Compare commits
No commits in common. "edgy" and "acs" have entirely different histories.
42 changed files with 100 additions and 1796 deletions
|
|
@ -1,7 +1,6 @@
|
|||
|
||||
log syslog all;
|
||||
|
||||
router id 172.23.156.14;
|
||||
router id 172.23.156.4;
|
||||
|
||||
timeformat base iso long;
|
||||
timeformat log iso long;
|
||||
|
|
@ -23,7 +22,5 @@ protocol device {
|
|||
protocol direct {
|
||||
ipv4;
|
||||
ipv6;
|
||||
|
||||
interface "virbr*", "wg-*", "sit-*", "idrac", "eno*", "tobi", "manu", "tun*";
|
||||
interface "ens*", "tun*", "vpn-*";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ define cymru_fullbogons = (65332, 888);
|
|||
# Well-known: https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml
|
||||
define wk_graceful_shutdown = (0xffff, 0x0000); # RFC8326
|
||||
define wk_accept_own = (0xffff, 0x0001); # RFC7611
|
||||
define wk_blackhole = (0xffff, 0x029a); # RFC7999
|
||||
define wk_blackhole = (0xffff, 0x029a); # RFC7999
|
||||
define wk_no_export = (0xffff, 0xff01); # RFC1997
|
||||
define wk_no_advertise = (0xffff, 0xff02); # RFC1997
|
||||
define wk_no_export_subconfed = (0xffff, 0xff03); # RFC1997
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
# Source: https://wiki.hamburg.ccc.de/ChaosVPN:IPRanges
|
||||
|
||||
function is_chaosvpn() {
|
||||
return net ~ [
|
||||
10.4.0.0/16+,
|
||||
10.32.0.0/16+,
|
||||
10.100.0.0/14+,
|
||||
10.104.0.0/14+,
|
||||
172.31.0.0/16+
|
||||
];
|
||||
}
|
||||
|
||||
|
|
@ -1,229 +0,0 @@
|
|||
# Sources:
|
||||
# http://www.us.ntt.net/support/policy/routing.cfm#bogon
|
||||
# http://as2914.net/bogon_asns/configuration_examples.txt
|
||||
# https://www.de-cix.net/en/locations/germany/frankfurt/routeserver-guide
|
||||
# https://archive.nanog.org/sites/default/files/Snijders_Everyday_Practical_Bgp.pdf
|
||||
# http://bgpfilterguide.nlnog.net/
|
||||
# https://gitlab.labs.nic.cz/labs/bird/-/wikis/BGP_filtering
|
||||
|
||||
function is_mine_ripe() {
|
||||
return net ~ [
|
||||
2a09:11c0:200::/44+,
|
||||
2a0e:97c7:100::/44+,
|
||||
2a09:4c2:1b::/48+,
|
||||
31.47.232.64/29+, # meerfarbig
|
||||
141.98.136.128/29+ # level66
|
||||
];
|
||||
}
|
||||
|
||||
function is_mine_dn42() {
|
||||
return net ~ [
|
||||
172.23.156.0/23+,
|
||||
fd42:4dd0:ff00::/48+
|
||||
];
|
||||
}
|
||||
|
||||
function is_mine() {
|
||||
return is_mine_dn42() || is_mine_ripe();
|
||||
}
|
||||
|
||||
# Big transit / tier 1 ASNs for "peerlock"
|
||||
function is_big_asn(int asnum) {
|
||||
return asnum ~ [
|
||||
174, # Cogent
|
||||
209, # Qwest (HE carries this on IXPs IPv6 (Jul 12 2018))
|
||||
701, # UUNET
|
||||
702, # UUNET
|
||||
1239, # Sprint
|
||||
1299, # Telia
|
||||
2914, # NTT Communications
|
||||
3257, # GTT Backbone
|
||||
3320, # Deutsche Telekom AG (DTAG)
|
||||
3356, # Level3
|
||||
3549, # Level3
|
||||
3561, # Savvis / CenturyLink
|
||||
4134, # Chinanet
|
||||
5511, # Orange opentransit
|
||||
6453, # Tata Communications
|
||||
6461, # Zayo Bandwidth
|
||||
6762, # Seabone / Telecom Italia
|
||||
7018 # AT&T
|
||||
];
|
||||
}
|
||||
|
||||
# Source: https://wiki.freifunk.net/AS-Nummern
|
||||
function is_freifunk_asn(int asnum) {
|
||||
return asnum ~ [ 64856..65534 ];
|
||||
}
|
||||
|
||||
# Source: https://dn42.net/services/Whois
|
||||
function is_dn42_asn(int asnum) {
|
||||
return asnum ~ [ 4242420000..4242429999 ];
|
||||
}
|
||||
|
||||
function is_bogon_asn(int asnum) {
|
||||
return asnum ~ [
|
||||
0, # RFC7607: Codification of AS 0 Processing
|
||||
23456, # RFC6793: AS_TRANS for 32bit extendend ASN range
|
||||
64496..64511, # RFC5398: Reservation for Documentation Use 16bit ASN
|
||||
64512..65534, # RFC6996: Reservation for Private Use 16bit ASN
|
||||
65535, # RFC7300: Reservation of Last ASNs
|
||||
65536..65551, # RFC5398: Reservation for Documentation Use 32bit ASN
|
||||
65552..131071, # IANA reserved ASNs https://www.mail-archive.com/uknof@lists.uknof.org.uk/msg03395.html
|
||||
4200000000..4294967294, # RFC6996: Reservation for Private Use 32bit ASN
|
||||
4294967295 # RFC7300: Reservation of Last ASNs
|
||||
];
|
||||
}
|
||||
|
||||
# RFC 1918
|
||||
function is_private_v4() {
|
||||
return net ~ [
|
||||
10.0.0.0/8+,
|
||||
172.16.0.0/12+,
|
||||
192.168.0.0/16+
|
||||
];
|
||||
}
|
||||
|
||||
function is_private_v6() {
|
||||
return net ~ [
|
||||
fc00::/7+ # RFC4193: Unique-Local
|
||||
];
|
||||
}
|
||||
|
||||
function is_peering_lan_v4() {
|
||||
return net ~ [
|
||||
185.1.119.0/24+, # LocIX Frankfurt
|
||||
80.81.192.0/21+, # DE-CIX Frankfurt
|
||||
185.1.125.0/24+, # 4IXP / 4b42
|
||||
206.81.104.0/24+, # EVIX
|
||||
193.189.82.0/23+ # KleyRex
|
||||
];
|
||||
}
|
||||
|
||||
function is_peering_lan_v6() {
|
||||
return net ~ [
|
||||
2a07:1c44:61f0::/64+, # LocIX Frankfurt
|
||||
2001:7f8::/64+, # DE-CIX Frankfurt
|
||||
2001:7f8:d0:b901::/64+, # 4IXP / 4b42
|
||||
2001:7f8:d0:4b42::/64+, # 4IXP / 4b42
|
||||
2602:fed2:fff:ffff::/64, # EVIX
|
||||
2001:7f8:33::/48+ # KleyRex
|
||||
];
|
||||
}
|
||||
|
||||
function is_martian_v4() {
|
||||
# See RFC6890
|
||||
|
||||
return is_private_v4() ||
|
||||
net ~ [
|
||||
0.0.0.0/8+, # RFC1122: This host on this network
|
||||
100.64.0.0/10+, # RFC6598: IANA-Reserved IPv4 Prefix for Shared Address Space
|
||||
127.0.0.0/8+, # RFC1122: Loopback
|
||||
192.18.0.0/15+, # RFC2544: Benchmarking Methodology for Network Interconnect Devices
|
||||
169.254.0.0/16+, # RFC3927: Dynamic Configuration of IPv4 Link-Local Addresses
|
||||
192.0.0.0/24+, # RFC6890: IETF Protocol Assignments
|
||||
192.0.0.0/29+, # RFC6333: DS-Lite
|
||||
192.0.2.0/24+, # RFC5737: IPv4 Address Blocks Reserved for Documentation (TEST-NET-1)
|
||||
198.51.100.0/24+, # RFC5737: IPv4 Address Blocks Reserved for Documentation (TEST-NET-2)
|
||||
192.88.99.0/24+, # RFC3068: 6to4 Relay Anycast
|
||||
203.0.113.0/24+, # RFC5737: IPv4 Address Blocks Reserved for Documentation (TEST-NET-3)
|
||||
224.0.0.0/4+, # RFC5771: IPv4 Multicast
|
||||
240.0.0.0/4+, # RFC1112: Reserved for Future Use
|
||||
255.255.255.255/32 # RFC0919: Limited Broadcast
|
||||
];
|
||||
}
|
||||
|
||||
function is_martian_v6() {
|
||||
# See RFC6890
|
||||
|
||||
return is_private_v6() ||
|
||||
net ~ [
|
||||
::ffff:0:0/96+, # RFC4291: IPv4-mapped Address
|
||||
::ffff:0:0:0/96+, # IPv4 translated
|
||||
::/128, # RFC4291: Unspecified Address
|
||||
::1/128, # RFC4291: Loopback Address
|
||||
64:ff9b::/96+, # RFC6052: IPv4-IPv6 Translated (NAT64)
|
||||
100::/64+, # RFC6666: Discard-Only Address Block
|
||||
2001::/23+, # RFC2928: IETF Protocol Assignments
|
||||
2001::/32+, # RFC4380: TEREDO
|
||||
2001:2::/48+, # RFC5180: Benchmarking
|
||||
2001:10::/28+, # RFC4843: ORCHID
|
||||
2001:db8::/32+, # RFC3849: Documentation
|
||||
2002::/16+, # RFC3056: 6to4
|
||||
fe80::/10+, # RFC4291: Linked-Scoped Unicast
|
||||
ff00::/8+ # RFC2373/3306: IPv6 Multicast
|
||||
];
|
||||
}
|
||||
|
||||
function is_default_v4() {
|
||||
return net = 0.0.0.0/0;
|
||||
}
|
||||
|
||||
function is_default_v6() {
|
||||
return net ~ ::/0;
|
||||
}
|
||||
|
||||
|
||||
function is_bogon_ebgp_v4() {
|
||||
if net.len > 24 then { # RFC7454
|
||||
bgp_large_community.add(filtered_import_prefix_too_long);
|
||||
return true;
|
||||
}
|
||||
|
||||
if is_martian_v4() then {
|
||||
return true;
|
||||
}
|
||||
|
||||
if is_peering_lan_v4() then {
|
||||
return true;
|
||||
}
|
||||
|
||||
if bgp_path.first != my_ripe_asn then {
|
||||
return true;
|
||||
}
|
||||
|
||||
if bgp_path.len > 32 then {
|
||||
bgp_large_community.add(filtered_import_as_path_too_long);
|
||||
return true;
|
||||
}
|
||||
|
||||
if net.len < 8 then { # RFC7454
|
||||
bgp_large_community.add(filtered_import_prefix_too_short);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function is_bogon_ebgp_v6() {
|
||||
if net.len > 48 then { # RFC7454
|
||||
bgp_large_community.add(filtered_import_prefix_too_long);
|
||||
return true;
|
||||
}
|
||||
|
||||
if is_martian_v6() then
|
||||
return true;
|
||||
|
||||
if is_peering_lan_v6() then
|
||||
return true;
|
||||
|
||||
#if is_bogon_asn() then
|
||||
# return true;
|
||||
|
||||
if bgp_path.first != my_ripe_asn then {
|
||||
bgp_large_community.add(filtered_import_first_as_not_peer);
|
||||
return true;
|
||||
}
|
||||
|
||||
if bgp_path.len > 32 then {
|
||||
bgp_large_community.add(filtered_import_as_path_too_long);
|
||||
return true;
|
||||
}
|
||||
|
||||
if net.len < 19 then { # RFC7454
|
||||
bgp_large_community.add(filtered_import_prefix_too_short);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1,88 +0,0 @@
|
|||
function is_dn42() {
|
||||
return net ~ [
|
||||
172.20.0.0/14{21,29},
|
||||
172.20.0.0/24{28,32}, # Anycast
|
||||
172.21.0.0/24{28,32}, # Anycast
|
||||
172.22.0.0/24{28,32}, # Anycast
|
||||
172.23.0.0/24{28,32}, # Anycast
|
||||
fd00::/8{44,64}
|
||||
];
|
||||
}
|
||||
|
||||
function dn42_import_v4()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
if bgp_path ~ [= * 4242421331 * =] then reject;
|
||||
|
||||
if is_mine_dn42() then
|
||||
ok = false;
|
||||
|
||||
if ! is_dn42() then
|
||||
ok = false;
|
||||
|
||||
if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then
|
||||
bgp_large_community.add(informational_rpki_valid);
|
||||
else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
|
||||
bgp_large_community.add(informational_rpki_unknown);
|
||||
else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
|
||||
print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
|
||||
bgp_large_community.add(informational_rpki_invalid);
|
||||
ok = false;
|
||||
}
|
||||
else
|
||||
bgp_large_community.add(informational_rpki_not_checked);
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
function dn42_import_v6()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
if bgp_path ~ [= * 4242421331 * =] then reject;
|
||||
|
||||
if is_mine_dn42() then
|
||||
ok = false;
|
||||
|
||||
if ! is_dn42() then
|
||||
ok = false;
|
||||
|
||||
if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
|
||||
bgp_large_community.add(informational_rpki_valid);
|
||||
else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
|
||||
bgp_large_community.add(informational_rpki_unknown);
|
||||
else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
|
||||
print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
|
||||
bgp_large_community.add(informational_rpki_invalid);
|
||||
ok = false;
|
||||
}
|
||||
else
|
||||
bgp_large_community.add(informational_rpki_not_checked);
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
function dn42_export_v4()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
if ! is_dn42() then
|
||||
ok = false;
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
function dn42_export_v6()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
if ! is_dn42() then
|
||||
ok = false;
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
function ebgp_import_v4()
|
||||
bool ok;
|
||||
{
|
||||
ok = false;
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
function ebgp_import_v6()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
# Make sure we dont use peering IPs for originating traffic
|
||||
krt_prefsrc = 2a09:11c0:200::14;
|
||||
|
||||
|
||||
if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
|
||||
bgp_large_community.add(informational_rpki_valid);
|
||||
else if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
|
||||
bgp_large_community.add(informational_rpki_unknown);
|
||||
else if roa_check(roa_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
|
||||
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
|
||||
bgp_large_community.add(informational_rpki_invalid);
|
||||
ok = false;
|
||||
}
|
||||
else
|
||||
bgp_large_community.add(informational_rpki_not_checked);
|
||||
|
||||
if net.len > 48 then {
|
||||
bgp_large_community.add(filtered_import_prefix_too_long);
|
||||
ok = false;
|
||||
}
|
||||
|
||||
if bgp_path.len > 64 then {
|
||||
bgp_large_community.add(filtered_import_as_path_too_long);
|
||||
ok = false;
|
||||
}
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
function ebgp_export_v4()
|
||||
bool ok;
|
||||
{
|
||||
# I dont have ane IPv4 prefixes :(
|
||||
return false;
|
||||
}
|
||||
|
||||
function ebgp_export_v6()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
if ! is_mine_ripe() then
|
||||
ok = false;
|
||||
|
||||
if net = 2a09:11c0:202::/48 then
|
||||
ok = false;
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
function is_freifunk() {
|
||||
return net ~ [
|
||||
10.0.0.0/8{15,24}
|
||||
];
|
||||
}
|
||||
|
||||
|
|
@ -1,43 +1,26 @@
|
|||
function ibgp_export_v4()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
filter ibgp_export_v4 {
|
||||
if net = 178.202.247.4/32 then
|
||||
reject;
|
||||
|
||||
if net.len = 32 then
|
||||
ok = false;
|
||||
|
||||
return ok;
|
||||
accept;
|
||||
}
|
||||
|
||||
function ibgp_export_v6()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
|
||||
if net.len = 128 then
|
||||
ok = false;
|
||||
|
||||
return ok;
|
||||
filter ibgp_export_v6 {
|
||||
accept;
|
||||
}
|
||||
|
||||
function ibgp_import_v4()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
filter ibgp_import_v4 {
|
||||
krt_metric = 200;
|
||||
|
||||
if net = 0.0.0.0/0 then
|
||||
ok = false;
|
||||
if net = 0.0.0.0/0 then reject;
|
||||
|
||||
return ok;
|
||||
accept;
|
||||
}
|
||||
|
||||
function ibgp_import_v6()
|
||||
bool ok;
|
||||
{
|
||||
ok = true;
|
||||
filter ibgp_import_v6 {
|
||||
krt_metric = 200;
|
||||
|
||||
if net = ::/0 then
|
||||
ok = false;
|
||||
# if net = 0::/0 then reject;
|
||||
|
||||
return ok;
|
||||
accept;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
function is_idfx() {
|
||||
return net ~ [
|
||||
10.1.0.0/16{19,24}, # iiidefix internal
|
||||
10.42.0.0/16{19,24}, # iiidefix friends
|
||||
194.127.157.224/27{27,32}, # MKD net
|
||||
148.251.17.70/32, # defks1
|
||||
85.214.96.242/32, # deber1
|
||||
fdb0:4339::/32{48,64}, # iiidefix v6
|
||||
2a09:11c0:20f:100::/56{56,64}
|
||||
];
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# https://noc-portal.rz.rwth-aachen.de/networks-view/
|
||||
function is_rwth() {
|
||||
return net ~ [
|
||||
134.61.0.0/16+,
|
||||
134.130.0.0/16+,
|
||||
137.226.0.0/16+,
|
||||
192.35.229.0/24+,
|
||||
194.35.108.0/22+,
|
||||
2a00:8a60::/29+
|
||||
];
|
||||
}
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 898eb449091db4029f1bf3ab6bb478a0f3cf4b4d
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
template bgp ixp_ch_v4 from ebgp_peer_v4 {
|
||||
local 185.1.125.152;
|
||||
neighbor as 35708;
|
||||
|
||||
ipv4 {
|
||||
export filter {
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
|
||||
if ebgp_export_v4() then
|
||||
accept;
|
||||
else
|
||||
reject;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
template bgp ixp_ch_v6 from ebgp_peer_v6 {
|
||||
local 2001:7f8:d0:b901::7d98;
|
||||
neighbor as 35708;
|
||||
|
||||
ipv6 {
|
||||
export filter {
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
|
||||
if ebgp_export_v6() then
|
||||
accept;
|
||||
else
|
||||
reject;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp ixp_ch_rs1_v4 from ixp_ch_v4 {
|
||||
description "4IXP Zürich: RS1 (v4)";
|
||||
|
||||
neighbor 185.1.125.1;
|
||||
}
|
||||
|
||||
protocol bgp ixp_ch_rs2_v4 from ixp_ch_v4 {
|
||||
description "4IXP Zürich: RS1 24)";
|
||||
|
||||
neighbor 185.1.125.2;
|
||||
}
|
||||
|
||||
protocol bgp ixp_ch_rs1_v6 from ixp_ch_v6 {
|
||||
description "4IXP Zürich: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:d0:b901::7d01;
|
||||
}
|
||||
|
||||
protocol bgp ixp_ch_rs2_v6 from ixp_ch_v6 {
|
||||
description "4IXP Zürich: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:d0:b901::7d02;
|
||||
}
|
||||
|
||||
# Peering
|
||||
protocol bgp ixp_ch_4b42_v6 from ixp_ch_v6 {
|
||||
description "4IXP Zürich: 4b42 (v6)";
|
||||
|
||||
neighbor 2001:7f8:d0:b901::7dfe as 60474;
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
protocol bfd bfd1 {
|
||||
|
||||
interface "wg-*" {
|
||||
interval 100ms;
|
||||
interval 100 ms;
|
||||
authentication simple;
|
||||
password pw_bfd;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,68 +0,0 @@
|
|||
ipv4 table cymru_v4;
|
||||
ipv6 table cymru_v6;
|
||||
|
||||
filter cymru_bogons_import {
|
||||
bgp_community.add((65332,888));
|
||||
bgp_community.add(wk_no_export);
|
||||
|
||||
dest = RTD_BLACKHOLE;
|
||||
accept;
|
||||
}
|
||||
|
||||
template bgp cymru {
|
||||
local as my_ripe_asn;
|
||||
neighbor as 65332;
|
||||
|
||||
multihop 255;
|
||||
password pw_cymru;
|
||||
}
|
||||
|
||||
template bgp cymru_v4_tmpl from cymru {
|
||||
local 31.47.232.66;
|
||||
|
||||
ipv4 {
|
||||
table cymru_v4;
|
||||
|
||||
import filter cymru_bogons_import;
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
template bgp cymru_v6_tmpl from cymru {
|
||||
local 2a09:11c0:200::1:1;
|
||||
|
||||
ipv6 {
|
||||
table cymru_v6;
|
||||
|
||||
import filter cymru_bogons_import;
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp cymru_v4_1 from cymru_v4_tmpl {
|
||||
description "Cymru Bogons S1 (v4)";
|
||||
|
||||
neighbor 38.229.6.20;
|
||||
|
||||
disabled yes;
|
||||
}
|
||||
|
||||
protocol bgp cymru_v4_2 from cymru_v4_tmpl {
|
||||
description "Cymru Bogons S2 (v4)";
|
||||
|
||||
neighbor 38.229.46.20;
|
||||
|
||||
disabled yes;
|
||||
}
|
||||
|
||||
protocol bgp cymru_v6_1 from cymru_v6_tmpl {
|
||||
description "Cymru Bogons S1 (v6)";
|
||||
|
||||
neighbor 2620:0:6B0:FF00::20;
|
||||
}
|
||||
|
||||
protocol bgp cymru_v6_2 from cymru_v6_tmpl {
|
||||
description "Cymru Bogons S2 (v6)";
|
||||
|
||||
neighbor 2620:0:6B0:8000::20;
|
||||
}
|
||||
|
|
@ -1,398 +0,0 @@
|
|||
template bgp decix_v4 from ebgp_peer_v4 {
|
||||
ipv4 {
|
||||
preference 120;
|
||||
};
|
||||
}
|
||||
|
||||
template bgp decix_v6 from ebgp_peer_v6 {
|
||||
ipv6 {
|
||||
import limit 50000;
|
||||
|
||||
preference 120;
|
||||
};
|
||||
}
|
||||
|
||||
### IPv4
|
||||
template bgp decix_fra_v4 from decix_v4 {
|
||||
neighbor as 6695;
|
||||
|
||||
local 80.81.196.155;
|
||||
}
|
||||
|
||||
template bgp decix_dus_v4 from decix_v4 {
|
||||
neighbor as 56890;
|
||||
|
||||
local 185.1.170.221;
|
||||
}
|
||||
|
||||
template bgp decix_ham_v4 from decix_v4 {
|
||||
neighbor as 43252;
|
||||
|
||||
local 80.81.203.195;
|
||||
}
|
||||
|
||||
template bgp decix_muc_v4 from decix_v4 {
|
||||
neighbor as 47228;
|
||||
|
||||
local 80.81.202.202;
|
||||
}
|
||||
|
||||
### IPv6
|
||||
template bgp decix_fra_v6 from decix_v6 {
|
||||
local 2001:7f8::3:2afd:0:1;
|
||||
neighbor as 6695;
|
||||
|
||||
ipv6 {
|
||||
preference 140;
|
||||
};
|
||||
}
|
||||
|
||||
template bgp decix_dus_v6 from decix_v6 {
|
||||
local 2001:7f8:9e:0:3:2afd:0:1;
|
||||
neighbor as 56890;
|
||||
}
|
||||
|
||||
template bgp decix_ham_v6 from decix_v6 {
|
||||
local 2001:7f8:3d:0:3:2afd:0:1;
|
||||
neighbor as 43252;
|
||||
}
|
||||
|
||||
template bgp decix_muc_v6 from decix_v6 {
|
||||
local 2001:7f8:44:0:3:2afd:0:1;
|
||||
neighbor as 47228;
|
||||
}
|
||||
|
||||
# Frankfurt
|
||||
protocol bgp decix_fra_rs1_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankfurt: RS1 (v4)";
|
||||
|
||||
neighbor 80.81.192.157;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_rs1_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankfurt: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8::1a27:5051:c09d;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_rs2_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankfurt: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8::1a27:5051:c19d;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_bh_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankfurt: Blackholing (v6)";
|
||||
|
||||
neighbor 2001:7f8::1a27:5051:c09e;
|
||||
|
||||
ipv6 {
|
||||
table ebgp_v6_bh;
|
||||
};
|
||||
}
|
||||
|
||||
# Hamburg
|
||||
protocol bgp decix_ham_rs1_v4 from decix_ham_v4 {
|
||||
description "DE-CIX Hamburg: RS1 (v4)";
|
||||
|
||||
neighbor 80.81.203.252;
|
||||
}
|
||||
|
||||
protocol bgp decix_ham_rs2_v4 from decix_ham_v4 {
|
||||
description "DE-CIX Hamburg: RS2 (v4)";
|
||||
|
||||
neighbor 80.81.203.253;
|
||||
}
|
||||
|
||||
protocol bgp decix_ham_rs1_v6 from decix_ham_v6 {
|
||||
description "DE-CIX Hamburg: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:3d::a8f4:0:1;
|
||||
}
|
||||
|
||||
protocol bgp decix_ham_rs2_v6 from decix_ham_v6 {
|
||||
description "DE-CIX Hamburg: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:3d::a8f4:0:2;
|
||||
}
|
||||
|
||||
# Düsseldorf
|
||||
protocol bgp decix_dus_rs1_v4 from decix_dus_v4 {
|
||||
description "DE-CIX Düsseldorf: RS1 (v4)";
|
||||
|
||||
neighbor 185.1.170.252;
|
||||
}
|
||||
|
||||
protocol bgp decix_dus_rs2_v4 from decix_dus_v4 {
|
||||
description "DE-CIX Düsseldorf: RS2 (v4)";
|
||||
|
||||
neighbor 185.1.171.252;
|
||||
}
|
||||
|
||||
protocol bgp decix_dus_rs1_v6 from decix_dus_v6 {
|
||||
description "DE-CIX Düsseldorf: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:9e::de3a:fc:1;
|
||||
}
|
||||
|
||||
protocol bgp decix_dus_rs2_v6 from decix_dus_v6 {
|
||||
description "DE-CIX Düsseldorf: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:9e::de3a:fd:1;
|
||||
}
|
||||
|
||||
# München
|
||||
protocol bgp decix_muc_rs1_v4 from decix_muc_v4 {
|
||||
description "DE-CIX München: RS1 (v4)";
|
||||
|
||||
neighbor 80.81.202.252;
|
||||
}
|
||||
|
||||
protocol bgp decix_muc_rs2_v4 from decix_muc_v4 {
|
||||
description "DE-CIX München: RS2 (v4)";
|
||||
|
||||
neighbor 80.81.202.253;
|
||||
}
|
||||
|
||||
protocol bgp decix_muc_rs1_v6 from decix_muc_v6 {
|
||||
description "DE-CIX München: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:44::b87c:0:1;
|
||||
}
|
||||
|
||||
protocol bgp decix_muc_rs2_v6 from decix_muc_v6 {
|
||||
description "DE-CIX München: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:44::b87c:0:2;
|
||||
}
|
||||
|
||||
#
|
||||
# Public Peerings
|
||||
|
||||
# HE
|
||||
protocol bgp decix_fra_he_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankfurt: Hurricane Electric (v6)";
|
||||
|
||||
neighbor 2001:7f8::1b1b:0:1 as 6939;
|
||||
}
|
||||
|
||||
# Facebook
|
||||
protocol bgp decix_muc_facebook_rs1_v6 from decix_muc_v6 {
|
||||
description "DE-CIX Mün: Facebook RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:44::80a6:0:1 as 32934;
|
||||
}
|
||||
|
||||
protocol bgp decix_muc_facebook_rs2_v6 from decix_muc_v6 {
|
||||
description "DE-CIX München: Facebook: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:44::80a6:0:2 as 32934;
|
||||
}
|
||||
|
||||
# Asympto
|
||||
protocol bgp decix_fra_asympto_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankfurt: Asympto (v4)";
|
||||
|
||||
neighbor 80.81.196.144 as 39533;
|
||||
|
||||
ipv4 {
|
||||
import limit 100000;
|
||||
|
||||
export filter {
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
|
||||
if ebgp_export_v4() then
|
||||
accept;
|
||||
else
|
||||
reject;
|
||||
};
|
||||
|
||||
preference 80;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_asympto_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankfurt: Asympto (v6)";
|
||||
|
||||
neighbor 2001:7f8::9a6d:0:2 as 39533;
|
||||
|
||||
ipv6 {
|
||||
import limit 100000;
|
||||
|
||||
export filter {
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
|
||||
if ebgp_export_v6() then
|
||||
accept;
|
||||
else
|
||||
reject;
|
||||
};
|
||||
|
||||
preference 80;
|
||||
};
|
||||
}
|
||||
|
||||
# Cloudflare
|
||||
protocol bgp decix_fra_cloudflare_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Cloudflare (v4)";
|
||||
|
||||
neighbor 80.81.194.180 as 13335;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_cloudflare_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Cloudflare (v6)";
|
||||
|
||||
neighbor 2001:7f8::3417:0:1 as 13335;
|
||||
}
|
||||
|
||||
# Akamai
|
||||
protocol bgp decix_fra_akamai_rs1_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Akamai RS1 (v4)";
|
||||
|
||||
neighbor 80.81.192.28 as 20940;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_akamai_rs2_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Akamai RS2 (v4)";
|
||||
|
||||
neighbor 80.81.192.168 as 20940;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_akamai_rs3_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Akamai RS3 (v4)";
|
||||
|
||||
neighbor 80.81.195.168 as 20940;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_akamai_rs1_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Akamai RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8::51cc:0:28 as 20940;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_akamai_rs2_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Akamai RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8::51cc:0:168 as 20940;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_akamai_rs3_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Akamai RS3 (v6)";
|
||||
|
||||
neighbor 2001:7f8::51cc:1:168 as 20940;
|
||||
}
|
||||
|
||||
# Apple
|
||||
protocol bgp decix_fra_apple_rs1_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Apple RS1 (v4)";
|
||||
|
||||
neighbor 80.81.193.202 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs2_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Apple RS2 (v4)";
|
||||
|
||||
neighbor 80.81.193.223 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs3_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Apple RS3 (v4)";
|
||||
|
||||
neighbor 80.81.194.171 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs4_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: Apple RS4 (v4)";
|
||||
|
||||
neighbor 80.81.194.161 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs1_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Apple RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8::2ca:0:1 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs2_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Apple RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8::2ca:0:2 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs3_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Apple RS3 (v6)";
|
||||
|
||||
neighbor 2001:7f8::2ca:0:3 as 714;
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_apple_rs4_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: Apple RS4 (v6)";
|
||||
|
||||
neighbor 2001:7f8::2ca:0:4 as 714;
|
||||
}
|
||||
|
||||
# DFN Frankfurt
|
||||
protocol bgp decix_fra_dfn_rs1_v4 from decix_fra_v4 {
|
||||
description "DE-CIX Frankurt: DFN RS1 (v4)";
|
||||
|
||||
neighbor 80.81.192.222 as 680;
|
||||
|
||||
ipv4 {
|
||||
import limit 800;
|
||||
};
|
||||
|
||||
password "the3eeNu";
|
||||
}
|
||||
|
||||
protocol bgp decix_fra_dfn_rs1_v6 from decix_fra_v6 {
|
||||
description "DE-CIX Frankurt: DFN RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8::2a8:0:1 as 680;
|
||||
|
||||
ipv6 {
|
||||
import limit 100;
|
||||
};
|
||||
|
||||
password "the3eeNu";
|
||||
}
|
||||
|
||||
# DFN Hamburg
|
||||
template bgp decix_ham_dfn_v4 from decix_ham_v4 {
|
||||
|
||||
ipv4 {
|
||||
import limit 800;
|
||||
};
|
||||
|
||||
password "the3eeNu";
|
||||
|
||||
neighbor as 680;
|
||||
}
|
||||
|
||||
template bgp decix_ham_dfn_v6 from decix_ham_v6 {
|
||||
|
||||
ipv6 {
|
||||
import limit 100;
|
||||
};
|
||||
|
||||
password "the3eeNu";
|
||||
|
||||
neighbor as 680;
|
||||
}
|
||||
|
||||
protocol bgp decix_ham_dfn_rs1_v4 from decix_ham_dfn_v4 {
|
||||
description "DE-CIX Hamburg: DFN RS1 (v4)";
|
||||
|
||||
neighbor 80.81.203.118;
|
||||
}
|
||||
|
||||
protocol bgp decix_ham_dfn_rs1_v6 from decix_ham_dfn_v6 {
|
||||
description "DE-CIX Hamburg: DFN RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:3d::2a8:0:1;
|
||||
}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
protocol static static_roa_dn42_v4 {
|
||||
roa4 {
|
||||
table roa_dn42_v4;
|
||||
};
|
||||
|
||||
include "/var/lib/bird/bird_roa_dn42_v4.conf";
|
||||
}
|
||||
|
||||
protocol static static_roa_dn42_v6 {
|
||||
roa6 {
|
||||
table roa_dn42_v6;
|
||||
};
|
||||
|
||||
include "/var/lib/bird/bird_roa_dn42_v6.conf";
|
||||
}
|
||||
|
||||
include "/etc/bird/protocols/dn42/*.conf";
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
protocol bgp dn42_burble from dn42_peer_v46 {
|
||||
description "dn42: burble";
|
||||
|
||||
local fd42:4dd0:ff00::3;
|
||||
neighbor fd42:4242:2601:23::1 as 4242422601;
|
||||
}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
protocol bgp dn42_doxz_v4 from dn42_peer_v4 {
|
||||
description "dn42: doxz (v4)";
|
||||
|
||||
interface "wg-doxz";
|
||||
|
||||
local 172.23.156.66;
|
||||
neighbor 172.22.159.62 as 4242422904;
|
||||
}
|
||||
|
||||
protocol bgp dn42_doxz_v6 from dn42_peer_v6 {
|
||||
description "dn42: doxz (v6)";
|
||||
|
||||
interface "wg-doxz";
|
||||
|
||||
local fd42:4dd0:ff00::1;
|
||||
neighbor fdfc:694e:234f::1 as 4242422904;
|
||||
}
|
||||
|
|
@ -1,81 +0,0 @@
|
|||
ipv4 table dn42_grc_v4;
|
||||
ipv6 table dn42_grc_v6;
|
||||
|
||||
protocol bgp dn42_grc_export {
|
||||
disabled yes;
|
||||
|
||||
description "dn42: Global Route Collector Export (burble)";
|
||||
local fd42:4dd0:ff00::1 as my_dn42_asn;
|
||||
neighbor fd42:4242:2601:ac12::1 as 4242422602;
|
||||
|
||||
multihop;
|
||||
|
||||
ipv4 {
|
||||
add paths tx;
|
||||
|
||||
table dn42_v4;
|
||||
|
||||
export all;
|
||||
import none;
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
add paths tx;
|
||||
|
||||
table dn42_v6;
|
||||
|
||||
export all;
|
||||
import none;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp dn42_grc_import {
|
||||
disabled yes;
|
||||
|
||||
description "dn42: Global Route Collector Import (burble)";
|
||||
|
||||
local fd42:4dd0:ff00::1:1 as my_dn42_asn;
|
||||
neighbor fd42:4242:2601:ac12::1 as 4242422602;
|
||||
|
||||
mrtdump all;
|
||||
multihop;
|
||||
|
||||
ipv4 {
|
||||
add paths rx;
|
||||
table dn42_grc_v4;
|
||||
|
||||
export none;
|
||||
import all;
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
add paths rx;
|
||||
table dn42_grc_v6;
|
||||
|
||||
export none;
|
||||
import all;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp dn42_grc_peer {
|
||||
description "dn42: Global Route Collector Peer";
|
||||
|
||||
local 2a09:11c0:200::14 as my_dn42_asn;
|
||||
neighbor range 2a09:11c0:200::/48 internal;
|
||||
|
||||
ipv4 {
|
||||
add paths tx;
|
||||
table dn42_grc_v4;
|
||||
|
||||
export all;
|
||||
import none;
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
add paths tx;
|
||||
table dn42_grc_v6;
|
||||
|
||||
export all;
|
||||
import none;
|
||||
};
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
#mrtdump "/mnt/mrt/bird/msgs_dn42_grc_2020-05-08.mrt";
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
template bgp dn42_idfx from dn42_peer_v46 {
|
||||
neighbor port 1179 as 4242422345;
|
||||
local port 1179;
|
||||
}
|
||||
|
||||
protocol bgp dn42_idfx_derhr1 from dn42_idfx {
|
||||
description "dn42: idfx-derhr1";
|
||||
|
||||
local fd42:4dd0:ff00::4;
|
||||
neighbor fdb0:4339:ffff::106;
|
||||
}
|
||||
|
||||
protocol bgp dn42_idfx_uslxa1 from dn42_idfx {
|
||||
description "dn42: idfx-uslxa1";
|
||||
|
||||
local fd42:4dd0:ff00::5;
|
||||
neighbor fdb0:4339:ffff::108;
|
||||
}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
protocol bgp dn42_kioubit_v4 from dn42_peer_v4 {
|
||||
description "dn42: kioubit (v4)";
|
||||
|
||||
interface "wg-kioubit";
|
||||
|
||||
local 172.23.156.71;
|
||||
neighbor 172.20.53.97 as 4242423914;
|
||||
}
|
||||
|
||||
protocol bgp dn42_kioubit_v6 from dn42_peer_v6 {
|
||||
description "dn42: kioubit (v6)";
|
||||
|
||||
interface "wg-kioubit";
|
||||
|
||||
local fe80::1337;
|
||||
neighbor fe80::ade0 as 4242423914;
|
||||
}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
protocol bgp dn42_tbspace_v4 from dn42_peer_v4 {
|
||||
description "dn42: tbspace (v4)";
|
||||
|
||||
interface "wg-tbspace";
|
||||
|
||||
local 172.23.156.65;
|
||||
neighbor 172.23.235.1 as 76190;
|
||||
}
|
||||
|
||||
protocol bgp dn42_tbspace_v6 from dn42_peer_v6 {
|
||||
description "dn42: tbspace (v6)";
|
||||
|
||||
interface "wg-tbspace";
|
||||
|
||||
local fe80::1337;
|
||||
neighbor fe80::1299:e as 76190;
|
||||
}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
template bgp evix_v6 from ebgp_peer_v6 {
|
||||
local 2602:fed2:fff:ffff::233;
|
||||
}
|
||||
|
||||
protocol bgp evix_rs1_v6 from evix_v6 {
|
||||
description "EVIX Amsterdam: RS1 (v6)";
|
||||
|
||||
neighbor 2602:fed2:fff:ffff::1 as 137933;
|
||||
}
|
||||
|
||||
protocol bgp evix_rs2_v6 from evix_v6 {
|
||||
description "EVIX Amsterdam: RS2 (v6)";
|
||||
|
||||
neighbor 2602:fed2:fff:ffff::253 as 209762;
|
||||
}
|
||||
|
|
@ -1,26 +1,51 @@
|
|||
protocol bgp moon from rr_clients {
|
||||
description "iBGP: moon.0l.de";
|
||||
template bgp rr_clients {
|
||||
local as 207613;
|
||||
neighbor as 207613;
|
||||
rr client;
|
||||
rr cluster id 172.23.156.4;
|
||||
|
||||
local 2a09:11c0:200::14;
|
||||
neighbor 2a09:11c0:200::2;
|
||||
ipv4 {
|
||||
import keep filtered;
|
||||
import filter ibgp_import_v4;
|
||||
export filter ibgp_export_v4;
|
||||
next hop self;
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
import keep filtered;
|
||||
import filter ibgp_import_v6;
|
||||
export filter ibgp_export_v6;
|
||||
next hop self;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp edgy from rr_clients {
|
||||
description "iBGP: edgy.int.0l.de";
|
||||
|
||||
local 2a09:11c0:200::6;
|
||||
neighbor 2a09:11c0:200::7;
|
||||
|
||||
bfd yes;
|
||||
}
|
||||
|
||||
protocol bgp rpi from rr_clients {
|
||||
description "iBGP: rpi.home.0l.de";
|
||||
protocol bgp k8s_2_v4 from rr_clients {
|
||||
description "iBGP: k8s-2.acs.vms.0l.de";
|
||||
|
||||
local 2a09:11c0:200::14;
|
||||
neighbor 2a09:11c0:200::3;
|
||||
local 172.23.156.6;
|
||||
neighbor 172.23.156.130;
|
||||
|
||||
bfd yes;
|
||||
ipv4 {
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp acs from rr_clients {
|
||||
description "iBGP: acs.0l.de";
|
||||
protocol bgp k8s_2_v6 from rr_clients {
|
||||
description "iBGP: k8s-2.acs.vms.0l.de";
|
||||
|
||||
local 2a09:11c0:200::7;
|
||||
neighbor 2a09:11c0:200::6;
|
||||
local 2a09:11c0:200::6;
|
||||
neighbor 2a09:11c0:200:103:f0f4:8dff:fed4:d18d;
|
||||
|
||||
bfd yes;
|
||||
ipv6 {
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
template bgp idfx {
|
||||
local as my_ripe_asn;
|
||||
|
||||
ipv4 {
|
||||
import keep filtered;
|
||||
import where is_idfx();
|
||||
|
||||
export filter {
|
||||
if !is_mine() then
|
||||
reject;
|
||||
|
||||
if source = RTS_STATIC || source = RTS_DEVICE then
|
||||
bgp_local_pref = 200;
|
||||
|
||||
accept;
|
||||
};
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
import keep filtered;
|
||||
import where is_idfx();
|
||||
export where is_mine();
|
||||
};
|
||||
|
||||
allow bgp_local_pref yes;
|
||||
}
|
||||
|
||||
protocol bgp idfx_derhr1 from idfx {
|
||||
description "iBGP: idfx-derhr1";
|
||||
|
||||
local fd42:4dd0:ff00::4;
|
||||
neighbor fdb0:4339:ffff::106 as 4243390106;
|
||||
}
|
||||
|
||||
protocol bgp idfx_uslxa1 from idfx {
|
||||
description "iBGP: idfx-uslxa1";
|
||||
|
||||
local fd42:4dd0:ff00::5;
|
||||
neighbor fdb0:4339:ffff::108 as 4243390108;
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
protocol bgp k8s_0_v4 from rr_clients {
|
||||
description "iBGP: k8s-0.edgy.vms.0l.de";
|
||||
|
||||
local 172.23.156.14;
|
||||
neighbor 172.23.156.183;
|
||||
|
||||
ipv4 {
|
||||
export none;
|
||||
|
||||
aigp originate;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp k8s_0_v6 from rr_clients {
|
||||
description "iBGP: k8s-0.edgy.vms.0l.de";
|
||||
|
||||
local 2a09:11c0:200::14;
|
||||
neighbor 2a09:11c0:200:101:5054:ff:fe3e:5017;
|
||||
|
||||
ipv6 {
|
||||
export none;
|
||||
|
||||
aigp originate;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,65 +1,17 @@
|
|||
protocol kernel kernel_v4 {
|
||||
protocol kernel {
|
||||
ipv4 {
|
||||
import none;
|
||||
export where source != RTS_DEVICE && net.len > 0 && dest != RTD_UNREACHABLE;
|
||||
import all;
|
||||
export where proto !~ "direct*";
|
||||
};
|
||||
|
||||
metric 0;
|
||||
learn;
|
||||
}
|
||||
|
||||
protocol kernel kernel_v6 {
|
||||
protocol kernel {
|
||||
ipv6 {
|
||||
import none;
|
||||
export where source != RTS_DEVICE && net.len > 0 && dest != RTD_UNREACHABLE;
|
||||
import all;
|
||||
export where proto !~ "direct*";
|
||||
};
|
||||
|
||||
metric 0;
|
||||
}
|
||||
|
||||
protocol kernel kernel_dn42_v4 {
|
||||
kernel table krt_dn42;
|
||||
|
||||
ipv4 {
|
||||
table dn42_v4;
|
||||
|
||||
import none;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
|
||||
protocol kernel kernel_dn42_v6 {
|
||||
kernel table krt_dn42;
|
||||
|
||||
ipv6 {
|
||||
table dn42_v6;
|
||||
|
||||
import none;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
|
||||
protocol kernel kernel_ebgp_v6 {
|
||||
kernel table krt_ebgp;
|
||||
|
||||
ipv6 {
|
||||
table ebgp_v6;
|
||||
|
||||
export where source != RTS_DEVICE;
|
||||
import none;
|
||||
};
|
||||
|
||||
metric 0;
|
||||
}
|
||||
|
||||
protocol kernel kernel_ebgp_v4 {
|
||||
kernel table krt_ebgp;
|
||||
|
||||
ipv4 {
|
||||
table ebgp_v4;
|
||||
|
||||
export where source != RTS_DEVICE;
|
||||
import none;
|
||||
};
|
||||
|
||||
metric 0;
|
||||
learn;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,77 +0,0 @@
|
|||
template bgp kleyrex_fra_v4 from ebgp_peer_v4 {
|
||||
local 193.189.83.14;
|
||||
neighbor as 31142;
|
||||
|
||||
ipv4 {
|
||||
preference 120;
|
||||
};
|
||||
|
||||
graceful restart on;
|
||||
}
|
||||
|
||||
template bgp kleyrex_fra_v6 from ebgp_peer_v6 {
|
||||
local 2001:7f8:33::A120:7613:1;
|
||||
neighbor as 31142;
|
||||
|
||||
ipv6 {
|
||||
preference 120;
|
||||
};
|
||||
|
||||
graceful restart on;
|
||||
}
|
||||
|
||||
protocol bgp kleyrex_fra_rs1_v6 from kleyrex_fra_v6 {
|
||||
description "KleyRex Frankfurt: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:33::a103:1142:1;
|
||||
}
|
||||
|
||||
protocol bgp kleyrex_fra_rs2_v6 from kleyrex_fra_v6 {
|
||||
description "KleyRex Frankfurt: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:33::a103:1142:2;
|
||||
}
|
||||
|
||||
protocol bgp kleyrex_fra_rs3_v6 from kleyrex_fra_v6 {
|
||||
description "KleyRex Frankfurt: RS3 (v6)";
|
||||
|
||||
neighbor 2001:7f8:33::a103:1142:3;
|
||||
}
|
||||
|
||||
# Public Peerings
|
||||
#
|
||||
|
||||
# 4b42
|
||||
protocol bgp kleyrex_fra_4b42_v4 from kleyrex_fra_v4 {
|
||||
description "KleyRex Frankfurt: 4b42 (v4)";
|
||||
|
||||
ipv4 {
|
||||
preference 50;
|
||||
};
|
||||
|
||||
neighbor 193.189.82.80 as 60474;
|
||||
}
|
||||
|
||||
protocol bgp kleyrex_fra_4b42_v6 from kleyrex_fra_v6 {
|
||||
description "KleyRex Frankfurt: 4b42 (v6)";
|
||||
|
||||
ipv6 {
|
||||
preference 50;
|
||||
};
|
||||
|
||||
neighbor 2001:7f8:33::a106:474:1 as 60474;
|
||||
}
|
||||
|
||||
# VNP Digital
|
||||
protocol bgp kleyrex_fra_vnp_v4 from kleyrex_fra_v4 {
|
||||
description "KleyRex Frankfurt: VNP Digital (v4)";
|
||||
|
||||
neighbor 193.189.82.10 as 208976;
|
||||
}
|
||||
|
||||
protocol bgp kleyrex_fra_vnp_v6 from kleyrex_fra_v6 {
|
||||
description "KleyRex Frankfurt: VNP Digital (v6)";
|
||||
|
||||
neighbor 2001:7f8:33::A120:8976:1 as 208976;
|
||||
}
|
||||
|
||||
|
|
@ -1,80 +0,0 @@
|
|||
template bgp locix_fra_v4 from ebgp_peer_v4 {
|
||||
local 185.1.166.174;
|
||||
neighbor as 202409;
|
||||
|
||||
ipv4 {
|
||||
preference 110;
|
||||
};
|
||||
|
||||
graceful restart on;
|
||||
}
|
||||
|
||||
template bgp locix_fra_v6 from ebgp_peer_v6 {
|
||||
local 2001:7f8:f2:e1:0:a520:7613:1;
|
||||
neighbor as 202409;
|
||||
|
||||
ipv6 {
|
||||
preference 110;
|
||||
};
|
||||
|
||||
graceful restart on;
|
||||
}
|
||||
|
||||
protocol bgp locix_fra_rs1_v6 from locix_fra_v6 {
|
||||
description "LocIX Frankfurt: RS1 (v6)";
|
||||
|
||||
neighbor 2001:7f8:f2:e1::babe:1;
|
||||
}
|
||||
|
||||
protocol bgp locix_fra_rs2_v6 from locix_fra_v6 {
|
||||
description "LocIX Frankfurt: RS2 (v6)";
|
||||
|
||||
neighbor 2001:7f8:f2:e1::dead:1;
|
||||
}
|
||||
|
||||
protocol bgp locix_fra_rs3_v6 from locix_fra_v6 {
|
||||
description "LocIX Frankfurt: RS3 (v6)";
|
||||
|
||||
neighbor 2001:7f8:f2:e1::be5a;
|
||||
}
|
||||
|
||||
# iFog.ch
|
||||
protocol bgp locix_fra_ifog_v4 from locix_fra_v4 {
|
||||
description "LocIX Frankfurt: iFog (v4)";
|
||||
|
||||
neighbor 185.1.166.134 as 34927;
|
||||
|
||||
ipv4 {
|
||||
preference 90; # max MTU < 1500 ?:(
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp locix_fra_ifog_v6 from locix_fra_v6 {
|
||||
description "LocIX Frankfurt: iFog (v6)";
|
||||
|
||||
neighbor 2001:7f8:f2:e1:0:a120:4927:1 as 34927;
|
||||
|
||||
ipv6 {
|
||||
preference 90; # max MTU < 1500 ?:(
|
||||
};
|
||||
}
|
||||
|
||||
# AS112
|
||||
protocol bgp locix_fra_as112_v6 from locix_fra_v6 {
|
||||
description "LocIX Frankfurt: AS112 (v6)";
|
||||
|
||||
neighbor 2001:7f8:f2:e1::112 as 112;
|
||||
}
|
||||
|
||||
# Nato Research Ltd.
|
||||
protocol bgp locix_fra_nato_v4 from locix_fra_v4 {
|
||||
description "LocIX Frankfurt: Nato Research Ltd";
|
||||
|
||||
neighbor 185.1.166.227 as 46997;
|
||||
}
|
||||
|
||||
protocol bgp locix_fra_nato_v6 from locix_fra_v6 {
|
||||
description "LocIX Frankfurt: Nato Research Ltd";
|
||||
|
||||
neighbor 2001:7f8:f2:e1:0:a4:6997:1 as 46997;
|
||||
}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
protocol bgp meerfarbig from ebgp_peer_v6 {
|
||||
description "meerfarbig (v6)";
|
||||
|
||||
local 2a00:f820:457::2;
|
||||
neighbor 2a00:f820:457::1 as 34549;
|
||||
}
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
protocol mrt {
|
||||
description "MRT Dumper";
|
||||
|
||||
disabled yes;
|
||||
|
||||
table "dn42_grc_*";
|
||||
where source = RTS_BGP;
|
||||
filename "/mnt/mrt/bird/%N_%F_%T.mrt";
|
||||
period 300;
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
protocol bgp tb_openfactory from ebgp_peer_v6 {
|
||||
description "Openfactory Freetransit";
|
||||
|
||||
local 2a01:20e:1000:133::2;
|
||||
neighbor 2a01:20e:1000:133::1 as 41051;
|
||||
|
||||
ipv6 {
|
||||
preference 80;
|
||||
|
||||
export filter {
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
|
||||
if ebgp_export_v6() then
|
||||
accept;
|
||||
else
|
||||
reject;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
include "/var/lib/bird/ripe_rcc_beacons.conf";
|
||||
|
||||
template bgp ripe_rcc_v4 {
|
||||
local 80.81.196.155 as 207613;
|
||||
neighbor as 12654;
|
||||
|
||||
ipv4 {
|
||||
table ebgp_v4;
|
||||
|
||||
import where net ~ ripe_rcc_beacons_v4;
|
||||
export none;# !!!! our ebgp_v4 table is bogus !!!!
|
||||
};
|
||||
}
|
||||
|
||||
template bgp ripe_rcc_v6 {
|
||||
local 2001:7f8::3:2afd:0:1 as 207613;
|
||||
neighbor as 12654;
|
||||
|
||||
ipv6 {
|
||||
table ebgp_v6;
|
||||
|
||||
import where net ~ ripe_rcc_beacons_v6;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp ripe_rrc12_v4 from ripe_rcc_v4 {
|
||||
description "RIPE RIS Route Collector RRC12 (v4)";
|
||||
|
||||
neighbor 80.81.192.152;
|
||||
}
|
||||
|
||||
protocol bgp ripe_rrc12_v6 from ripe_rcc_v6 {
|
||||
description "RIPE RIS Route Collector RRC12 (v6)";
|
||||
|
||||
neighbor 2001:7f8::316e:0:1;
|
||||
}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
protocol rpki {
|
||||
roa6 {
|
||||
table roa_v6;
|
||||
};
|
||||
|
||||
remote "10.43.141.166" port 3323;
|
||||
|
||||
retry keep 90;
|
||||
refresh keep 900;
|
||||
expire keep 172800;
|
||||
}
|
||||
|
|
@ -1,91 +1,45 @@
|
|||
protocol static static_v4 {
|
||||
ipv4 {
|
||||
table master4;
|
||||
};
|
||||
protocol static {
|
||||
check link yes;
|
||||
|
||||
# mail.0l.de
|
||||
route 31.47.232.67/32
|
||||
via "virbr1";
|
||||
route 134.61.120.0/22
|
||||
via "tun0"; # ITC iDRACs
|
||||
|
||||
# hap-0.0l.de
|
||||
route 31.47.232.68/32
|
||||
via "virbr1";
|
||||
route 134.130.43.208/30
|
||||
via "tun0"; # ITC deploy1-jh.itc.rwth-aachen.de
|
||||
|
||||
# k8s.0l.de
|
||||
route 31.47.232.69/32
|
||||
via "virbr1";
|
||||
route 137.226.50.224/27
|
||||
via "tun0"; # Jupyter
|
||||
|
||||
# tor.edgy.vms.0l.de
|
||||
route 31.47.232.70/32
|
||||
via "virbr1";
|
||||
route 137.226.254.0/23
|
||||
via "tun0"; # EONERC office network
|
||||
|
||||
# Internal Transport
|
||||
route 172.23.156.0/27
|
||||
reject;
|
||||
route 134.130.48.0/24
|
||||
via "tun0"; # EONERC server network
|
||||
|
||||
route 172.20.0.0/14
|
||||
reject;
|
||||
route 137.226.81.156/32
|
||||
via "tun0"; # efs-itc01.eonerc.rwth-aachen.de
|
||||
|
||||
# Marienstrasse
|
||||
route 192.168.178.0/24
|
||||
via 172.23.156.9;
|
||||
route 134.130.0.0/16
|
||||
via 134.130.169.1
|
||||
via 137.226.133.129;
|
||||
|
||||
route 0.0.0.0/0
|
||||
via 31.47.232.65;
|
||||
route 134.61.0.0/16
|
||||
via 134.130.169.1
|
||||
via 137.226.133.129;
|
||||
|
||||
route 137.226.0.0/16
|
||||
via 134.130.169.1
|
||||
via 137.226.133.129;
|
||||
|
||||
route 192.35.229.0/24
|
||||
via 134.130.169.1
|
||||
via 137.226.133.129;
|
||||
|
||||
# lian.0l.de
|
||||
route 178.202.247.4/32
|
||||
via 134.130.169.1;
|
||||
# via 137.226.133.129;
|
||||
|
||||
ipv4;
|
||||
}
|
||||
|
||||
protocol static static_v6 {
|
||||
ipv6 {
|
||||
table master6;
|
||||
};
|
||||
|
||||
# NAT64
|
||||
route 2a09:11c0:201::/96 reject;
|
||||
|
||||
# Docker on fedora-ws.edgy.vms.0l.de
|
||||
route 2a09:11c0:200:1100::/64
|
||||
via 2a09:11c0:200:101:5054:ff:fe99:c5c4;
|
||||
|
||||
route ::/0 reject;
|
||||
}
|
||||
|
||||
protocol static static_ebgp_v6 {
|
||||
ipv6 {
|
||||
table ebgp_v6;
|
||||
};
|
||||
|
||||
# My own prefixes for eBGP announcement
|
||||
route 2a09:11c0:203::/48 reject;
|
||||
|
||||
route 2a0e:97c7:100::/44 reject;
|
||||
route 2a09:11c0:200::/44 reject;
|
||||
route 2a09:4c2:1b::/48 reject;
|
||||
}
|
||||
|
||||
protocol static static_ebgp_v4 {
|
||||
ipv4 {
|
||||
table ebgp_v4;
|
||||
};
|
||||
|
||||
# For wireguard
|
||||
route 0.0.0.0/0 via 31.47.232.65;
|
||||
route 31.47.232.64/29 via "eno1";
|
||||
}
|
||||
|
||||
protocol static static_dn42_v4 {
|
||||
ipv4 {
|
||||
table dn42_v4;
|
||||
};
|
||||
|
||||
route 172.23.156.0/23
|
||||
reject;
|
||||
}
|
||||
|
||||
protocol static static_dn42_v6 {
|
||||
ipv6 {
|
||||
table dn42_v6;
|
||||
};
|
||||
|
||||
route fd42:4dd0:ff00::/48
|
||||
reject;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
protocol bgp tb_he1 from ebgp_peer_v6 {
|
||||
description "tunnelserver.net (Hurricane Electric)";
|
||||
|
||||
local 2001:470:12:1ab::2;
|
||||
neighbor 2001:470:12:1ab::1 as 6939;
|
||||
|
||||
ipv6 {
|
||||
preference 80;
|
||||
|
||||
export filter {
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
bgp_path = prepend(bgp_path, my_ripe_asn);
|
||||
|
||||
if ebgp_export_v6() then
|
||||
accept;
|
||||
else
|
||||
reject;
|
||||
};
|
||||
};
|
||||
}
|
||||
20
tables.conf
20
tables.conf
|
|
@ -1,20 +0,0 @@
|
|||
# Kernel routing tables
|
||||
define krt_main = 254;
|
||||
define krt_local = 255;
|
||||
define krt_default = 253;
|
||||
define krt_ebgp = 100;
|
||||
define krt_dn42 = 101;
|
||||
|
||||
# Bird tables
|
||||
ipv4 table ebgp_v4;
|
||||
|
||||
ipv6 table ebgp_v6_bh; # Blackholing
|
||||
ipv6 table ebgp_v6;
|
||||
roa6 table roa_v6;
|
||||
|
||||
ipv4 table dn42_v4;
|
||||
roa4 table roa_dn42_v4;
|
||||
|
||||
ipv6 table dn42_v6;
|
||||
roa6 table roa_dn42_v6;
|
||||
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
template bgp dn42_peer {
|
||||
local as my_dn42_asn;
|
||||
|
||||
graceful restart on;
|
||||
}
|
||||
|
||||
template bgp dn42_peer_v46 from dn42_peer {
|
||||
ipv4 {
|
||||
table dn42_v4;
|
||||
|
||||
import keep filtered;
|
||||
import where dn42_import_v4();
|
||||
export where dn42_export_v4();
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
table dn42_v6;
|
||||
|
||||
import keep filtered;
|
||||
import where dn42_import_v6();
|
||||
export where dn42_export_v6();
|
||||
};
|
||||
}
|
||||
|
||||
template bgp dn42_peer_v4 from dn42_peer {
|
||||
ipv4 {
|
||||
table dn42_v4;
|
||||
|
||||
import keep filtered;
|
||||
import where dn42_import_v4();
|
||||
export where dn42_export_v4();
|
||||
};
|
||||
}
|
||||
|
||||
template bgp dn42_peer_v6 from dn42_peer {
|
||||
ipv6 {
|
||||
table dn42_v6;
|
||||
|
||||
import keep filtered;
|
||||
import where dn42_import_v6();
|
||||
export where dn42_export_v6();
|
||||
};
|
||||
}
|
||||
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
template bgp ebgp_peer {
|
||||
local as my_ripe_asn;
|
||||
|
||||
graceful restart on;
|
||||
allow local as 1;
|
||||
}
|
||||
|
||||
template bgp ebgp_peer_v6 from ebgp_peer {
|
||||
ipv6 {
|
||||
table ebgp_v6;
|
||||
|
||||
import keep filtered;
|
||||
import limit 100000;
|
||||
|
||||
import where ebgp_import_v6();
|
||||
export where ebgp_export_v6();
|
||||
};
|
||||
}
|
||||
|
||||
template bgp ebgp_peer_v4 from ebgp_peer {
|
||||
ipv4 {
|
||||
table ebgp_v4;
|
||||
|
||||
import keep filtered;
|
||||
import limit 200000;
|
||||
|
||||
import where ebgp_import_v4();
|
||||
export where ebgp_export_v4();
|
||||
};
|
||||
}
|
||||
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
template bgp rr_clients {
|
||||
local as my_ripe_asn;
|
||||
neighbor as my_ripe_asn;
|
||||
|
||||
rr client;
|
||||
rr cluster id 172.23.156.3;
|
||||
|
||||
direct;
|
||||
|
||||
ipv4 {
|
||||
import keep filtered;
|
||||
import where ibgp_import_v4();
|
||||
export where ibgp_export_v4();
|
||||
|
||||
next hop self;
|
||||
aigp originate;
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
import keep filtered;
|
||||
import where ibgp_import_v6();
|
||||
export where ibgp_export_v6();
|
||||
|
||||
next hop self;
|
||||
aigp originate;
|
||||
};
|
||||
}
|
||||
17
update.sh
17
update.sh
|
|
@ -1,17 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
git -C icvpn-meta/ pull
|
||||
|
||||
cd /etc/bird
|
||||
|
||||
icvpn-scripts/mkroa -s icvpn-meta > /var/lib/bird/icvpn_roa.conf
|
||||
|
||||
curl -sfSLR {-o,-z}/var/lib/bird/bird_roa_dn42_v4.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf
|
||||
curl -sfSLR {-o,-z}/var/lib/bird/bird_roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf
|
||||
|
||||
bgpq3 -b -3 -4 AS12654:RS-RIS -l "define ripe_rcc_beacons_v4" > /var/lib/bird/ripe_rcc_beacons.conf
|
||||
bgpq3 -b -3 -6 AS12654:RS-RIS -l "define ripe_rcc_beacons_v6" >> /var/lib/bird/ripe_rcc_beacons.conf
|
||||
bgpq3 -b -3 -6 AS-HETNiX -l "define hetnix_v6" > /var/lib/bird/hetnix_v6.conf
|
||||
|
||||
# Maybe do a 'birdc configure check' before?
|
||||
birdc configure
|
||||
Loading…
Add table
Reference in a new issue