From ca467c55d8bbd633870c1fcaff0677bc2c6eaa9f Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Sat, 29 Feb 2020 14:09:39 +0100 Subject: space_server: update to Fedora 31 --- roles/space_server/files/bird.conf | 231 +++++++++++++++++++++++++++++++++++++ 1 file changed, 231 insertions(+) create mode 100644 roles/space_server/files/bird.conf (limited to 'roles/space_server/files/bird.conf') diff --git a/roles/space_server/files/bird.conf b/roles/space_server/files/bird.conf new file mode 100644 index 0000000..acc191c --- /dev/null +++ b/roles/space_server/files/bird.conf @@ -0,0 +1,231 @@ +# +# BIRD 2 configuration for AS205235 Labitat +# + +log syslog all; +#debug protocols all; +debug protocols { events, states }; + +watchdog warning 5 s; +watchdog timeout 30 s; + +timeformat base iso long; +timeformat log iso long; +timeformat protocol iso long; +timeformat route iso long; + +router id 185.38.175.0; + +# functions and filters + +define local_asn = 205235; +define fiberby_asn = 42541; +define asbjorn_asn = 207727; + +define local_prefixes_v4 = [ + 185.38.175.0/24, + 194.165.56.0/24, + 194.165.58.0/24 +]; + +define local_prefixes_v6 = [ + 2a01:4262:1ab::/48, + 2a10:2a80:ac::/48, + 2a10:2a80:1ab::/48 +]; + +define asbjorn_prefixes_v4 = [ + 194.165.56.0/24, + 194.165.58.0/24 +]; + +define asbjorn_prefixes_v6 = [ + 2a10:2a80:ac::/48, + 2a10:2a80:1ab::/48 +]; + +# functions and filters + +function is_default_route() { + case net.type { + NET_IP4: if net = 0.0.0.0/0 then return true; + NET_IP6: if net = ::/0 then return true; + } + return false; +} + +function is_customer_route() { + case net.type { + NET_IP4: if net ~ local_prefixes_v4 then return true; + NET_IP6: if net ~ local_prefixes_v6 then return true; + } + return false; +} + +filter kernel_export { + if source !~ [ RTS_BGP, RTS_STATIC ] then reject; + if is_default_route() then accept; + if is_customer_route() then accept; + reject; +} + +function honor_graceful_shutdown() +{ + # RFC 8326 Graceful BGP Session Shutdown + if (65535, 0) ~ bgp_community then { + bgp_local_pref = 0; + } +} + +filter transit_import { + honor_graceful_shutdown(); + accept; +} + +filter transit_export { + if is_customer_route() then accept; + reject; +} + +# generate local routes +protocol static static4 { + ipv4; + route 185.38.175.0/24 unreachable; +} + +protocol static static6 { + ipv6; + route 2a01:4262:1ab::/48 unreachable; +} + +# customer import +function customer_import(int peer_asn; prefix set peer_prefixes) { + if net !~ peer_prefixes then reject; + if bgp_path.first != peer_asn then reject; + accept; +} + +# customer export functions +function customer_export_default_only() { + if !is_default_route() then reject; + accept; +} + +function customer_export_dfz() { + if source !~ [ RTS_BGP, RTS_STATIC ] then reject; + if is_default_route() then reject; + accept; +} + +function customer_export_and_default() { + if is_default_route() then { + customer_export_default_only(); + } else { + customer_export_dfz(); + } +} + + +# define basic protocols +protocol device {} + +protocol direct { + ipv4; + ipv6; +} + +protocol kernel kernel4 { + ipv4 { + import none; + export filter kernel_export; + }; + learn; + persist; + graceful restart; + merge paths; +} + +protocol kernel kernel6 { + ipv6 { + import none; + export filter kernel_export; + }; + learn; + persist; + graceful restart; + merge paths; +} + + +# templates +template bgp bgp_customer { + default bgp_local_pref 150; +} + +template bgp bgp_transit_v4 { + default bgp_local_pref 100; + ipv4 { + import limit off; + receive limit off; + import keep filtered on; + import filter transit_import; + export filter transit_export; + }; +} + +template bgp bgp_transit_v6 { + default bgp_local_pref 100; + ipv6 { + import limit off; + receive limit off; + import keep filtered on; + import filter transit_import; + export filter transit_export; + }; +} + +# Transit +protocol bgp fiberby_tgc_v4 from bgp_transit_v4 { + local 193.106.167.41 as local_asn; + neighbor 193.106.167.40 as fiberby_asn; +} + +protocol bgp fiberby_inx_v4 from bgp_transit_v4 { + local 193.106.167.43 as local_asn; + neighbor 193.106.167.42 as fiberby_asn; +} + +protocol bgp fiberby_tgc_v6 from bgp_transit_v6 { + local 2a03:5440:1:2935:1ab:1::2 as local_asn; + neighbor 2a03:5440:1:2935:1ab:1::1 as fiberby_asn; +} + +protocol bgp fiberby_inx_v6 from bgp_transit_v6 { + local 2a03:5440:1:2935:1ab:2::2 as local_asn; + neighbor 2a03:5440:1:2935:1ab:2::1 as fiberby_asn; +} + +# BGP customer: asbjorn +protocol bgp asbjorn_ipv4 from bgp_customer { + local 185.38.175.65 as local_asn; + neighbor 185.38.175.75 as asbjorn_asn; + ipv4 { + import limit 10 action block; + receive limit 20 action disable; + import keep filtered on; + import filter { customer_import(asbjorn_asn, asbjorn_prefixes_v4); }; + export filter { customer_export_default_only(); }; + }; +} + +protocol bgp asbjorn_ipv6 from bgp_customer { + local 2a01:4262:1ab:20::1 as local_asn; + neighbor 2a01:4262:1ab:20::75 as asbjorn_asn; + ipv6 { + import limit 10 action block; + receive limit 20 action disable; + import keep filtered on; + import filter { customer_import(asbjorn_asn, asbjorn_prefixes_v6); }; + export filter { customer_export_default_only(); }; + }; +} -- cgit v1.2.1