stv0g/bird
stv0g/bird
2
1
Fork 0
Code Issues Pull requests Releases Wiki Activity

move RPKI to protocols

Browse source
This commit is contained in:
Steffen Vogel 2020-05-03 00:25:49 +02:00
parent 33fb6a5dbf
commit c9cf5f0b68
3 changed files with 11 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bird.conf
View file

@ -12,7 +12,6 @@ include "/etc/bird/constants.conf";
include "/etc/bird/passwords.conf";
include "/etc/bird/communities.conf";
include "/etc/bird/tables.conf";
include "/etc/bird/rpki.conf";
include "/etc/bird/filters/*.conf";
include "/etc/bird/protocols/*.conf";

11
protocols/rpki.conf Normal file
View file

@ -0,0 +1,11 @@
protocol rpki {
roa6 {
table roa_v6;
};
remote "10.43.141.166" port 3323;
retry keep 90;
refresh keep 900;
expire keep 172800;
}

65
rpki.conf
View file

@ -1,65 +0,0 @@
protocol rpki {
roa6 {
table roa_v6;
};
remote "10.43.141.166" port 3323;
retry keep 90;
refresh keep 900;
expire keep 172800;
}
function filter_reason(lc rsn) {
bgp_large_community.add(rsn);
}
# RPKI tests
function is_rpki_invalid_v6() {
if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
bgp_large_community.add(informational_rpki_valid);
else if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
bgp_large_community.add(informational_rpki_unknown);
else if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;
bgp_large_community.add(informational_rpki_invalid);
return true;
}
else
bgp_large_community.add(informational_rpki_not_checked);
return false;
}
function is_rpki_invalid_dn42_v4() {
if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then
bgp_large_community.add(informational_rpki_valid);
else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
bgp_large_community.add(informational_rpki_unknown);
else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;
bgp_large_community.add(informational_rpki_invalid);
return true;
}
else
bgp_large_community.add(informational_rpki_not_checked);
return false;
}
function is_rpki_invalid_dn42_v6() {
if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
bgp_large_community.add(informational_rpki_valid);
else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
bgp_large_community.add(informational_rpki_unknown);
else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;
bgp_large_community.add(informational_rpki_invalid);
return true;
}
else
bgp_large_community.add(informational_rpki_not_checked);
return false;
}