blob: c609a5b5c98ee0551dd76cce3e96eb51a0f91f82 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
timeformat protocol iso long;
#log "bird.log" all;
# debug protocols all;
define ffrl_nat_address = {{ ffrl_ip4 }};
define ffmyk_as = 65032; # private AS of ffmyk
define ffrl_as = 201701; # public AS of rheinland
router id ffrl_nat_address;
ipv4 table ffrl4;
ipv6 table ffrl6;
function is_default4() {
return net ~ [
0.0.0.0/0
];
}
function is_default6() {
return net ~ [
::/0
];
}
function is_ffrl_nat4() {
return net ~ [
{{ ffrl_ip4 }}/32
];
}
function is_ffrl_public_nets6() {
return net ~ [
2a03:2260:1016::/48{48,56}
];
}
function is_ffrl_tunnel_nets4() {
return net ~ [
100.64.0.0/10
];
}
function is_ffrl_tunnel_nets6() {
return net ~ [
2a03:2260:0::/48
];
}
# BGP Import Filter für Rheinland
filter ebgp_ffrl_import_filter4 {
if is_default4() then accept;
reject;
}
# BGP Export Filter für Rheinland
filter ebgp_ffrl_export_filter4 {
if is_ffrl_nat4() then accept;
reject;
}
filter ebgp_ffrl_import_filter6 {
if is_default6() then accept;
reject;
}
filter ebgp_ffrl_export_filter6 {
if is_ffrl_public_nets6() then accept;
reject;
}
protocol device {
scan time 10;
}
# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
protocol static ffrl_uplink_hostroute4 {
ipv4 { table ffrl4; };
route {{ ffrl_ip4 }}/32 reject;
}
protocol static ffrl_public_routes6 {
ipv6 { table ffrl6; };
route 2a03:2260:1016::/48 reject;
route {{ wireguard_vpn_client_range }} reject;
}
# Wir legen die Transfernetze in die interne BIRD Routing Table
#protocol direct {
# ipv4;
# table ffrl4;
# interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %};
# import where is_ffrl_tunnel_nets4();
#}
# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
protocol kernel kernel_ffrl4 {
scan time 30;
ipv4 {
import none;
export filter {
krt_prefsrc = ffrl_nat_address;
accept;
};
table ffrl4;
};
kernel table 42;
};
protocol kernel kernel_ffrl6 {
scan time 30;
ipv6 {
import none;
export filter {
if is_default6() then accept;
reject;
};
table ffrl6;
};
kernel table 42;
};
# BGP Template für Rheinland Peerings
template bgp ffrl_uplink4 {
local as ffmyk_as;
ipv4 {
table ffrl4;
import keep filtered;
import filter ebgp_ffrl_import_filter4;
export filter ebgp_ffrl_export_filter4;
next hop self;
};
direct;
};
template bgp ffrl_uplink6 {
local as ffmyk_as;
ipv6 {
table ffrl6;
import keep filtered;
import filter ebgp_ffrl_import_filter6;
export filter ebgp_ffrl_export_filter6;
next hop self;
};
direct;
};
{% for peer in ffrl_peers %}
protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
source address {{ peer.ip4 }};
neighbor {{ peer.peer_ip4 }} as 201701;
};
protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
source address {{ peer.ip6 }};
neighbor {{ peer.peer_ip6 }} as 201701;
}
{% endfor %}
|
