited to 'roles/space_server/files/bird.conf')
-rw-r--r-- | roles/space_server/files/bird.conf | 231 |
1 files changed, 231 insertions, 0 deletions
diff --git a/roles/space_server/files/bird.conf b/roles/space_server/files/bird.conf new file mode 100644 index 0000000..acc191c --- /dev/null +++ b/roles/space_server/files/bird.conf @@ -0,0 +1,231 @@ +# +# BIRD 2 configuration for AS205235 Labitat +# + +log syslog all; +#debug protocols all; +debug protocols { events, states }; + +watchdog warning 5 s; +watchdog timeout 30 s; + +timeformat base iso long; +timeformat log iso long; +timeformat protocol iso long; +timeformat route iso long; + +router id 185.38.175.0; + +# functions and filters + +define local_asn = 205235; +define fiberby_asn = 42541; +define asbjorn_asn = 207727; + +define local_prefixes_v4 = [ + 185.38.175.0/24, + 194.165.56.0/24, + 194.165.58.0/24 +]; + +define local_prefixes_v6 = [ + 2a01:4262:1ab::/48, + 2a10:2a80:ac::/48, + 2a10:2a80:1ab::/48 +]; + +define asbjorn_prefixes_v4 = [ + 194.165.56.0/24, + 194.165.58.0/24 +]; + +define asbjorn_prefixes_v6 = [ + 2a10:2a80:ac::/48, + 2a10:2a80:1ab::/48 +]; + +# functions and filters + +function is_default_route() { + case net.type { + NET_IP4: if net = 0.0.0.0/0 then return true; + NET_IP6: if net = ::/0 then return true; + } + return false; +} + +function is_customer_route() { + case net.type { + NET_IP4: if net ~ local_prefixes_v4 then return true; + NET_IP6: if net ~ local_prefixes_v6 then return true; + } + return false; +} + +filter kernel_export { + if source !~ [ RTS_BGP, RTS_STATIC ] then reject; + if is_default_route() then accept; + if is_customer_route() then accept; + reject; +} + +function honor_graceful_shutdown() +{ + # RFC 8326 Graceful BGP Session Shutdown + if (65535, 0) ~ bgp_community then { + bgp_local_pref = 0; + } +} + +filter transit_import { + honor_graceful_shutdown(); + accept; +} + +filter transit_export { + if is_customer_route() then accept; + reject; +} + +# generate local routes +protocol static static4 { + ipv4; + route 185.38.175.0/24 unreachable; +} + +protocol static static6 { + ipv6; + route 2a01:4262:1ab::/48 unreachable; +} + +# customer import +function customer_import(int peer_asn; prefix set peer_prefixes) { + if net !~ peer_prefixes then reject; + if bgp_path.first != peer_asn then reject; + accept; +} + +# customer export functions +function customer_export_default_only() { + if !is_default_route() then reject; + accept; +} + +function customer_export_dfz() { + if source !~ [ RTS_BGP, RTS_STATIC ] then reject; + if is_default_route() then reject; + accept; +} + +function customer_export_and_default() { + if is_default_route() then { + customer_export_default_only(); + } else { + customer_export_dfz(); + } +} + + +# define basic protocols +protocol device {} + +protocol direct { + ipv4; + ipv6; +} + +protocol kernel kernel4 { + ipv4 { + import none; + export filter kernel_export; + }; + learn; + persist; + graceful restart; + merge paths; +} + +protocol kernel kernel6 { + ipv6 { + import none; + export filter kernel_export; + }; + learn; + persist; + graceful restart; + merge paths; +} + + +# templates +template bgp bgp_customer { + default bgp_local_pref 150; +} + +template bgp bgp_transit_v4 { + default bgp_local_pref 100; + ipv4 { + import limit off; + receive limit off; + import keep filtered on; + import filter transit_import; + export filter transit_export; + }; +} + +template bgp bgp_transit_v6 { + default bgp_local_pref 100; + ipv6 { + import limit off; + receive limit off; + import keep filtered on; + import filter transit_import; + export filter transit_export; + }; +} + +# Transit +protocol bgp fiberby_tgc_v4 from bgp_transit_v4 { + local 193.106.167.41 as local_asn; + neighbor 193.106.167.40 as fiberby_asn; +} + +protocol bgp fiberby_inx_v4 from bgp_transit_v4 { + local 193.106.167.43 as local_asn; + neighbor 193.106.167.42 as fiberby_asn; +} + +protocol bgp fiberby_tgc_v6 from bgp_transit_v6 { + local 2a03:5440:1:2935:1ab:1::2 as local_asn; + neighbor 2a03:5440:1:2935:1ab:1::1 as fiberby_asn; +} + +protocol bgp fiberby_inx_v6 from bgp_transit_v6 { + local 2a03:5440:1:2935:1ab:2::2 as local_asn; + neighbor 2a03:5440:1:2935:1ab:2::1 as fiberby_asn; +} + +# BGP customer: asbjorn +protocol bgp asbjorn_ipv4 from bgp_customer { + local 185.38.175.65 as local_asn; + neighbor 185.38.175.75 as asbjorn_asn; + ipv4 { + import limit 10 action block; + receive limit 20 action disable; + import keep filtered on; + import filter { customer_import(asbjorn_asn, asbjorn_prefixes_v4); }; + export filter { customer_export_default_only(); }; + }; +} + +protocol bgp asbjorn_ipv6 from bgp_customer { + local 2a01:4262:1ab:20::1 as local_asn; + neighbor 2a01:4262:1ab:20::75 as asbjorn_asn; + ipv6 { + import limit 10 action block; + receive limit 20 action disable; + import keep filtered on; + import filter { customer_import(asbjorn_asn, asbjorn_prefixes_v6); }; + export filter { customer_export_default_only(); }; + }; +} |