stv0g/bird
stv0g/bird
2
1
Fork 0
Code Issues Pull requests Releases Wiki Activity

restructured repo

Browse source
This commit is contained in:
Steffen Vogel 2020-08-22 03:08:22 +02:00
parent ed0c07d9a5
commit ded8ee9916
9 changed files with 211 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
bird.conf
View file

@ -7,32 +7,13 @@ timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
filter ibgp_export_v4 {
if net = 178.202.247.4/32 then
reject;
accept;
}
filter ibgp_export_v6 {
accept;
}
filter ibgp_import_v4 {
krt_metric = 200;
if net = 0.0.0.0/0 then reject;
accept;
}
filter ibgp_import_v6 {
krt_metric = 200;
# if net = 0::/0 then reject;
accept;
}
include "/etc/bird/constants.conf";
include "/etc/bird/passwords.conf";
include "/etc/bird/communities.conf";
include "/etc/bird/tables.conf";
include "/etc/bird/filters/*.conf";
include "/etc/bird/templates/*.conf";
include "/etc/bird/protocols/*.conf";
protocol device {
@ -43,117 +24,3 @@ protocol direct {
ipv6;
interface "ens*", "tun*", "vpn-*";
}
protocol kernel {
ipv4 {
import all;
export where proto !~ "direct*";
};
metric 0;
learn;
}
protocol kernel {
ipv6 {
import all;
export where proto !~ "direct*";
};
metric 0;
learn;
}
protocol static {
check link yes;
route 134.61.120.0/22
via "tun0"; # ITC iDRACs
route 134.130.43.208/30
via "tun0"; # ITC deploy1-jh.itc.rwth-aachen.de
route 137.226.50.224/27
via "tun0"; # Jupyter
route 137.226.254.0/23
via "tun0"; # EONERC office network
route 134.130.48.0/24
via "tun0"; # EONERC server network
route 137.226.81.156/32
via "tun0"; # efs-itc01.eonerc.rwth-aachen.de
route 134.130.0.0/16
via 134.130.169.1
via 137.226.133.129;
route 134.61.0.0/16
via 134.130.169.1
via 137.226.133.129;
route 137.226.0.0/16
via 134.130.169.1
via 137.226.133.129;
route 192.35.229.0/24
via 134.130.169.1
via 137.226.133.129;
# lian.0l.de
route 178.202.247.4/32
via 134.130.169.1;
# via 137.226.133.129;
ipv4;
}
template bgp rr_clients {
local as 207613;
neighbor as 207613;
rr client;
rr cluster id 172.23.156.4;
ipv4 {
import keep filtered;
import filter ibgp_import_v4;
export filter ibgp_export_v4;
next hop self;
};
ipv6 {
import keep filtered;
import filter ibgp_import_v6;
export filter ibgp_export_v6;
next hop self;
};
}
protocol bgp edgy from rr_clients {
description "iBGP: edgy.int.0l.de";
local 2a09:11c0:200::6;
neighbor 2a09:11c0:200::7;
}
protocol bgp k8s_2_v4 from rr_clients {
description "iBGP: k8s-2.acs.vms.0l.de";
local 172.23.156.6;
neighbor 172.23.156.130;
ipv4 {
export none;
};
}
protocol bgp k8s_2_v6 from rr_clients {
description "iBGP: k8s-2.acs.vms.0l.de";
local 2a09:11c0:200::6;
neighbor 2a09:11c0:200:103:f0f4:8dff:fed4:d18d;
ipv6 {
export none;
};
}

54
communities.conf Normal file
View file

@ -0,0 +1,54 @@
define cymru_fullbogons = (65332, 888);
# Well-known: https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml
define wk_graceful_shutdown = (0xffff, 0x0000); # RFC8326
define wk_accept_own = (0xffff, 0x0001); # RFC7611
define wk_blackhole = (0xffff, 0x029a); # RFC7999
define wk_no_export = (0xffff, 0xff01); # RFC1997
define wk_no_advertise = (0xffff, 0xff02); # RFC1997
define wk_no_export_subconfed = (0xffff, 0xff03); # RFC1997
define wk_nopeer = (0xffff, 0xff04); # RFC3765
# See https://www.euro-ix.net/en/forixps/large-bgp-communities/
# Informational RS:1000-1999:*
## Informational tags RS:1000-1099:*
define informational_rpki_valid = (my_ripe_asn, 1000, 1);
define informational_rpki_unknown = (my_ripe_asn, 1000, 2);
define informational_rpki_not_checked = (my_ripe_asn, 1000, 3);
define informational_rpki_invalid = (my_ripe_asn, 1000, 4);
define informational_rpki_invalid_origin_as = (my_ripe_asn, 1000, 5);
define informational_rpki_invalid_max_length = (my_ripe_asn, 1000, 6);
define informational_irrdb_valid = (my_ripe_asn, 1001, 1);
define informational_irrdb_not_checked = (my_ripe_asn, 1001, 2);
define informational_irrdb_more_specific = (my_ripe_asn, 1001, 3);
define informational_irrdb_prefix_not_found_in_as_set = (my_ripe_asn, 1001, 4);
define informational_irrdb_invalid_origin_as = (my_ripe_asn, 1001, 5);
define informational_irrdb_invalid_prefix_for_origin_as = (my_ripe_asn, 1001, 6);
# Filtered reasons: RS:1100-1199:*
## Route was filtered on import RS:1101:*
define filtered_import_prefix_too_long = (my_ripe_asn, 1101, 1);
define filtered_import_prefix_too_short = (my_ripe_asn, 1101, 2);
define filtered_import_bogon_prefix = (my_ripe_asn, 1101, 3);
define filtered_import_bogon_as = (my_ripe_asn, 1101, 4);
define filtered_import_as_path_too_long = (my_ripe_asn, 1101, 5);
define filtered_import_as_path_too_short = (my_ripe_asn, 1101, 6);
define filtered_import_first_as_not_peer = (my_ripe_asn, 1101, 7);
define filtered_import_next_hop_not_peer = (my_ripe_asn, 1101, 8);
define filtered_import_irrdb_prefix_not_in_as_set = (my_ripe_asn, 1101, 9);
define filtered_import_origin_as_not_in_peer_as_set = (my_ripe_asn, 1101, 10);
define filtered_import_prefix_not_found_in_origin_as = (my_ripe_asn, 1101, 11);
define filtered_import_prefix_is_rpki_unknown = (my_ripe_asn, 1101, 12);
define filtered_import_prefix_is_rpki_invalid = (my_ripe_asn, 1101, 13);
define filtered_import_transit_free_asn_in_as_path = (my_ripe_asn, 1101, 14);
define filtered_import_too_many_bgp_communities = (my_ripe_asn, 1101, 15);
# Route was filtered on export RS:1102:*
define filtered_export_advertising_peer_declines_prefix = (my_ripe_asn, 1102, 1);
define filtered_export_declined_from_advertising_peer = (my_ripe_asn, 1102, 2);
define filtered_export_too_many_bgp_communities = (my_ripe_asn, 1102, 3);

3
constants.conf Normal file
View file

@ -0,0 +1,3 @@
define my_ripe_asn = 207613;
define my_dn42_asn = 4242422428;

26
filters/ibgp.conf Normal file
View file

@ -0,0 +1,26 @@
filter ibgp_export_v4 {
if net = 178.202.247.4/32 then
reject;
accept;
}
filter ibgp_export_v6 {
accept;
}
filter ibgp_import_v4 {
krt_metric = 200;
if net = 0.0.0.0/0 then reject;
accept;
}
filter ibgp_import_v6 {
krt_metric = 200;
# if net = 0::/0 then reject;
accept;
}

8
protocols/bfd.conf Normal file
View file

@ -0,0 +1,8 @@
protocol bfd bfd1 {
interface "wg-*" {
interval 100 ms;
authentication simple;
password pw_bfd;
};
}

51
protocols/ibgp.conf Normal file
View file

@ -0,0 +1,51 @@
template bgp rr_clients {
local as 207613;
neighbor as 207613;
rr client;
rr cluster id 172.23.156.4;
ipv4 {
import keep filtered;
import filter ibgp_import_v4;
export filter ibgp_export_v4;
next hop self;
};
ipv6 {
import keep filtered;
import filter ibgp_import_v6;
export filter ibgp_export_v6;
next hop self;
};
}
protocol bgp edgy from rr_clients {
description "iBGP: edgy.int.0l.de";
local 2a09:11c0:200::6;
neighbor 2a09:11c0:200::7;
bfd yes;
}
protocol bgp k8s_2_v4 from rr_clients {
description "iBGP: k8s-2.acs.vms.0l.de";
local 172.23.156.6;
neighbor 172.23.156.130;
ipv4 {
export none;
};
}
protocol bgp k8s_2_v6 from rr_clients {
description "iBGP: k8s-2.acs.vms.0l.de";
local 2a09:11c0:200::6;
neighbor 2a09:11c0:200:103:f0f4:8dff:fed4:d18d;
ipv6 {
export none;
};
}

17
protocols/kernel.conf Normal file
View file

@ -0,0 +1,17 @@
protocol kernel {
ipv4 {
import all;
export where proto !~ "direct*";
};
metric 0;
learn;
}
protocol kernel {
ipv6 {
import all;
export where proto !~ "direct*";
};
metric 0;
learn;
}

45
protocols/static.conf Normal file
View file

@ -0,0 +1,45 @@
protocol static {
check link yes;
route 134.61.120.0/22
via "tun0"; # ITC iDRACs
route 134.130.43.208/30
via "tun0"; # ITC deploy1-jh.itc.rwth-aachen.de
route 137.226.50.224/27
via "tun0"; # Jupyter
route 137.226.254.0/23
via "tun0"; # EONERC office network
route 134.130.48.0/24
via "tun0"; # EONERC server network
route 137.226.81.156/32
via "tun0"; # efs-itc01.eonerc.rwth-aachen.de
route 134.130.0.0/16
via 134.130.169.1
via 137.226.133.129;
route 134.61.0.0/16
via 134.130.169.1
via 137.226.133.129;
route 137.226.0.0/16
via 134.130.169.1
via 137.226.133.129;
route 192.35.229.0/24
via 134.130.169.1
via 137.226.133.129;
# lian.0l.de
route 178.202.247.4/32
via 134.130.169.1;
# via 137.226.133.129;
ipv4;
}

0
tables.conf Normal file
View file