From 99dddff8625388641b9dd84b0e87a55f5c13bc82 Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Wed, 24 Jan 2018 03:27:03 +0100 Subject: ffrl uplink and fastd split --- roles/setup_ffrl_tunnel/templates/bird.conf | 160 ++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 roles/setup_ffrl_tunnel/templates/bird.conf (limited to 'roles/setup_ffrl_tunnel/templates/bird.conf') diff --git a/roles/setup_ffrl_tunnel/templates/bird.conf b/roles/setup_ffrl_tunnel/templates/bird.conf new file mode 100644 index 0000000..df242a6 --- /dev/null +++ b/roles/setup_ffrl_tunnel/templates/bird.conf @@ -0,0 +1,160 @@ +timeformat protocol iso long; + +log "bird.log" all; +# debug protocols all; + +define ffrl_nat_address = {{ ffrl_ip4 }}; + +define ffmyk_as = 65032; # private AS of ffmyk +define ffrl_as = 201701; # public AS of rheinland + +router id ffrl_nat_address; + +ipv4 table ffrl4; +ipv6 table ffrl6; + +function is_default4() { + return net ~ [ + 0.0.0.0/0 + ]; +} + +function is_default6() { + return net ~ [ + ::/0 + ]; +} + +function is_ffrl_nat4() { + return net ~ [ + {{ ffrl_ip4 }}/32 + ]; +} + +function is_ffrl_public_nets6() { + return net ~ [ + 2a03:2260:1016::/48{48,56} + ]; +} + +function is_ffrl_tunnel_nets4() { + return net ~ [ + 100.64.0.0/10 + ]; +} + +function is_ffrl_tunnel_nets6() { + return net ~ [ + 2a03:2260:0::/48 + ]; +} + +# BGP Import Filter für Rheinland +filter ebgp_ffrl_import_filter4 { + if is_default4() then accept; + reject; +} + +# BGP Export Filter für Rheinland +filter ebgp_ffrl_export_filter4 { + if is_ffrl_nat4() then accept; + reject; +} + +filter ebgp_ffrl_import_filter6 { + if is_default6() then accept; + reject; +} + +filter ebgp_ffrl_export_filter6 { + if is_ffrl_public_nets6() then accept; + reject; +} + +protocol device { + scan time 10; +} + +# IP-NAT-Adresse legen wir in die interne BIRD Routing Table +protocol static ffrl_uplink_hostroute4 { + ipv4 { table ffrl4; }; + route {{ ffrl_ip4 }}/32 reject; +} + +protocol static ffrl_public_routes6 { + ipv6 { table ffrl6; }; + route 2a03:2260:1016::/48 reject; +} + +# Wir legen die Transfernetze in die interne BIRD Routing Table +#protocol direct { +# ipv4; +# table ffrl4; +# interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %}; +# import where is_ffrl_tunnel_nets4(); +#} + +# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl) +protocol kernel kernel_ffrl4 { + scan time 30; + ipv4 { + import none; + export filter { + krt_prefsrc = ffrl_nat_address; + accept; + }; + table ffrl4; + }; + kernel table 42; +}; + +protocol kernel kernel_ffrl6 { + scan time 30; + ipv6 { + import none; + export filter { + if is_default6() then accept; + reject; + }; + table ffrl6; + }; + kernel table 42; +}; + +# BGP Template für Rheinland Peerings +template bgp ffrl_uplink4 { + local as ffmyk_as; + ipv4 { + table ffrl4; + import keep filtered; + import filter ebgp_ffrl_import_filter4; + export filter ebgp_ffrl_export_filter4; + next hop self; + }; + direct; +}; + +template bgp ffrl_uplink6 { + local as ffmyk_as; + ipv6 { + table ffrl6; + import keep filtered; + import filter ebgp_ffrl_import_filter6; + export filter ebgp_ffrl_export_filter6; + next hop self; + }; + direct; +}; + +{% for peer in ffrl_peers %} +protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 { + source address {{ peer.ip4 }}; + neighbor {{ peer.peer_ip4 }} as 201701; +}; + +protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 { + source address {{ peer.ip6 }}; + neighbor {{ peer.peer_ip6 }} as 201701; +} + +{% endfor %} -- cgit v1.2.3-54-g00ecf