ignore passwords

add more filter lists
update descriptions
2020-04-20 22:21:31 +02:00 · 2020-04-20 22:20:54 +02:00 · 2020-04-20 22:20:26 +02:00 · 2020-04-20 22:19:49 +02:00 · 2020-04-20 22:19:28 +02:00 · 2020-04-20 22:19:04 +02:00
11 changed files with 161 additions and 72 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 icvpn-meta/
+passwords.conf
--- a/bird.conf
+++ b/bird.conf
@ -9,6 +9,7 @@ timeformat protocol     iso long;
 timeformat route        iso long;

 include "/etc/bird/constants.conf";
+include "/etc/bird/passwords.conf";
 include "/etc/bird/communities.conf";
 include "/etc/bird/tables.conf";
 include "/etc/bird/rpki.conf";
--- a/protocols/cymru.conf
+++ b/protocols/cymru.conf
@ -0,0 +1,68 @@
+ipv4 table cymru_v4;
+ipv6 table cymru_v6;
+
+filter cymru_bogons_import {
+	bgp_community.add((65332,888));
+	bgp_community.add(wk_no_export);
+
+	dest = RTD_BLACKHOLE;
+	accept;
+}
+
+template bgp cymru {
+	local as my_ripe_asn;
+	neighbor as 65332;
+
+	multihop 255;
+	password pw_cymru;
+}
+
+template bgp cymru_v4_tmpl from cymru {
+	local 31.47.232.66;
+
+	ipv4 {
+		table cymru_v4;
+
+		import filter cymru_bogons_import;
+		export none;
+	};
+}
+
+template bgp cymru_v6_tmpl from cymru {
+	local 2a09:11c0:200::1:1;
+
+	ipv6 {
+		table cymru_v6;
+
+		import filter cymru_bogons_import;
+		export none;
+	};
+}
+
+protocol bgp cymru_v4_1 from cymru_v4_tmpl {
+	description "Cymru Bogons S1 (v4)";
+
+	neighbor 38.229.6.20;
+
+	disabled yes;
+}
+
+protocol bgp cymru_v4_2 from cymru_v4_tmpl {
+	description "Cymru Bogons S2 (v4)";
+
+	neighbor 38.229.46.20;
+
+	disabled yes;
+}
+
+protocol bgp cymru_v6_1 from cymru_v6_tmpl {
+	description "Cymru Bogons S1 (v6)";
+
+	neighbor  2620:0:6B0:FF00::20;
+}
+
+protocol bgp cymru_v6_2 from cymru_v6_tmpl {
+	description "Cymru Bogons S2 (v6)";
+
+	neighbor 2620:0:6B0:8000::20;
+}
--- a/protocols/cymru.conf_
+++ b/protocols/cymru.conf_
@ -1,53 +0,0 @@
-filter cymru_bogons_import {
-	bgp_community.add((65332,888));
-	dest = RTD_BLACKHOLE;
-	accept;
-}
-
-filter cymru_bogons_export {
-	reject;
-}
-
-protocol bgp bgp_cymru_v4_1 {
-	description "Cymru Bogons RS1";
-	import filter cymru_bogons_import;
-	export filter cymru_bogons_export;
-	multihop 255;
-	password "pass_here";
-	local as my_asn;
-	neighbor 38.229.66.20 as 65332;
-	source address IPv4_here;
-}
-
-protocol bgp bgp_cymru_v4_2 {
-	description "Cymru Bogons RS2";
-	import filter cymru_bogons_import;
-	export filter cymru_bogons_export;
-	multihop 255;
-	password "pass_here";
-	local as my_ripe_asn;
-	neighbor 193.231.140.82 as 65332;
-	source address IPv4_here;
-}
-
-protocol bgp bgp_cymru_v6_1 {
-	description "Cymru Bogons RS1 v6";
-	import filter cymru_bogons_import;
-	export filter cymru_bogons_export;
-	multihop 255;
-	password "pass_here";
-	local as my_ripe_asn;
-	neighbor 2620:0:6B0::26E5:4207 as 65332;
-	source address IPv6_here;
-}
-
-protocol bgp bgp_cymru_v6_2 {
-	description "Cymru Bogons RS2 v6";
-	import filter cymru_bogons_import;
-	export filter cymru_bogons_export;
-	multihop 255;
-	password "pass_here";
-	local as my_asn;
-	neighbor 2001:B30:1000:19::2 as 65332;
-	source address IPv6_here;
-}
--- a/protocols/decix.conf
+++ b/protocols/decix.conf
@ -1,35 +1,76 @@
-template bgp decix_fra_v6 {
-	local 2001:7f8::3:2afd:0:1 as my_ripe_asn;
-	neighbor as 6695;
+
+template bgp decix {
+	local as my_ripe_asn;
+
+	graceful restart on;
+}
+
+template bgp decix_v6 from decix {
+	local 2001:7f8::3:2afd:0:1;

 	ipv6 {
 		table ebgp_v6;

 		import keep filtered;
+		import limit 50000;
+
 		import filter ebgp_import_v6;
 		export filter ebgp_export_v6;
 	};
-
-	graceful restart on;
 }

-template bgp decix_fra_v4 {
-	local 80.81.196.155 as my_ripe_asn;
-	neighbor as 6695;
+template bgp decix_v4 from decix {
+	local 80.81.196.155;

 	ipv4 {
 		table ebgp_v4;

 		import keep filtered;
+		import limit 200000;
+
 		import filter ebgp_import_v4;
 		export filter ebgp_export_v4;
 	};
-
-	graceful restart on;
 }

+
+### IPv4
+template bgp decix_fra_v4 from decix_v4 {
+	neighbor as 6695;
+}
+
+template bgp decix_dus_v4 from decix_v4 {
+	neighbor as 56890;
+}
+
+template bgp decix_ham_v4 from decix_v4 {
+	neighbor as 43252;
+}
+
+template bgp decix_muc_v4 from decix_v4 {
+	neighbor as 47228;
+}
+
+### IPv6
+template bgp decix_fra_v6 from decix_v6 {
+	neighbor as 6695;
+}
+
+template bgp decix_dus_v6 from decix_v6 {
+	neighbor as 56890;
+}
+
+template bgp decix_ham_v6 from decix_v6 {
+	neighbor as 43252;
+}
+
+template bgp decix_muc_v6 from decix_v6 {
+	neighbor as 47228;
+}
+
+# Frankfurt
 protocol bgp decix_fra_rs1_v4 from decix_fra_v4 {
-	description "DE-CIX Frankfurt RS1 (IPv4)";
+	description "DE-CIX Frankfurt RS1 (v4)";

 	neighbor 80.81.192.157;
 }
--- a/protocols/dn42/doxz.conf
+++ b/protocols/dn42/doxz.conf
@ -1,5 +1,5 @@
 protocol bgp dn42_doxz_v4 from dn42_peer_v4 {
-	description "dn42 doxz IPv4";
+	description "dn42: doxz (v4)";

 	interface "wg-doxz";

@ -8,7 +8,7 @@ protocol bgp dn42_doxz_v4 from dn42_peer_v4 {
 }

 protocol bgp dn42_doxz_v6 from dn42_peer_v6 {
-	description "dn42 doxz IPv6";
+	description "dn42: doxz (v6)";

 	interface "wg-doxz";

--- a/protocols/dn42/grc.conf
+++ b/protocols/dn42/grc.conf
@ -0,0 +1,25 @@
+protocol bgp dn42_grc {
+	description "dn42: Global Route Collector (burble)";
+	local fd42:4dd0:ff00::1 as my_dn42_asn;
+	neighbor fd42:4242:2601:ac12::1 as 4242422602;
+
+	multihop;
+
+	ipv4 {
+		add paths tx;
+
+		table dn42_v4;
+
+		export all;
+		import none;
+	};
+
+	ipv6 {
+		add paths tx;
+
+		table dn42_v6;
+
+		export all;
+		import none;
+	};
+}
--- a/protocols/dn42/tbspace.conf
+++ b/protocols/dn42/tbspace.conf
@ -1,5 +1,5 @@
 protocol bgp dn42_tbspace_v4 from dn42_peer_v4 {
-	description "dn42 tbspace IPv4";
+	description "dn42: tbspace (v4)";

 	interface "wg-tbspace";

@ -8,7 +8,7 @@ protocol bgp dn42_tbspace_v4 from dn42_peer_v4 {
 }

 protocol bgp dn42_tbspace_v6 from dn42_peer_v6 {
-	description "dn42 tbspace IPv6";
+	description "dn42: tbspace (v6)";

 	interface "wg-tbspace";

--- a/protocols/layerbridge.conf
+++ b/protocols/layerbridge.conf
@ -1,4 +1,5 @@
-# Layerbridge
+include "/var/lib/bird/hetnix_v6.conf";
+
 protocol bgp tb_lb1 {
 	description "LayerBridge / Hetnix";

--- a/protocols/ripe-rcc.conf
+++ b/protocols/ripe-rcc.conf
@ -19,15 +19,19 @@ template bgp ripe_rcc_v6 {
 	ipv6 {
 		table ebgp_v6;

-		import all where net ~ ripe_rcc_beacons_v6;
+		import where net ~ ripe_rcc_beacons_v6;
 		export all;
 	};
 }

 protocol bgp ripe_rrc12_v4 from ripe_rcc_v4 {
+	description "RIPE RIS Route Collector RRC12 (v4)";
+
 	neighbor 80.81.192.152;
 }

 protocol bgp ripe_rrc12_v6 from ripe_rcc_v6 {
+	description "RIPE RIS Route Collector RRC12 (v6)";
+
 	neighbor 2001:7f8::316e:0:1;
 }
--- a/update.sh
+++ b/update.sh
@ -9,8 +9,9 @@ icvpn-scripts/mkroa -s icvpn-meta > /var/lib/bird/icvpn_roa.conf
 curl -sfSLR {-o,-z}/var/lib/bird/bird_roa_dn42_v4.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf
 curl -sfSLR {-o,-z}/var/lib/bird/bird_roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf

-bgpq3 -b -3 -4 AS12654:RS-RIS -l ripe_rcc_beacons_v4 >  /var/lib/bird/ripe_rcc_beacons.conf
-bgpq3 -b -3 -6 AS12654:RS-RIS -l ripe_rcc_beacons_v6 >> /var/lib/bird/ripe_rcc_beacons.conf
+bgpq3 -b -3 -4 AS12654:RS-RIS -l "define ripe_rcc_beacons_v4" >  /var/lib/bird/ripe_rcc_beacons.conf
+bgpq3 -b -3 -6 AS12654:RS-RIS -l "define ripe_rcc_beacons_v6" >> /var/lib/bird/ripe_rcc_beacons.conf
+bgpq3 -b -3 -6 AS-HETNiX      -l "define hetnix_v6"           > /var/lib/bird/hetnix_v6.conf

 # Maybe do a 'birdc configure check' before?
 birdc configure
Author	SHA1	Message	Date
Steffen Vogel	eff50bb718	ignore passwords	2020-04-20 22:21:31 +02:00
Steffen Vogel	687bd2b22b	add more filter lists	2020-04-20 22:20:54 +02:00
Steffen Vogel	77e95595c4	update descriptions	2020-04-20 22:20:26 +02:00
Steffen Vogel	02010ce921	prepare remote DE-CIX peerings	2020-04-20 22:19:49 +02:00
Steffen Vogel	2649d4aa4c	add burble's dn42 RC	2020-04-20 22:19:28 +02:00
Steffen Vogel	0299c39083	add descriptions	2020-04-20 22:19:04 +02:00
Steffen Vogel	d4b840dd27	add cynmry bogon RS	2020-04-20 22:18:16 +02:00