diff --git a/bird.conf b/bird.conf index 6ffbf2c..d8fe7ed 100644 --- a/bird.conf +++ b/bird.conf @@ -24,6 +24,6 @@ protocol direct { ipv4; ipv6; - interface "virbr*", "wg-*", "sit-*", "idrac", "eno*", "tobi", "manu"; + interface "virbr*", "wg-*", "sit-*", "idrac", "eno*", "tobi", "manu", "tun*"; } diff --git a/filters/common.conf b/filters/common.conf index de9aef1..cf24c33 100644 --- a/filters/common.conf +++ b/filters/common.conf @@ -10,14 +10,16 @@ function is_mine_ripe() { return net ~ [ 2a09:11c0:200::/44+, 2a0e:97c7:100::/44+, - 2a09:4c2:1b::/48+ + 2a09:4c2:1b::/48+, + 31.47.232.64/29+, # meerfarbig + 141.98.136.128/29+ # level66 ]; } function is_mine_dn42() { return net ~ [ - 172.23.156.0/23, - fd42:4dd0:ff00::/48 + 172.23.156.0/23+, + fd42:4dd0:ff00::/48+ ]; } diff --git a/filters/dn42.conf b/filters/dn42.conf index 2523099..fbe8caa 100644 --- a/filters/dn42.conf +++ b/filters/dn42.conf @@ -14,6 +14,11 @@ function dn42_import_v4() { ok = true; + if bgp_path ~ [= * 4242421331 * =] then reject; + + if is_mine_dn42() then + ok = false; + if ! is_dn42() then ok = false; @@ -22,7 +27,7 @@ function dn42_import_v4() else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then bgp_large_community.add(informational_rpki_unknown); else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then { - print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last, " from ", proto; + print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto; bgp_large_community.add(informational_rpki_invalid); ok = false; } @@ -37,6 +42,11 @@ function dn42_import_v6() { ok = true; + if bgp_path ~ [= * 4242421331 * =] then reject; + + if is_mine_dn42() then + ok = false; + if ! is_dn42() then ok = false; @@ -45,7 +55,7 @@ function dn42_import_v6() else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then bgp_large_community.add(informational_rpki_unknown); else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then { - print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last, " from ", proto; + print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto; bgp_large_community.add(informational_rpki_invalid); ok = false; } @@ -60,7 +70,7 @@ function dn42_export_v4() { ok = true; - if ! is_mine_dn42() then + if ! is_dn42() then ok = false; return ok; @@ -71,7 +81,7 @@ function dn42_export_v6() { ok = true; - if ! is_mine_dn42() then + if ! is_dn42() then ok = false; return ok; diff --git a/filters/ibgp.conf b/filters/ibgp.conf index 851fa96..944bf05 100644 --- a/filters/ibgp.conf +++ b/filters/ibgp.conf @@ -36,8 +36,11 @@ function ibgp_import_v6() { ok = true; - if ! is_mine() then + if net = ::/0 then ok = false; +# if ! is_mine() then +# ok = false; + return ok; } diff --git a/filters/idfx.conf b/filters/idfx.conf new file mode 100644 index 0000000..e4a5f1d --- /dev/null +++ b/filters/idfx.conf @@ -0,0 +1,11 @@ +function is_idfx() { + return net ~ [ + 10.1.0.0/16{19,24}, # iiidefix internal + 10.42.0.0/16{19,24}, # iiidefix friends + 194.127.157.224/27{27,32}, # MKD net + 148.251.17.70/32, # defks1 + 85.214.96.242/32, # deber1 + fdb0:4339::/32{48,64}, # iiidefix v6 + 2a09:11c0:20f:100::/56{56,64} + ]; +} diff --git a/protocols/4ixp.conf b/protocols/4ixp.conf index e6ffc46..aaf96af 100644 --- a/protocols/4ixp.conf +++ b/protocols/4ixp.conf @@ -1,5 +1,23 @@ -template bgp ixp_ch from ebgp_peer_v6 { - local 2001:7f8:d0:4b42::45; +template bgp ixp_ch_v4 from ebgp_peer_v4 { + local 185.1.125.152; + neighbor as 35708; + + ipv4 { + export filter { + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + + if ebgp_export_v4() then + accept; + else + reject; + }; + }; +} + +template bgp ixp_ch_v6 from ebgp_peer_v6 { + local 2001:7f8:d0:b901::7d98; neighbor as 35708; ipv6 { @@ -7,7 +25,6 @@ template bgp ixp_ch from ebgp_peer_v6 { bgp_path = prepend(bgp_path, my_ripe_asn); bgp_path = prepend(bgp_path, my_ripe_asn); bgp_path = prepend(bgp_path, my_ripe_asn); - bgp_path = prepend(bgp_path, my_ripe_asn); if ebgp_export_v6() then accept; @@ -17,20 +34,33 @@ template bgp ixp_ch from ebgp_peer_v6 { }; } -protocol bgp ixp_ch_rs1 from ixp_ch { - description "4IXP Routeserver 1"; +protocol bgp ixp_ch_rs1_v4 from ixp_ch_v4 { + description "4IXP Zürich: RS1 (v4)"; + + neighbor 185.1.125.1; +} + +protocol bgp ixp_ch_rs2_v4 from ixp_ch_v4 { + description "4IXP Zürich: RS1 24)"; + + neighbor 185.1.125.2; +} + +protocol bgp ixp_ch_rs1_v6 from ixp_ch_v6 { + description "4IXP Zürich: RS1 (v6)"; neighbor 2001:7f8:d0:b901::7d01; } -protocol bgp ixp_ch_rs2 from ixp_ch { - description "4IXP Routeserver 2"; +protocol bgp ixp_ch_rs2_v6 from ixp_ch_v6 { + description "4IXP Zürich: RS2 (v6)"; neighbor 2001:7f8:d0:b901::7d02; } -protocol bgp ixp_ch_transit1 from ixp_ch { - description "4b42 transit at 4IXP"; +# Peering +protocol bgp ixp_ch_4b42_v6 from ixp_ch_v6 { + description "4IXP Zürich: 4b42 (v6)"; neighbor 2001:7f8:d0:b901::7dfe as 60474; } diff --git a/protocols/bfd.conf b/protocols/bfd.conf new file mode 100644 index 0000000..3afeb2b --- /dev/null +++ b/protocols/bfd.conf @@ -0,0 +1,6 @@ +protocol bfd bfd1 { + + interface "wg-*" { + + }; +} diff --git a/protocols/decix.conf b/protocols/decix.conf index e6a5d73..c7f0f3d 100644 --- a/protocols/decix.conf +++ b/protocols/decix.conf @@ -22,7 +22,7 @@ template bgp decix_fra_v4 from decix_v4 { template bgp decix_dus_v4 from decix_v4 { neighbor as 56890; - local 185.1.58.221; + local 185.1.170.221; } template bgp decix_ham_v4 from decix_v4 { @@ -64,25 +64,25 @@ template bgp decix_muc_v6 from decix_v6 { # Frankfurt protocol bgp decix_fra_rs1_v4 from decix_fra_v4 { - description "DE-CIX Frankfurt RS1 (v4)"; + description "DE-CIX Frankfurt: RS1 (v4)"; neighbor 80.81.192.157; } protocol bgp decix_fra_rs1_v6 from decix_fra_v6 { - description "DE-CIX Frankfurt RS1"; + description "DE-CIX Frankfurt: RS1 (v6)"; neighbor 2001:7f8::1a27:5051:c09d; } protocol bgp decix_fra_rs2_v6 from decix_fra_v6 { - description "DE-CIX Frankfurt RS2"; + description "DE-CIX Frankfurt: RS2 (v6)"; neighbor 2001:7f8::1a27:5051:c19d; } protocol bgp decix_fra_bh_v6 from decix_fra_v6 { - description "DE-CIX Frankfurt Blackholing"; + description "DE-CIX Frankfurt: Blackholing (v6)"; neighbor 2001:7f8::1a27:5051:c09e; @@ -93,93 +93,306 @@ protocol bgp decix_fra_bh_v6 from decix_fra_v6 { # Hamburg protocol bgp decix_ham_rs1_v4 from decix_ham_v4 { - description "DE-CIX Hamburg RS1 (v4)"; + description "DE-CIX Hamburg: RS1 (v4)"; neighbor 80.81.203.252; } protocol bgp decix_ham_rs2_v4 from decix_ham_v4 { - description "DE-CIX Hamburg RS2 (v4)"; + description "DE-CIX Hamburg: RS2 (v4)"; neighbor 80.81.203.253; } protocol bgp decix_ham_rs1_v6 from decix_ham_v6 { - description "DE-CIX Hamburg RS1 (v6)"; + description "DE-CIX Hamburg: RS1 (v6)"; neighbor 2001:7f8:3d::a8f4:0:1; } protocol bgp decix_ham_rs2_v6 from decix_ham_v6 { - description "DE-CIX Hamburg RS2 (v6)"; + description "DE-CIX Hamburg: RS2 (v6)"; neighbor 2001:7f8:3d::a8f4:0:2; } # Düsseldorf protocol bgp decix_dus_rs1_v4 from decix_dus_v4 { - description "DE-CIX Düsseldorf RS1 (v4)"; + description "DE-CIX Düsseldorf: RS1 (v4)"; - neighbor 185.1.58.252; + neighbor 185.1.170.252; } protocol bgp decix_dus_rs2_v4 from decix_dus_v4 { - description "DE-CIX Düsseldorf RS2 (v4)"; + description "DE-CIX Düsseldorf: RS2 (v4)"; - neighbor 185.1.58.253; + neighbor 185.1.171.252; } protocol bgp decix_dus_rs1_v6 from decix_dus_v6 { - description "DE-CIX Düsseldorf RS1 (v6)"; + description "DE-CIX Düsseldorf: RS1 (v6)"; neighbor 2001:7f8:9e::de3a:fc:1; } protocol bgp decix_dus_rs2_v6 from decix_dus_v6 { - description "DE-CIX Düsseldorf RS2 (v6)"; + description "DE-CIX Düsseldorf: RS2 (v6)"; neighbor 2001:7f8:9e::de3a:fd:1; } # München protocol bgp decix_muc_rs1_v4 from decix_muc_v4 { - description "DE-CIX München RS1 (v4)"; + description "DE-CIX München: RS1 (v4)"; neighbor 80.81.202.252; } protocol bgp decix_muc_rs2_v4 from decix_muc_v4 { - description "DE-CIX München RS2 (v4)"; + description "DE-CIX München: RS2 (v4)"; neighbor 80.81.202.253; } protocol bgp decix_muc_rs1_v6 from decix_muc_v6 { - description "DE-CIX München RS1 (v6)"; + description "DE-CIX München: RS1 (v6)"; neighbor 2001:7f8:44::b87c:0:1; } protocol bgp decix_muc_rs2_v6 from decix_muc_v6 { - description "DE-CIX München RS2 (v6)"; + description "DE-CIX München: RS2 (v6)"; neighbor 2001:7f8:44::b87c:0:2; } +# +# Public Peerings + +# HE protocol bgp decix_fra_he_v6 from decix_fra_v6 { description "DE-CIX Frankfurt: Hurricane Electric (v6)"; neighbor 2001:7f8::1b1b:0:1 as 6939; } -protocol bgp decix_muc_facebook_1_v6 from decix_muc_v6 { - description "DE-CIX Frankurt: Facebook /1"; +# Facebook +protocol bgp decix_muc_facebook_rs1_v6 from decix_muc_v6 { + description "DE-CIX Mün: Facebook RS2 (v6)"; neighbor 2001:7f8:44::80a6:0:1 as 32934; } -protocol bgp decix_muc_facebook_2_v6 from decix_muc_v6 { - description "DE-CIX Frankurt: Facebook /1"; +protocol bgp decix_muc_facebook_rs2_v6 from decix_muc_v6 { + description "DE-CIX München: Facebook: RS2 (v6)"; neighbor 2001:7f8:44::80a6:0:2 as 32934; } + +# Asympto +protocol bgp decix_fra_asympto_v4 from decix_fra_v4 { + description "DE-CIX Frankfurt: Asympto (v4)"; + + neighbor 80.81.196.144 as 39533; + + ipv4 { + import limit 100000; + + export filter { + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + + if ebgp_export_v4() then + accept; + else + reject; + }; + + preference 80; + }; +} + +protocol bgp decix_fra_asympto_v6 from decix_fra_v6 { + description "DE-CIX Frankfurt: Asympto (v6)"; + + neighbor 2001:7f8::9a6d:0:2 as 39533; + + ipv6 { + import limit 100000; + + export filter { + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + + if ebgp_export_v6() then + accept; + else + reject; + }; + + preference 80; + }; +} + +# Cloudflare +protocol bgp decix_fra_cloudflare_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Cloudflare (v4)"; + + neighbor 80.81.194.180 as 13335; +} + +protocol bgp decix_fra_cloudflare_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Cloudflare (v6)"; + + neighbor 2001:7f8::3417:0:1 as 13335; +} + +# Akamai +protocol bgp decix_fra_akamai_rs1_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Akamai RS1 (v4)"; + + neighbor 80.81.192.28 as 20940; +} + +protocol bgp decix_fra_akamai_rs2_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Akamai RS2 (v4)"; + + neighbor 80.81.192.168 as 20940; +} + +protocol bgp decix_fra_akamai_rs3_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Akamai RS3 (v4)"; + + neighbor 80.81.195.168 as 20940; +} + +protocol bgp decix_fra_akamai_rs1_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Akamai RS1 (v6)"; + + neighbor 2001:7f8::51cc:0:28 as 20940; +} + +protocol bgp decix_fra_akamai_rs2_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Akamai RS2 (v6)"; + + neighbor 2001:7f8::51cc:0:168 as 20940; +} + +protocol bgp decix_fra_akamai_rs3_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Akamai RS3 (v6)"; + + neighbor 2001:7f8::51cc:1:168 as 20940; +} + +# Apple +protocol bgp decix_fra_apple_rs1_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Apple RS1 (v4)"; + + neighbor 80.81.193.202 as 714; +} + +protocol bgp decix_fra_apple_rs2_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Apple RS2 (v4)"; + + neighbor 80.81.193.223 as 714; +} + +protocol bgp decix_fra_apple_rs3_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Apple RS3 (v4)"; + + neighbor 80.81.194.171 as 714; +} + +protocol bgp decix_fra_apple_rs4_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: Apple RS4 (v4)"; + + neighbor 80.81.194.161 as 714; +} + +protocol bgp decix_fra_apple_rs1_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Apple RS1 (v6)"; + + neighbor 2001:7f8::2ca:0:1 as 714; +} + +protocol bgp decix_fra_apple_rs2_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Apple RS2 (v6)"; + + neighbor 2001:7f8::2ca:0:2 as 714; +} + +protocol bgp decix_fra_apple_rs3_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Apple RS3 (v6)"; + + neighbor 2001:7f8::2ca:0:3 as 714; +} + +protocol bgp decix_fra_apple_rs4_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: Apple RS4 (v6)"; + + neighbor 2001:7f8::2ca:0:4 as 714; +} + +# DFN Frankfurt +protocol bgp decix_fra_dfn_rs1_v4 from decix_fra_v4 { + description "DE-CIX Frankurt: DFN RS1 (v4)"; + + neighbor 80.81.192.222 as 680; + + ipv4 { + import limit 800; + }; + + password "the3eeNu"; +} + +protocol bgp decix_fra_dfn_rs1_v6 from decix_fra_v6 { + description "DE-CIX Frankurt: DFN RS1 (v6)"; + + neighbor 2001:7f8::2a8:0:1 as 680; + + ipv6 { + import limit 100; + }; + + password "the3eeNu"; +} + +# DFN Hamburg +template bgp decix_ham_dfn_v4 from decix_ham_v4 { + + ipv4 { + import limit 800; + }; + + password "the3eeNu"; + + neighbor as 680; +} + +template bgp decix_ham_dfn_v6 from decix_ham_v6 { + + ipv6 { + import limit 100; + }; + + password "the3eeNu"; + + neighbor as 680; +} + +protocol bgp decix_ham_dfn_rs1_v4 from decix_ham_dfn_v4 { + description "DE-CIX Hamburg: DFN RS1 (v4)"; + + neighbor 80.81.203.118; +} + +protocol bgp decix_ham_dfn_rs1_v6 from decix_ham_dfn_v6 { + description "DE-CIX Hamburg: DFN RS1 (v6)"; + + neighbor 2001:7f8:3d::2a8:0:1; +} diff --git a/protocols/dn42/grc.conf b/protocols/dn42/grc.conf index 527911e..ff90590 100644 --- a/protocols/dn42/grc.conf +++ b/protocols/dn42/grc.conf @@ -35,7 +35,7 @@ protocol bgp dn42_grc_import { local fd42:4dd0:ff00::1:1 as my_dn42_asn; neighbor fd42:4242:2601:ac12::1 as 4242422602; - # mrtdump all; + mrtdump all; multihop; ipv4 { diff --git a/protocols/dn42/grc_mrtdump.conf b/protocols/dn42/grc_mrtdump.conf index e0fef3e..f47f379 100644 --- a/protocols/dn42/grc_mrtdump.conf +++ b/protocols/dn42/grc_mrtdump.conf @@ -1 +1 @@ -mrtdump "/mnt/mrt/bird/today/msgs_dn42_grc_2020-05-02.mrt"; +#mrtdump "/mnt/mrt/bird/msgs_dn42_grc_2020-05-08.mrt"; diff --git a/protocols/dn42/idfx.conf b/protocols/dn42/idfx.conf new file mode 100644 index 0000000..20b028f --- /dev/null +++ b/protocols/dn42/idfx.conf @@ -0,0 +1,18 @@ +template bgp dn42_idfx from dn42_peer_v46 { + neighbor port 1179 as 4242422345; + local port 1179; +} + +protocol bgp dn42_idfx_derhr1 from dn42_idfx { + description "dn42: idfx-derhr1"; + + local fd42:4dd0:ff00::4; + neighbor fdb0:4339:ffff::106; +} + +protocol bgp dn42_idfx_uslxa1 from dn42_idfx { + description "dn42: idfx-uslxa1"; + + local fd42:4dd0:ff00::5; + neighbor fdb0:4339:ffff::108; +} diff --git a/protocols/dn42/kioubit.conf b/protocols/dn42/kioubit.conf new file mode 100644 index 0000000..003b2c4 --- /dev/null +++ b/protocols/dn42/kioubit.conf @@ -0,0 +1,17 @@ +protocol bgp dn42_kioubit_v4 from dn42_peer_v4 { + description "dn42: kioubit (v4)"; + + interface "wg-kioubit"; + + local 172.23.156.71; + neighbor 172.20.53.97 as 4242423914; +} + +protocol bgp dn42_kioubit_v6 from dn42_peer_v6 { + description "dn42: kioubit (v6)"; + + interface "wg-kioubit"; + + local fe80::1337; + neighbor fe80::ade0 as 4242423914; +} diff --git a/protocols/dn42/tchekda.conf b/protocols/dn42/tchekda.conf deleted file mode 100644 index 39d6dd0..0000000 --- a/protocols/dn42/tchekda.conf +++ /dev/null @@ -1,6 +0,0 @@ -protocol bgp dn42_tchekda from dn42_peer_v46 { - description "dn42: tchekda"; - - local fd42:4dd0:ff00::2; - neighbor fd54:fe4b:9ed1:4::1 as 4242421722; -} diff --git a/protocols/evix.conf b/protocols/evix.conf index a102ac8..303cc6b 100644 --- a/protocols/evix.conf +++ b/protocols/evix.conf @@ -1,15 +1,15 @@ -template bgp evix from ebgp_peer_v6 { +template bgp evix_v6 from ebgp_peer_v6 { local 2602:fed2:fff:ffff::233; } -protocol bgp evix_rs1 from evix { - description "EVIX RS1"; +protocol bgp evix_rs1_v6 from evix_v6 { + description "EVIX Amsterdam: RS1 (v6)"; neighbor 2602:fed2:fff:ffff::1 as 137933; } -protocol bgp evix_rs2 from evix { - description "EVIX RS2"; +protocol bgp evix_rs2_v6 from evix_v6 { + description "EVIX Amsterdam: RS2 (v6)"; neighbor 2602:fed2:fff:ffff::253 as 209762; } diff --git a/protocols/ibgp.conf b/protocols/ibgp.conf index 76d23ef..51e0664 100644 --- a/protocols/ibgp.conf +++ b/protocols/ibgp.conf @@ -1,9 +1,12 @@ template bgp rr_clients { local as my_ripe_asn; neighbor as my_ripe_asn; + rr client; rr cluster id 172.23.156.3; + direct; + ipv4 { import keep filtered; import where ibgp_import_v4(); @@ -19,11 +22,22 @@ template bgp rr_clients { }; } -protocol bgp lian from rr_clients { - description "iBGP: lian.0l.de"; +protocol bgp moon from rr_clients { + description "iBGP: moon.0l.de"; local 2a09:11c0:200::14; neighbor 2a09:11c0:200::2; + + bfd yes; +} + +protocol bgp rpi from rr_clients { + description "iBGP: rpi.home.0l.de"; + + local 2a09:11c0:200::14; + neighbor 2a09:11c0:200::3; + + bfd yes; } protocol bgp acs from rr_clients { @@ -31,4 +45,6 @@ protocol bgp acs from rr_clients { local 2a09:11c0:200::7; neighbor 2a09:11c0:200::6; + + bfd yes; } diff --git a/protocols/idfx.conf b/protocols/idfx.conf new file mode 100644 index 0000000..5e9d3d9 --- /dev/null +++ b/protocols/idfx.conf @@ -0,0 +1,40 @@ +template bgp idfx { + local as my_ripe_asn; + + ipv4 { + import keep filtered; + import where is_idfx(); + + export filter { + if !is_mine() then + reject; + + if source = RTS_STATIC || source = RTS_DEVICE then + bgp_local_pref = 200; + + accept; + }; + }; + + ipv6 { + import keep filtered; + import where is_idfx(); + export where is_mine(); + }; + + allow bgp_local_pref yes; +} + +protocol bgp idfx_derhr1 from idfx { + description "iBGP: idfx-derhr1"; + + local fd42:4dd0:ff00::4; + neighbor fdb0:4339:ffff::106 as 4243390106; +} + +protocol bgp idfx_uslxa1 from idfx { + description "iBGP: idfx-uslxa1"; + + local fd42:4dd0:ff00::5; + neighbor fdb0:4339:ffff::108 as 4243390108; +} diff --git a/protocols/kleyrex.conf b/protocols/kleyrex.conf index 31b8093..5b574fb 100644 --- a/protocols/kleyrex.conf +++ b/protocols/kleyrex.conf @@ -1,4 +1,15 @@ -template bgp kleyrex_fra from ebgp_peer_v6 { +template bgp kleyrex_fra_v4 from ebgp_peer_v4 { + local 193.189.83.14; + neighbor as 31142; + + ipv4 { + preference 120; + }; + + graceful restart on; +} + +template bgp kleyrex_fra_v6 from ebgp_peer_v6 { local 2001:7f8:33::A120:7613:1; neighbor as 31142; @@ -9,26 +20,40 @@ template bgp kleyrex_fra from ebgp_peer_v6 { graceful restart on; } -protocol bgp kleyrex_fra_rs1 from kleyrex_fra { - description "KleyRex FRA RS1"; +protocol bgp kleyrex_fra_rs1_v6 from kleyrex_fra_v6 { + description "KleyRex Frankfurt: RS1 (v6)"; neighbor 2001:7f8:33::a103:1142:1; } -protocol bgp kleyrex_fra_rs2 from kleyrex_fra { - description "KleyRex FRA RS2"; +protocol bgp kleyrex_fra_rs2_v6 from kleyrex_fra_v6 { + description "KleyRex Frankfurt: RS2 (v6)"; neighbor 2001:7f8:33::a103:1142:2; } -protocol bgp kleyrex_fra_rs3 from kleyrex_fra { - description "KleyRex FRA RS3"; +protocol bgp kleyrex_fra_rs3_v6 from kleyrex_fra_v6 { + description "KleyRex Frankfurt: RS3 (v6)"; neighbor 2001:7f8:33::a103:1142:3; } -protocol bgp kleyrex_fra_42b4 from kleyrex_fra { - description "KleyRex FRA 42b4"; +# Public Peerings +# + +# 4b42 +protocol bgp kleyrex_fra_4b42_v4 from kleyrex_fra_v4 { + description "KleyRex Frankfurt: 4b42 (v4)"; + + ipv4 { + preference 50; + }; + + neighbor 193.189.82.80 as 60474; +} + +protocol bgp kleyrex_fra_4b42_v6 from kleyrex_fra_v6 { + description "KleyRex Frankfurt: 4b42 (v6)"; ipv6 { preference 50; @@ -37,8 +62,16 @@ protocol bgp kleyrex_fra_42b4 from kleyrex_fra { neighbor 2001:7f8:33::a106:474:1 as 60474; } -protocol bgp kleyrex_fra_ifog from kleyrex_fra { - description "KleyRex FRA iFog"; +# VNP Digital +protocol bgp kleyrex_fra_vnp_v4 from kleyrex_fra_v4 { + description "KleyRex Frankfurt: VNP Digital (v4)"; - neighbor 2001:7f8:33::a103:4927:1 as 34927; + neighbor 193.189.82.10 as 208976; } + +protocol bgp kleyrex_fra_vnp_v6 from kleyrex_fra_v6 { + description "KleyRex Frankfurt: VNP Digital (v6)"; + + neighbor 2001:7f8:33::A120:8976:1 as 208976; +} + diff --git a/protocols/locix.conf b/protocols/locix.conf index 10345d7..c6592bd 100644 --- a/protocols/locix.conf +++ b/protocols/locix.conf @@ -1,3 +1,14 @@ +template bgp locix_fra_v4 from ebgp_peer_v4 { + local 185.1.166.174; + neighbor as 202409; + + ipv4 { + preference 110; + }; + + graceful restart on; +} + template bgp locix_fra_v6 from ebgp_peer_v6 { local 2001:7f8:f2:e1:0:a520:7613:1; neighbor as 202409; @@ -9,34 +20,61 @@ template bgp locix_fra_v6 from ebgp_peer_v6 { graceful restart on; } -protocol bgp locix_fra_rs1 from locix_fra_v6 { - description "LocIX Frankfurt RS1"; +protocol bgp locix_fra_rs1_v6 from locix_fra_v6 { + description "LocIX Frankfurt: RS1 (v6)"; neighbor 2001:7f8:f2:e1::babe:1; } -protocol bgp locix_fra_rs2 from locix_fra_v6 { - description "LocIX Frankfurt RS2"; +protocol bgp locix_fra_rs2_v6 from locix_fra_v6 { + description "LocIX Frankfurt: RS2 (v6)"; neighbor 2001:7f8:f2:e1::dead:1; } -protocol bgp locix_fra_rs3 from locix_fra_v6 { - description "LocIX Frankfurt RS3"; +protocol bgp locix_fra_rs3_v6 from locix_fra_v6 { + description "LocIX Frankfurt: RS3 (v6)"; neighbor 2001:7f8:f2:e1::be5a; } -protocol bgp locix_fra_ifog from locix_fra_v6 { - description "LocIX Frankfurt iFog"; +# iFog.ch +protocol bgp locix_fra_ifog_v4 from locix_fra_v4 { + description "LocIX Frankfurt: iFog (v4)"; + + neighbor 185.1.166.134 as 34927; + + ipv4 { + preference 90; # max MTU < 1500 ?:( + }; +} + +protocol bgp locix_fra_ifog_v6 from locix_fra_v6 { + description "LocIX Frankfurt: iFog (v6)"; neighbor 2001:7f8:f2:e1:0:a120:4927:1 as 34927; + + ipv6 { + preference 90; # max MTU < 1500 ?:( + }; } -protocol bgp locix_fra_as112 from locix_fra_v6 { - description "LocIX Frankfurt: AS112"; +# AS112 +protocol bgp locix_fra_as112_v6 from locix_fra_v6 { + description "LocIX Frankfurt: AS112 (v6)"; neighbor 2001:7f8:f2:e1::112 as 112; - - disabled yes; +} + +# Nato Research Ltd. +protocol bgp locix_fra_nato_v4 from locix_fra_v4 { + description "LocIX Frankfurt: Nato Research Ltd"; + + neighbor 185.1.166.227 as 46997; +} + +protocol bgp locix_fra_nato_v6 from locix_fra_v6 { + description "LocIX Frankfurt: Nato Research Ltd"; + + neighbor 2001:7f8:f2:e1:0:a4:6997:1 as 46997; } diff --git a/protocols/meerfarbig.conf b/protocols/meerfarbig.conf index c23ee7d..8eb7d27 100644 --- a/protocols/meerfarbig.conf +++ b/protocols/meerfarbig.conf @@ -1,5 +1,5 @@ protocol bgp meerfarbig from ebgp_peer_v6 { - description "meerfarbig"; + description "meerfarbig (v6)"; local 2a00:f820:457::2; neighbor 2a00:f820:457::1 as 34549; diff --git a/protocols/mrt.conf b/protocols/mrt.conf index 2b34070..622ba67 100644 --- a/protocols/mrt.conf +++ b/protocols/mrt.conf @@ -1,10 +1,10 @@ protocol mrt { description "MRT Dumper"; + disabled yes; + table "dn42_grc_*"; where source = RTS_BGP; - filename "/mnt/mrt/bird/today/rib_%N_%F_%T.mrt"; + filename "/mnt/mrt/bird/%N_%F_%T.mrt"; period 300; - - disabled yes; } diff --git a/protocols/openfactory.conf b/protocols/openfactory.conf new file mode 100644 index 0000000..780273c --- /dev/null +++ b/protocols/openfactory.conf @@ -0,0 +1,20 @@ +protocol bgp tb_openfactory from ebgp_peer_v6 { + description "Openfactory Freetransit"; + + local 2a01:20e:1000:133::2; + neighbor 2a01:20e:1000:133::1 as 41051; + + ipv6 { + preference 80; + + export filter { + bgp_path = prepend(bgp_path, my_ripe_asn); + bgp_path = prepend(bgp_path, my_ripe_asn); + + if ebgp_export_v6() then + accept; + else + reject; + }; + }; +} diff --git a/protocols/static.conf b/protocols/static.conf index 24e8642..00fb087 100644 --- a/protocols/static.conf +++ b/protocols/static.conf @@ -7,7 +7,7 @@ protocol static static_v4 { route 31.47.232.67/32 via "virbr1"; - # hap.0l.de + # hap-0.0l.de route 31.47.232.68/32 via "virbr1"; @@ -27,8 +27,8 @@ protocol static static_v4 { reject; # Marienstrasse - #route 192.168.178.0/24 - # via 172.23.156.9; + route 192.168.178.0/24 + via 172.23.156.9; route 0.0.0.0/0 via 31.47.232.65; @@ -42,6 +42,10 @@ protocol static static_v6 { # NAT64 route 2a09:11c0:201::/96 reject; + # Docker on fedora-ws.edgy.vms.0l.de + route 2a09:11c0:200:1100::/64 + via 2a09:11c0:200:101:5054:ff:fe99:c5c4; + route ::/0 reject; } @@ -51,6 +55,8 @@ protocol static static_ebgp_v6 { }; # My own prefixes for eBGP announcement + route 2a09:11c0:203::/48 reject; + route 2a0e:97c7:100::/44 reject; route 2a09:11c0:200::/44 reject; route 2a09:4c2:1b::/48 reject; @@ -62,8 +68,8 @@ protocol static static_ebgp_v4 { }; # For wireguard - route 31.47.232.64/29 via "eno1"; route 0.0.0.0/0 via 31.47.232.65; + route 31.47.232.64/29 via "eno1"; } protocol static static_dn42_v4 {