ffrl uplink and fastd split

1 files changed, 160 insertions, 0 deletions

diff --git a/roles/setup_ffrl_tunnel/templates/bird.conf b/roles/setup_ffrl_tunnel/templates/bird.conf
new file mode 100644
index 0000000..df242a6
--- /dev/null
+++ b/roles/setup_ffrl_tunnel/templates/bird.conf
@@ -0,0 +1,160 @@
+timeformat protocol iso long;
+
+log "bird.log" all;
+# debug protocols all;
+
+define ffrl_nat_address = {{ ffrl_ip4 }};
+
+define ffmyk_as = 65032; # private AS of ffmyk
+define ffrl_as = 201701; # public AS of rheinland
+
+router id ffrl_nat_address;
+
+ipv4 table ffrl4;
+ipv6 table ffrl6;
+
+function is_default4() {
+    return net ~ [
+        0.0.0.0/0
+    ];
+}
+
+function is_default6() {
+    return net ~ [
+        ::/0
+    ];
+}
+
+function is_ffrl_nat4() {
+    return net ~ [
+        {{ ffrl_ip4 }}/32
+    ];
+}
+
+function is_ffrl_public_nets6() {
+    return net ~ [
+        2a03:2260:1016::/48{48,56}
+    ];
+}
+
+function is_ffrl_tunnel_nets4() {
+    return net ~ [
+        100.64.0.0/10
+    ];
+}
+
+function is_ffrl_tunnel_nets6() {
+    return net ~ [
+        2a03:2260:0::/48
+    ];
+}
+
+# BGP Import Filter für Rheinland
+filter ebgp_ffrl_import_filter4 {
+    if is_default4() then accept;
+    reject;
+}
+
+# BGP Export Filter für Rheinland
+filter ebgp_ffrl_export_filter4 {
+    if is_ffrl_nat4() then accept;
+    reject;
+}
+
+filter ebgp_ffrl_import_filter6 {
+    if is_default6() then accept;
+    reject;
+}
+
+filter ebgp_ffrl_export_filter6 {
+    if is_ffrl_public_nets6() then accept;
+    reject;
+}
+
+protocol device {
+	scan time 10;
+}
+
+# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
+protocol static ffrl_uplink_hostroute4 {
+    ipv4 { table ffrl4; };
+    route {{ ffrl_ip4 }}/32 reject;
+}
+
+protocol static ffrl_public_routes6 {
+    ipv6 { table ffrl6; };
+    route 2a03:2260:1016::/48 reject;
+}
+
+# Wir legen die Transfernetze in die interne BIRD Routing Table
+#protocol direct {
+#    ipv4;
+#    table ffrl4;
+#    interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %};
+#    import where is_ffrl_tunnel_nets4();
+#}
+
+# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
+protocol kernel kernel_ffrl4 {
+    scan time 30;
+    ipv4 {
+		import none;
+		export filter {
+			krt_prefsrc = ffrl_nat_address;
+			accept;
+		};
+		table ffrl4;
+	};
+    kernel table 42;
+};
+
+protocol kernel kernel_ffrl6 {
+    scan time 30;
+	ipv6 {
+		import none;
+		export filter {
+			if is_default6() then accept;
+			reject;
+		};
+		table ffrl6;
+	};
+    kernel table 42;
+};
+
+# BGP Template für Rheinland Peerings
+template bgp ffrl_uplink4 {
+    local as ffmyk_as;
+    ipv4 {
+		table ffrl4;
+		import keep filtered;
+		import filter ebgp_ffrl_import_filter4;
+		export filter ebgp_ffrl_export_filter4;
+		next hop self;
+	};
+    direct;
+};
+
+template bgp ffrl_uplink6 {
+    local as ffmyk_as;
+    ipv6 {
+		table ffrl6;
+		import keep filtered;
+		import filter ebgp_ffrl_import_filter6;
+		export filter ebgp_ffrl_export_filter6;
+		next hop self;
+	};
+    direct;
+};
+
+{% for peer in ffrl_peers %}
+protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
+    source address {{ peer.ip4 }};
+    neighbor {{ peer.peer_ip4 }} as 201701;
+};
+
+protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
+    source address {{ peer.ip6 }};
+    neighbor {{ peer.peer_ip6 }} as 201701;
+}
+
+{% endfor %}