restructured repo

bird.conf

@@ -7,32 +7,13 @@ timeformat log          iso long;
 timeformat protocol     iso long;
 timeformat route        iso long;
 
-filter ibgp_export_v4 {
+include "/etc/bird/constants.conf";
-	if net = 178.202.247.4/32 then
+include "/etc/bird/passwords.conf";
-		reject;
+include "/etc/bird/communities.conf";
-
+include "/etc/bird/tables.conf";
-	accept;
+include "/etc/bird/filters/*.conf";
-}
+include "/etc/bird/templates/*.conf";
-
+include "/etc/bird/protocols/*.conf";
-filter ibgp_export_v6 {
-	accept;
-}
-
-filter ibgp_import_v4 {
-	krt_metric = 200;
-
-	if net = 0.0.0.0/0 then reject;
-
-	accept;
-}
-
-filter ibgp_import_v6 {
-	krt_metric = 200;
-
-#	if net = 0::/0 then reject;
-
-	accept;
-}
 
 protocol device {
 
@@ -43,117 +24,3 @@ protocol direct {
 	ipv6;
 	interface "ens*", "tun*", "vpn-*";
 }
-
-protocol kernel {
-	ipv4 {
-		import all;
-		export where proto !~ "direct*";
-	};
-	metric 0;
-	learn;
-}
-
-protocol kernel {
-	ipv6 {
-		import all;
-		export where proto !~ "direct*";
-	};
-	metric 0;
-	learn;
-}
-
-protocol static {
-	check link yes;
-
-	route 134.61.120.0/22
-		via "tun0"; # ITC iDRACs
-
-	route 134.130.43.208/30
-		via "tun0"; # ITC deploy1-jh.itc.rwth-aachen.de
-
-	route 137.226.50.224/27
-		via "tun0"; # Jupyter
-
-	route 137.226.254.0/23
-		via "tun0"; # EONERC office network
-	
-	route 134.130.48.0/24
-		via "tun0"; # EONERC server network
-
-	route 137.226.81.156/32
-		via "tun0"; # efs-itc01.eonerc.rwth-aachen.de
-
-	route 134.130.0.0/16
-		via 134.130.169.1
-		via 137.226.133.129;
-	
-	route 134.61.0.0/16
-		via 134.130.169.1
-		via 137.226.133.129;
-
-	route 137.226.0.0/16
-		via 134.130.169.1
-		via 137.226.133.129;
-
-	route 192.35.229.0/24
-		via 134.130.169.1
-		via 137.226.133.129;
-
-	# lian.0l.de
-	route 178.202.247.4/32
-		via 134.130.169.1;
-#		via 137.226.133.129;
-
-	ipv4;
-}
-
-template bgp rr_clients {
-	local as 207613;
-	neighbor as 207613;
-	rr client;
-	rr cluster id 172.23.156.4;
-
-	ipv4 {
-		import keep filtered;
-		import filter ibgp_import_v4;
-		export filter ibgp_export_v4;
-		next hop self;
-	};
-
-	ipv6 {
-		import keep filtered;
-		import filter ibgp_import_v6;
-		export filter ibgp_export_v6;
-		next hop self;
-	};
-}
-
-protocol bgp edgy from rr_clients {
-	description "iBGP: edgy.int.0l.de";
-
-	local 2a09:11c0:200::6;
-        neighbor 2a09:11c0:200::7;
-}
-
-protocol bgp k8s_2_v4 from rr_clients {
-	description "iBGP: k8s-2.acs.vms.0l.de";
-
-	local 172.23.156.6;
-        neighbor 172.23.156.130;
-
-	ipv4 {
-		export none;
-	};
-}
-
-protocol bgp k8s_2_v6 from rr_clients {
-	description "iBGP: k8s-2.acs.vms.0l.de";
-
-	local 2a09:11c0:200::6;
-        neighbor 2a09:11c0:200:103:f0f4:8dff:fed4:d18d;
-
-	ipv6 {
-		export none;
-	};
-}
-

communities.conf

@@ -0,0 +1,54 @@
+define cymru_fullbogons		= (65332, 888);
+
+# Well-known: https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml
+define wk_graceful_shutdown	= (0xffff, 0x0000); # RFC8326
+define wk_accept_own		= (0xffff, 0x0001); # RFC7611
+define wk_blackhole		= (0xffff, 0x029a); # RFC7999
+define wk_no_export		= (0xffff, 0xff01); # RFC1997
+define wk_no_advertise		= (0xffff, 0xff02); # RFC1997
+define wk_no_export_subconfed	= (0xffff, 0xff03); # RFC1997
+define wk_nopeer		= (0xffff, 0xff04); # RFC3765
+
+# See https://www.euro-ix.net/en/forixps/large-bgp-communities/
+
+# Informational RS:1000-1999:*
+
+## Informational tags RS:1000-1099:*
+define informational_rpki_valid = (my_ripe_asn, 1000, 1);
+define informational_rpki_unknown = (my_ripe_asn, 1000, 2);
+define informational_rpki_not_checked = (my_ripe_asn, 1000, 3);
+define informational_rpki_invalid = (my_ripe_asn, 1000, 4);
+define informational_rpki_invalid_origin_as = (my_ripe_asn, 1000, 5);
+define informational_rpki_invalid_max_length = (my_ripe_asn, 1000, 6);
+
+define informational_irrdb_valid = (my_ripe_asn, 1001, 1);
+define informational_irrdb_not_checked = (my_ripe_asn, 1001, 2);
+define informational_irrdb_more_specific = (my_ripe_asn, 1001, 3);
+define informational_irrdb_prefix_not_found_in_as_set = (my_ripe_asn, 1001, 4);
+define informational_irrdb_invalid_origin_as = (my_ripe_asn, 1001, 5);
+define informational_irrdb_invalid_prefix_for_origin_as = (my_ripe_asn, 1001, 6);
+
+# Filtered reasons: RS:1100-1199:*
+
+## Route was filtered on import RS:1101:*
+define filtered_import_prefix_too_long = (my_ripe_asn, 1101, 1);
+define filtered_import_prefix_too_short = (my_ripe_asn, 1101, 2);
+define filtered_import_bogon_prefix = (my_ripe_asn, 1101, 3);
+define filtered_import_bogon_as = (my_ripe_asn, 1101, 4);
+define filtered_import_as_path_too_long = (my_ripe_asn, 1101, 5);
+define filtered_import_as_path_too_short = (my_ripe_asn, 1101, 6);
+define filtered_import_first_as_not_peer = (my_ripe_asn, 1101, 7);
+define filtered_import_next_hop_not_peer = (my_ripe_asn, 1101, 8);
+define filtered_import_irrdb_prefix_not_in_as_set = (my_ripe_asn, 1101, 9);
+define filtered_import_origin_as_not_in_peer_as_set = (my_ripe_asn, 1101, 10);
+define filtered_import_prefix_not_found_in_origin_as = (my_ripe_asn, 1101, 11);
+define filtered_import_prefix_is_rpki_unknown = (my_ripe_asn, 1101, 12);
+define filtered_import_prefix_is_rpki_invalid = (my_ripe_asn, 1101, 13);
+define filtered_import_transit_free_asn_in_as_path = (my_ripe_asn, 1101, 14);
+define filtered_import_too_many_bgp_communities = (my_ripe_asn, 1101, 15);
+
+# Route was filtered on export RS:1102:*
+define filtered_export_advertising_peer_declines_prefix = (my_ripe_asn, 1102, 1);
+define filtered_export_declined_from_advertising_peer = (my_ripe_asn, 1102, 2);
+define filtered_export_too_many_bgp_communities = (my_ripe_asn, 1102, 3);
+

constants.conf

@@ -0,0 +1,3 @@
+define my_ripe_asn = 207613;
+define my_dn42_asn = 4242422428;
+

filters/ibgp.conf

@@ -0,0 +1,26 @@
+filter ibgp_export_v4 {
+	if net = 178.202.247.4/32 then
+		reject;
+
+	accept;
+}
+
+filter ibgp_export_v6 {
+	accept;
+}
+
+filter ibgp_import_v4 {
+	krt_metric = 200;
+
+	if net = 0.0.0.0/0 then reject;
+
+	accept;
+}
+
+filter ibgp_import_v6 {
+	krt_metric = 200;
+
+#	if net = 0::/0 then reject;
+
+	accept;
+}

protocols/bfd.conf

@@ -0,0 +1,8 @@
+protocol bfd bfd1 {
+
+	interface "wg-*" {
+		interval 100 ms;
+		authentication simple;
+		password pw_bfd;
+	};
+}

protocols/ibgp.conf

@@ -0,0 +1,51 @@
+template bgp rr_clients {
+	local as 207613;
+	neighbor as 207613;
+	rr client;
+	rr cluster id 172.23.156.4;
+
+	ipv4 {
+		import keep filtered;
+		import filter ibgp_import_v4;
+		export filter ibgp_export_v4;
+		next hop self;
+	};
+
+	ipv6 {
+		import keep filtered;
+		import filter ibgp_import_v6;
+		export filter ibgp_export_v6;
+		next hop self;
+	};
+}
+
+protocol bgp edgy from rr_clients {
+	description "iBGP: edgy.int.0l.de";
+
+	local 2a09:11c0:200::6;
+        neighbor 2a09:11c0:200::7;
+
+	bfd yes;
+}
+
+protocol bgp k8s_2_v4 from rr_clients {
+	description "iBGP: k8s-2.acs.vms.0l.de";
+
+	local 172.23.156.6;
+        neighbor 172.23.156.130;
+
+	ipv4 {
+		export none;
+	};
+}
+
+protocol bgp k8s_2_v6 from rr_clients {
+	description "iBGP: k8s-2.acs.vms.0l.de";
+
+	local 2a09:11c0:200::6;
+        neighbor 2a09:11c0:200:103:f0f4:8dff:fed4:d18d;
+
+	ipv6 {
+		export none;
+	};
+}

protocols/kernel.conf

@@ -0,0 +1,17 @@
+protocol kernel {
+	ipv4 {
+		import all;
+		export where proto !~ "direct*";
+	};
+	metric 0;
+	learn;
+}
+
+protocol kernel {
+	ipv6 {
+		import all;
+		export where proto !~ "direct*";
+	};
+	metric 0;
+	learn;
+}

protocols/static.conf

@@ -0,0 +1,45 @@
+protocol static {
+	check link yes;
+
+	route 134.61.120.0/22
+		via "tun0"; # ITC iDRACs
+
+	route 134.130.43.208/30
+		via "tun0"; # ITC deploy1-jh.itc.rwth-aachen.de
+
+	route 137.226.50.224/27
+		via "tun0"; # Jupyter
+
+	route 137.226.254.0/23
+		via "tun0"; # EONERC office network
+
+	route 134.130.48.0/24
+		via "tun0"; # EONERC server network
+
+	route 137.226.81.156/32
+		via "tun0"; # efs-itc01.eonerc.rwth-aachen.de
+
+	route 134.130.0.0/16
+		via 134.130.169.1
+		via 137.226.133.129;
+
+	route 134.61.0.0/16
+		via 134.130.169.1
+		via 137.226.133.129;
+
+	route 137.226.0.0/16
+		via 134.130.169.1
+		via 137.226.133.129;
+
+	route 192.35.229.0/24
+		via 134.130.169.1
+		via 137.226.133.129;
+
+	# lian.0l.de
+	route 178.202.247.4/32
+		via 134.130.169.1;
+#		via 137.226.133.129;
+
+	ipv4;
+}
+