bird/bird.conf

table ibgp; # internal BGP peerings
table ebgp; # external (icvpn) BGP peerings
table freifunk; # kernel table 42 for routing from ff network

define ownas = 65112;

router id 10.112.1.1; # REPLACE

### functions ###

# own network
function is_self_net() {
    return (net ~ [10.112.0.0/16+]);
}

# freifunk ip ranges in general
function is_freifunk() {
  return net ~ [ 10.0.0.0/8+,
    104.0.0.0/8+
  ];
}

# dn42 ip ranges
function is_dn42() {
  return net ~ [ 172.22.0.0/15+,
    195.160.168.0/23+,
    91.204.4.0/22+,
    193.43.220.0/23+,
    87.106.29.254/32,
    85.25.246.16/28+,
    46.4.248.192/27+,
    94.45.224.0/19+,
    195.191.196.0/23+,
    80.244.241.224/27+,
    46.19.90.48/28+,
    46.19.90.96/28+,
    178.63.170.40/32,
    188.40.34.241/32,
    195.16.84.40/29+,
    37.1.89.160/29+,
    178.33.32.123/32+,
    37.1.89.160/29+,
    185.28.77.16/29+,
    185.28.77.192/27+,
    192.175.48.0/24+
  ];
}

# chaosvpn ranges
function is_chaos() {
  return net ~ [ 10.4.0.0/16+,
    10.32.0.0/16+,
    10.42.16.0/20+, # legacy
    10.100.0.0/14+,
    10.104.0.0/14+,
    172.31.0.0/16+,
    83.133.178.0/23+,
    172.26.0.0/15+,
    176.9.52.58/32+,
    193.103.159.0/24+,
    193.103.160.0/23+,
    212.12.50.208/29+,
    213.238.61.128/26+
  ];
}

### kernel ###

# synchronize from bird to main kernel routing table
# nothing in the other direction
protocol kernel k_mast {
    scan time 10;
    import where is_chaos(); # on chaosvpn node
    export filter {
        krt_prefsrc = 10.112.1.1; # REPLACE
        accept;
    };
};

# synchronize from birds freifunk table to kernel routing table 42
# nothing in the other direction
protocol kernel k_frei {
    scan time 10;
    table freifunk;
    kernel table 42;
    import none;
    export filter {
        krt_prefsrc = 10.112.1.1; # REPLACE
        accept;
    };
};

# this pseudo-protocol watches all interface up/down events
protocol device {
    scan time 10;
};

### pipes ###

# sync nothing from main routing table to ebgp
# sync routes (not own network) from ebgp to main routing table
protocol pipe p_maintbl {
    peer table ebgp;
    import where !is_self_net();
    export where is_chaos(); # on chaosvpn node
};

# sync routes (not own network) from ebgp to ibgp
# sync routes (all) from ibgp to ebgp
protocol pipe p_ibgptbl {
  table ebgp;
  peer table ibgp;
  import all;
  export where !is_self_net();
};

# sync routes (freifunk, dn42 and chaosvpn) from ibgp to freifunk
# sync nothing from freifunk to ibgp
protocol pipe p_freitbl {
  table ibgp;
  peer table freifunk;
  import none;
  export where (is_freifunk() || is_dn42() || is_chaos());
};

# sync routes (chaosvpn) from main routing table to freifunk
# sync nothin from freifunk to main routing table
# this is only needed on chaosvpn node
protocol pipe p_chafrei {
  peer table freifunk;
  import none;
  export where is_chaos();
}

### static routes ###

# if no openvpn is running, reject everything we do not have a route for
protocol static unreachable_default {
  route 0.0.0.0/0 reject;
  table freifunk;
};

protocol static static_ffhh {  
  route 10.112.0.0/16 reject;
  table ebgp;
};

# in hamburg we use a /18 from our /16 in the mesh
# create a route for that in freifunk table
protocol static local_ffhh {
  route 10.112.0.0/18 via "br-ffhh"; # REPLACE if interface name is not br-ffhh
  table freifunk;
};

### templates ###

# template for same city freifunk gateways
template bgp locals {
  table ibgp;
  local as ownas;
  import filter {
    preference = 99;
    accept;
  };
  export where source = RTS_BGP;
  direct;
  next hop self;
};

# template for icvpn gateways of other cities
template bgp peers {
  table ebgp;
  local as ownas;
  # ignore routes for our own network
  import where ((is_freifunk() || is_dn42()) && !is_chaos() && !is_self_net());
  export where ((is_freifunk() || is_dn42()) && !is_chaos());
  route limit 10000;
};

### local gateways ###
# remove entry of gateway where this config is used

protocol bgp srv01 from locals {
    neighbor 10.112.1.1 as ownas;
};

protocol bgp hamburg01 from locals {
    neighbor 10.112.14.1 as ownas;
};

protocol bgp hamburg07 from locals {
    neighbor 10.112.16.1 as ownas;
};

protocol bgp hamburg08 from locals {
    neighbor 10.112.22.1 as ownas;
};

protocol bgp hamburg09 from locals {
    neighbor 10.112.24.1 as ownas;
};

protocol bgp hamburg11 from locals {
    neighbor 10.112.28.1 as ownas;
};

protocol bgp hamburg12 from locals {
    neighbor 10.112.30.1 as ownas;
};

### icvpn peerings ###

protocol bgp Augsburg1 from peers {
    neighbor 10.207.0.17 as 65050;
};

protocol bgp Augsburg2 from peers {
    neighbor 10.207.0.177 as 65070;
};

protocol bgp Aurich1 from peers {
    neighbor 10.207.0.15 as 65047;
};

protocol bgp BadZwischenahn1 from peers {
    neighbor 10.207.0.26 as 65512;
};

protocol bgp Bayreuth1 from peers {
    neighbor 10.207.0.28 as 65025;
};

protocol bgp Berlin1 from peers {
    neighbor 10.207.0.5 as 44194;
};

protocol bgp Bielefeld1 from peers {
    neighbor 10.207.0.59 as 65529;
};

protocol bgp Bielefeld2 from peers {
    neighbor 10.207.0.67 as 65529;
};

protocol bgp Bremen1 from peers {
    neighbor 10.207.0.196 as 65196;
};

protocol bgp Chemnitz1 from peers {
    neighbor 10.207.0.36 as 65053;
};

protocol bgp diac24_net from peers {
    neighbor 10.207.2.0 as 64600;
};

protocol bgp Dresden1 from peers {
    neighbor 10.207.0.19 as 65051;
};

protocol bgp Franken1 from peers {
    neighbor 10.207.0.23 as 65024;
};

protocol bgp Franken2 from peers {
    neighbor 10.207.0.24 as 65024;
};

protocol bgp Franken3 from peers {
    neighbor 10.207.0.31 as 65024;
};

protocol bgp Frankfurt1 from peers {
    neighbor 10.207.0.35 as 65026;
};

protocol bgp Freiburg1 from peers {
    neighbor 10.207.0.21 as 65026;
};

protocol bgp Gronau1 from peers {
    neighbor 10.207.0.55 as 65526;
};

protocol bgp Gronau2 from peers {
    neighbor 10.207.0.60 as 65526;
};

protocol bgp Grossdraxdorf from peers {
    neighbor 10.207.0.25 as 65025;
};

protocol bgp Halle1 from peers {
    neighbor 10.207.0.13 as 65046;
};

protocol bgp Halle2 from peers {
    neighbor 10.207.0.14 as 65046;
};

protocol bgp Hannover1 from peers {
    neighbor 10.207.0.22 as 65511;
};

protocol bgp Jena1 from peers {
    neighbor 10.207.0.33 as 65055;
};

protocol bgp Jena2 from peers {
    neighbor 10.207.0.66 as 65055;
};

protocol bgp Kiel4 from peers {
    neighbor 10.207.0.58 as 65525;
};

protocol bgp Koblenz from peers {
    neighbor 10.207.0.32 as 65032;
};

protocol bgp Koeln1 from peers {
    neighbor 10.207.0.57 as 65528;
};

protocol bgp Leipzig1 from peers {
    neighbor 10.207.0.1 as 65041;
};

protocol bgp Leipzig2 from peers {
    neighbor 10.207.0.2 as 65041;
};

protocol bgp Ljubljana1 from peers {
    neighbor 10.207.3.23 as 65023;
};

protocol bgp Ljubljana2 from peers {
    neighbor 10.207.3.30 as 64768;
};

protocol bgp Luebeck1 from peers {
    neighbor 10.207.0.130 as 65052;
};

protocol bgp Luebeck2 from peers {
    neighbor 10.207.0.131 as 65052;
};

protocol bgp Mainz1 from peers {
    neighbor 10.207.0.37 as 65037;
};

protocol bgp Oldenburg1 from peers {
    neighbor 10.207.0.27 as 65513;
};

protocol bgp Schwarzach1 from peers {
    neighbor 10.207.0.56 as 65527;
};

protocol bgp Treuenbrietzen from peers {
    neighbor 10.207.0.18 as 65045;
};

protocol bgp Weimar1 from peers {
    neighbor 10.207.0.3 as 65042;
};

protocol bgp Weimar2 from peers {
    neighbor 10.207.0.4 as 65042;
};

protocol bgp Wermelskirchen1 from peers {
    neighbor 10.207.0.7 as 65530;
};

protocol bgp Wermelskirchen2 from peers {
    neighbor 10.207.0.8 as 65530;
};