table ibgp; # internal BGP peerings table ebgp; # external (icvpn) BGP peerings table freifunk; # kernel table 42 for routing from ff network define ownas = 65112; router id 10.112.1.1; # REPLACE ### functions ### # own network function is_self_net() { return (net ~ [10.112.0.0/16+]); } # freifunk ip ranges in general function is_freifunk() { return net ~ [ 10.0.0.0/8+, 104.0.0.0/8+ ]; } # dn42 ip ranges function is_dn42() { return net ~ [ 172.22.0.0/15+, 195.160.168.0/23+, 91.204.4.0/22+, 193.43.220.0/23+, 87.106.29.254/32, 85.25.246.16/28+, 46.4.248.192/27+, 94.45.224.0/19+, 195.191.196.0/23+, 80.244.241.224/27+, 46.19.90.48/28+, 46.19.90.96/28+, 178.63.170.40/32, 188.40.34.241/32, 195.16.84.40/29+, 37.1.89.160/29+, 178.33.32.123/32+, 37.1.89.160/29+, 185.28.77.16/29+, 185.28.77.192/27+, 192.175.48.0/24+ ]; } # chaosvpn ranges function is_chaos() { return net ~ [ 10.4.0.0/16+, 10.32.0.0/16+, 10.42.16.0/20+, # legacy 10.100.0.0/14+, 10.104.0.0/14+, 172.31.0.0/16+, 83.133.178.0/23+, 172.26.0.0/15+, 176.9.52.58/32+, 193.103.159.0/24+, 193.103.160.0/23+, 212.12.50.208/29+, 213.238.61.128/26+ ]; } ### kernel ### # synchronize from bird to main kernel routing table # nothing in the other direction protocol kernel k_mast { scan time 10; import where is_chaos(); export filter { krt_prefsrc = 10.112.1.1; # REPLACE accept; }; }; # synchronize from birds freifunk table to kernel routing table 42 # nothing in the other direction protocol kernel k_frei { scan time 10; table freifunk; kernel table 42; import none; export filter { krt_prefsrc = 10.112.1.1; # REPLACE accept; }; }; # this pseudo-protocol watches all interface up/down events protocol device { scan time 10; }; ### pipes ### # sync nothing from main routing table to ebgp # sync routes (not own network) from ebgp to main routing table protocol pipe p_maintbl { peer table ebgp; import where !is_self_net(); export none; }; # sync routes (not own network) from ebgp to ibgp # sync routes (all) from ibgp to ebgp protocol pipe p_ibgptbl { table ebgp; peer table ibgp; import all; export where !is_self_net(); }; # sync routes (freifunk, dn42 and chaosvpn) from ibgp to freifunk # sync nothing from freifunk to ibgp protocol pipe p_freitbl { table ibgp; peer table freifunk; import none; export where (is_freifunk() || is_dn42() || is_chaos()); }; ### static routes ### # if no openvpn is running, reject everything we do not have a route for protocol static unreachable_default { route 0.0.0.0/0 reject; table freifunk; }; protocol static static_ffhh { route 10.112.0.0/16 reject; table ebgp; }; # in hamburg we use a /18 from our /16 in the mesh # create a route for that in freifunk table protocol static local_ffhh { route 10.112.0.0/18 via "br-ffhh"; # REPLACE if interface name is not br-ffhh table freifunk; }; ### templates ### # template for same city freifunk gateways template bgp locals { table ibgp; local as ownas; import filter { preference = 99; accept; }; export where source = RTS_BGP; direct; next hop self; }; # template for icvpn gateways of other cities template bgp peers { table ebgp; local as ownas; # ignore routes for our own network import where ((is_freifunk() || is_dn42()) && !is_self_net()); export where (is_freifunk() || is_dn42()); route limit 10000; }; ### local gateways ### # remove entry of gateway where this config is used protocol bgp srv01 from locals { neighbor 10.112.1.1 as ownas; }; protocol bgp hamburg01 from locals { neighbor 10.112.14.1 as ownas; }; protocol bgp hamburg07 from locals { neighbor 10.112.16.1 as ownas; }; protocol bgp hamburg08 from locals { neighbor 10.112.22.1 as ownas; }; protocol bgp hamburg09 from locals { neighbor 10.112.24.1 as ownas; }; protocol bgp hamburg11 from locals { neighbor 10.112.28.1 as ownas; }; protocol bgp hamburg12 from locals { neighbor 10.112.30.1 as ownas; }; ### icvpn peerings ### protocol bgp Augsburg1 from peers { neighbor 10.207.0.17 as 65050; }; protocol bgp Augsburg2 from peers { neighbor 10.207.0.177 as 65070; }; protocol bgp Aurich1 from peers { neighbor 10.207.0.15 as 65047; }; protocol bgp BadZwischenahn1 from peers { neighbor 10.207.0.26 as 65512; }; protocol bgp Bayreuth1 from peers { neighbor 10.207.0.28 as 65025; }; protocol bgp Berlin1 from peers { neighbor 10.207.0.5 as 44194; }; protocol bgp Bielefeld1 from peers { neighbor 10.207.0.59 as 65529; }; protocol bgp Bielefeld2 from peers { neighbor 10.207.0.67 as 65529; }; protocol bgp Chemnitz1 from peers { neighbor 10.207.0.36 as 65053; }; protocol bgp diac24_net from peers { neighbor 10.207.2.0 as 64600; }; protocol bgp Dresden1 from peers { neighbor 10.207.0.19 as 65051; }; protocol bgp Franken1 from peers { neighbor 10.207.0.23 as 65024; }; protocol bgp Franken2 from peers { neighbor 10.207.0.24 as 65024; }; protocol bgp Franken3 from peers { neighbor 10.207.0.31 as 65024; }; protocol bgp Frankfurt1 from peers { neighbor 10.207.0.35 as 65026; }; protocol bgp Freiburg1 from peers { neighbor 10.207.0.21 as 65026; }; protocol bgp Gronau1 from peers { neighbor 10.207.0.55 as 65526; }; protocol bgp Gronau2 from peers { neighbor 10.207.0.60 as 65526; }; protocol bgp Grossdraxdorf from peers { neighbor 10.207.0.25 as 65025; }; protocol bgp Halle1 from peers { neighbor 10.207.0.13 as 65046; }; protocol bgp Halle2 from peers { neighbor 10.207.0.14 as 65046; }; protocol bgp Hannover1 from peers { neighbor 10.207.0.22 as 65511; }; protocol bgp Jena1 from peers { neighbor 10.207.0.33 as 65055; }; protocol bgp Jena2 from peers { neighbor 10.207.0.66 as 65055; }; protocol bgp Kiel4 from peers { neighbor 10.207.0.58 as 65525; }; protocol bgp Koblenz from peers { neighbor 10.207.0.32 as 65032; }; protocol bgp Koeln1 from peers { neighbor 10.207.0.57 as 65528; }; protocol bgp Leipzig1 from peers { neighbor 10.207.0.1 as 65041; }; protocol bgp Leipzig2 from peers { neighbor 10.207.0.2 as 65041; }; protocol bgp Ljubljana1 from peers { neighbor 10.207.3.23 as 65023; }; protocol bgp Ljubljana2 from peers { neighbor 10.207.3.30 as 64768; }; protocol bgp Luebeck1 from peers { neighbor 10.207.0.130 as 65052; }; protocol bgp Luebeck2 from peers { neighbor 10.207.0.131 as 65052; }; protocol bgp Mainz1 from peers { neighbor 10.207.0.37 as 65037; }; protocol bgp Oldenburg1 from peers { neighbor 10.207.0.27 as 65513; }; protocol bgp Schwarzach1 from peers { neighbor 10.207.0.56 as 65527; }; protocol bgp Treuenbrietzen from peers { neighbor 10.207.0.18 as 65045; }; protocol bgp Weimar1 from peers { neighbor 10.207.0.3 as 65042; }; protocol bgp Weimar2 from peers { neighbor 10.207.0.4 as 65042; }; protocol bgp Wermelskirchen1 from peers { neighbor 10.207.0.7 as 65530; };