blob: 7e3db9298334d4c487a3b9c6ed0d1dc4500d19e3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
timeformat protocol iso long;
#log "bird.log" all;
# debug protocols all;
{% if ffrl_ip4 is defined %}
define ffrl_nat_address = {{ ffrl_ip4 }};
{% endif %}
define ffmyk_as = 65032; # private AS of ffmyk
define ffrl_as = 201701; # public AS of rheinland
{% if ffrl_ip4 is defined %}
router id ffrl_nat_address;
{% else %}
router id {{ ffrl_router_id }};
{% endif %}
{% if ffrl_ip4 is defined %}
ipv4 table ffrl4;
{% endif %}
ipv6 table ffrl6;
{% if ffrl_ip4 is defined %}
function is_default4() {
return net ~ [
0.0.0.0/0
];
}
{% endif %}
function is_default6() {
return net ~ [
::/0
];
}
{% if ffrl_ip4 is defined %}
function is_ffrl_nat4() {
return net ~ [
{{ ffrl_ip4 }}/32
];
}
{% endif %}
function is_ffrl_public_nets6() {
return net ~ [
2a03:2260:1016::/48{48,56}
];
}
{% if ffrl_ip4 is defined %}
function is_ffrl_tunnel_nets4() {
return net ~ [
100.64.0.0/10
];
}
{% endif %}
function is_ffrl_tunnel_nets6() {
return net ~ [
2a03:2260:0::/48
];
}
{% if ffrl_ip4 is defined %}
# BGP Import Filter für Rheinland
filter ebgp_ffrl_import_filter4 {
if is_default4() then accept;
reject;
}
# BGP Export Filter für Rheinland
filter ebgp_ffrl_export_filter4 {
if is_ffrl_nat4() then accept;
reject;
}
{% endif %}
filter ebgp_ffrl_import_filter6 {
if is_default6() then accept;
reject;
}
filter ebgp_ffrl_export_filter6 {
if is_ffrl_public_nets6() then accept;
reject;
}
protocol device {
scan time 10;
}
{% if ffrl_ip4 is defined %}
# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
protocol static ffrl_uplink_hostroute4 {
ipv4 { table ffrl4; };
route {{ ffrl_ip4 }}/32 reject;
}
{% endif %}
protocol static ffrl_public_routes6 {
ipv6 { table ffrl6; };
route 2a03:2260:1016::/48 reject;
route {{ wireguard_vpn_client_range }} reject;
}
# Wir legen die Transfernetze in die interne BIRD Routing Table
#protocol direct {
# ipv4;
# table ffrl4;
# interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %};
# import where is_ffrl_tunnel_nets4();
#}
{% if ffrl_ip4 is defined %}
# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
protocol kernel kernel_ffrl4 {
scan time 30;
ipv4 {
import none;
export filter {
krt_prefsrc = ffrl_nat_address;
accept;
};
table ffrl4;
};
kernel table 42;
};
{% endif %}
protocol kernel kernel_ffrl6 {
scan time 30;
ipv6 {
import none;
export filter {
if is_default6() then accept;
reject;
};
table ffrl6;
};
kernel table 42;
};
{% if ffrl_ip4 is defined %}
# BGP Template für Rheinland Peerings
template bgp ffrl_uplink4 {
local as ffmyk_as;
ipv4 {
table ffrl4;
import keep filtered;
import filter ebgp_ffrl_import_filter4;
export filter ebgp_ffrl_export_filter4;
next hop self;
};
direct;
};
{% endif %}
template bgp ffrl_uplink6 {
local as ffmyk_as;
ipv6 {
table ffrl6;
import keep filtered;
import filter ebgp_ffrl_import_filter6;
export filter ebgp_ffrl_export_filter6;
next hop self;
};
direct;
};
{% for peer in ffrl_peers %}
{% if ffrl_ip4 is defined %}
protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
source address {{ peer.ip4 }};
neighbor {{ peer.peer_ip4 }} as 201701;
};
{% endif %}
protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
source address {{ peer.ip6 }};
neighbor {{ peer.peer_ip6 }} as 201701;
}
{% endfor %}
|
