stv0g/bird
stv0g/bird
2
1
Fork 0
Code Issues Pull requests Releases Wiki Activity
bird/filters/common.conf

230 lines
5.8 KiB
Text
Raw Permalink Normal View History

initial commit for rpi.home.0l.de
2020-08-22 01:30:59 +01:00
# Sources:
# http://www.us.ntt.net/support/policy/routing.cfm#bogon
# http://as2914.net/bogon_asns/configuration_examples.txt
# https://www.de-cix.net/en/locations/germany/frankfurt/routeserver-guide
# https://archive.nanog.org/sites/default/files/Snijders_Everyday_Practical_Bgp.pdf
# http://bgpfilterguide.nlnog.net/
# https://gitlab.labs.nic.cz/labs/bird/-/wikis/BGP_filtering
function is_mine_ripe() {
return net ~ [
2a09:11c0:200::/44+,
2a0e:97c7:100::/44+,
2a09:4c2:1b::/48+,
31.47.232.64/29+
];
}
function is_mine_dn42() {
return net ~ [
172.23.156.0/23+,
fd42:4dd0:ff00::/48+
];
}
function is_mine() {
return is_mine_dn42() || is_mine_ripe();
}
# Big transit / tier 1 ASNs for "peerlock"
function is_big_asn(int asnum) {
return asnum ~ [
174, # Cogent
209, # Qwest (HE carries this on IXPs IPv6 (Jul 12 2018))
701, # UUNET
702, # UUNET
1239, # Sprint
1299, # Telia
2914, # NTT Communications
3257, # GTT Backbone
3320, # Deutsche Telekom AG (DTAG)
3356, # Level3
3549, # Level3
3561, # Savvis / CenturyLink
4134, # Chinanet
5511, # Orange opentransit
6453, # Tata Communications
6461, # Zayo Bandwidth
6762, # Seabone / Telecom Italia
7018 # AT&T
];
}
# Source: https://wiki.freifunk.net/AS-Nummern
function is_freifunk_asn(int asnum) {
return asnum ~ [ 64856..65534 ];
}
# Source: https://dn42.net/services/Whois
function is_dn42_asn(int asnum) {
return asnum ~ [ 4242420000..4242429999 ];
}
function is_bogon_asn(int asnum) {
return asnum ~ [
0, # RFC7607: Codification of AS 0 Processing
23456, # RFC6793: AS_TRANS for 32bit extendend ASN range
64496..64511, # RFC5398: Reservation for Documentation Use 16bit ASN
64512..65534, # RFC6996: Reservation for Private Use 16bit ASN
65535, # RFC7300: Reservation of Last ASNs
65536..65551, # RFC5398: Reservation for Documentation Use 32bit ASN
65552..131071, # IANA reserved ASNs https://www.mail-archive.com/uknof@lists.uknof.org.uk/msg03395.html
4200000000..4294967294, # RFC6996: Reservation for Private Use 32bit ASN
4294967295 # RFC7300: Reservation of Last ASNs
];
}
# RFC 1918
function is_private_v4() {
return net ~ [
10.0.0.0/8+,
172.16.0.0/12+,
192.168.0.0/16+
];
}
function is_private_v6() {
return net ~ [
fc00::/7+ # RFC4193: Unique-Local
];
}
function is_peering_lan_v4() {
return net ~ [
185.1.119.0/24+, # LocIX Frankfurt
80.81.192.0/21+, # DE-CIX Frankfurt
185.1.125.0/24+, # 4IXP / 4b42
206.81.104.0/24+, # EVIX
193.189.82.0/23+ # KleyRex
];
}
function is_peering_lan_v6() {
return net ~ [
2a07:1c44:61f0::/64+, # LocIX Frankfurt
2001:7f8::/64+, # DE-CIX Frankfurt
2001:7f8:d0:b901::/64+, # 4IXP / 4b42
2001:7f8:d0:4b42::/64+, # 4IXP / 4b42
2602:fed2:fff:ffff::/64, # EVIX
2001:7f8:33::/48+ # KleyRex
];
}
function is_martian_v4() {
# See RFC6890
return is_private_v4() ||
net ~ [
0.0.0.0/8+, # RFC1122: This host on this network
100.64.0.0/10+, # RFC6598: IANA-Reserved IPv4 Prefix for Shared Address Space
127.0.0.0/8+, # RFC1122: Loopback
192.18.0.0/15+, # RFC2544: Benchmarking Methodology for Network Interconnect Devices
169.254.0.0/16+, # RFC3927: Dynamic Configuration of IPv4 Link-Local Addresses
192.0.0.0/24+, # RFC6890: IETF Protocol Assignments
192.0.0.0/29+, # RFC6333: DS-Lite
192.0.2.0/24+, # RFC5737: IPv4 Address Blocks Reserved for Documentation (TEST-NET-1)
198.51.100.0/24+, # RFC5737: IPv4 Address Blocks Reserved for Documentation (TEST-NET-2)
192.88.99.0/24+, # RFC3068: 6to4 Relay Anycast
203.0.113.0/24+, # RFC5737: IPv4 Address Blocks Reserved for Documentation (TEST-NET-3)
224.0.0.0/4+, # RFC5771: IPv4 Multicast
240.0.0.0/4+, # RFC1112: Reserved for Future Use
255.255.255.255/32 # RFC0919: Limited Broadcast
];
}
function is_martian_v6() {
# See RFC6890
return is_private_v6() ||
net ~ [
::ffff:0:0/96+, # RFC4291: IPv4-mapped Address
::ffff:0:0:0/96+, # IPv4 translated
::/128, # RFC4291: Unspecified Address
::1/128, # RFC4291: Loopback Address
64:ff9b::/96+, # RFC6052: IPv4-IPv6 Translated (NAT64)
100::/64+, # RFC6666: Discard-Only Address Block
2001::/23+, # RFC2928: IETF Protocol Assignments
2001::/32+, # RFC4380: TEREDO
2001:2::/48+, # RFC5180: Benchmarking
2001:10::/28+, # RFC4843: ORCHID
2001:db8::/32+, # RFC3849: Documentation
2002::/16+, # RFC3056: 6to4
fe80::/10+, # RFC4291: Linked-Scoped Unicast
ff00::/8+ # RFC2373/3306: IPv6 Multicast
];
}
function is_default_v4() {
return net = 0.0.0.0/0;
}
function is_default_v6() {
return net ~ ::/0;
}
function is_bogon_ebgp_v4() {
if net.len > 24 then { # RFC7454
bgp_large_community.add(filtered_import_prefix_too_long);
return true;
}
if is_martian_v4() then {
return true;
}
if is_peering_lan_v4() then {
return true;
}
if bgp_path.first != my_ripe_asn then {
return true;
}
if bgp_path.len > 32 then {
bgp_large_community.add(filtered_import_as_path_too_long);
return true;
}
if net.len < 8 then { # RFC7454
bgp_large_community.add(filtered_import_prefix_too_short);
return true;
}
return false;
}
function is_bogon_ebgp_v6() {
if net.len > 48 then { # RFC7454
bgp_large_community.add(filtered_import_prefix_too_long);
return true;
}
if is_martian_v6() then
return true;
if is_peering_lan_v6() then
return true;
#if is_bogon_asn() then
# return true;
if bgp_path.first != my_ripe_asn then {
bgp_large_community.add(filtered_import_first_as_not_peer);
return true;
}
if bgp_path.len > 32 then {
bgp_large_community.add(filtered_import_as_path_too_long);
return true;
}
if net.len < 19 then { # RFC7454
bgp_large_community.add(filtered_import_prefix_too_short);
return true;
}
return false;
}
Reference in a new issue Copy permalink