New bird config version as template

This commit is contained in:
ohrensessel 2014-04-26 14:21:42 +02:00
parent 22b5b16db4
commit 7cbf9a331a

View file

@ -1,140 +1,157 @@
table ibgp; # internal BGP peerings
table ebgp; # external (icvpn) BGP peerings
table freifunk; # kernel table 42 for routing from ff network
define ownas = 65112;
router id <%= @own_ipv4 %>; router id <%= @own_ipv4 %>;
table ffhh; # BGP Peerings ### functions ###
table ibgp;
table icvpn; # BGP Peerings (ICVPN)
table freifunk; # Kernel table 42 (Routing from Freifunk networks)
function is_freifunk_dn42() {
return (net ~ [
10.0.0.0/8{12,32},
10.100.0.0/14,
172.22.0.0/15+,
172.31.0.0/16
]);
}
function is_freifunk() {
return (net ~ [10.0.0.0/8+]);
}
function is_chaosvpn() {
return (net ~ [172.31.0.0/16+]);
}
# own network
function is_self_net() { function is_self_net() {
return (net ~ [10.112.0.0/16+]); return (net ~ [10.112.0.0/16+]);
} }
function is_self() { # freifunk ip ranges in general
return (proto = "static_ffhh"); function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
} }
function is_dn42_aggregate() { # dn42 ip ranges
return (net ~ [172.22.0.0/15{16,32}]); function is_dn42() {
return net ~ [ 172.22.0.0/15+,
195.160.168.0/23+,
91.204.4.0/22+,
193.43.220.0/23+,
83.133.178.0/23+,
87.106.29.254/32,
85.25.246.16/28+,
46.4.248.192/27+,
94.45.224.0/19+,
195.191.196.0/23+,
80.244.241.224/27+,
46.19.90.48/28+,
46.19.90.96/28+,
178.63.170.40/32,
188.40.34.241/32,
195.16.84.40/29+,
37.1.89.160/29+,
178.33.32.123/32+,
37.1.89.160/29+,
185.28.77.16/29+,
185.28.77.192/27+,
192.175.48.0/24+
];
} }
filter ffhh_internal_export { ### kernel ###
if (proto = "dn42_aggregate_ffhh" || proto = "local_ffhh") then accept;
if (source != RTS_BGP && proto != "pipe_icvpn") then reject;
if (proto ~ "bgp_ibgp_*") then reject;
if (is_dn42_aggregate()) then reject;
accept;
}
# synchronize from bird to main kernel routing table
# nothing in the other direction
protocol kernel k_mast {
scan time 10;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
};
protocol pipe pipe_ffhh { # synchronize from birds freifunk table to kernel routing table 42
peer table ffhh; # nothing in the other direction
import all; protocol kernel k_frei {
scan time 10;
table freifunk;
kernel table 42;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
};
# this pseudo-protocol watches all interface up/down events
protocol device {
scan time 10;
};
### pipes ###
# sync nothing from main routing table to ebgp
# sync routes (not own network) from ebgp to main routing table
protocol pipe p_maintbl {
peer table ebgp;
import where !is_self_net();
export none; export none;
}; };
protocol pipe pipe_icvpn { # sync routes (not own network) from ebgp to ibgp
table ffhh; # sync routes (all) from ibgp to ebgp
peer table icvpn; protocol pipe p_ibgptbl {
export where is_self(); table ebgp;
import all; peer table ibgp;
mode opaque; import all;
export where !is_self_net();
}; };
protocol pipe pipe_freifunk { # sync routes (freifunk and dn42) from ibgp to freifunk
peer table freifunk; # sync nothing from freifunk to ibgp
import none; protocol pipe p_freitbl {
export all; table ibgp;
peer table freifunk;
import none;
export where (is_freifunk() || is_dn42());
}; };
protocol pipe pipe_ibgp { ### static routes ###
peer table ibgp;
import all;
export where !is_self_net();
mode opaque;
};
protocol kernel kernel_master {
scan time 20;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
};
protocol kernel kernel_freifunk {
scan time 20;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
table freifunk;
device routes;
kernel table 42;
};
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
};
# if no openvpn is running, reject everything we do not have a route for
protocol static unreachable_default { protocol static unreachable_default {
table freifunk; route 0.0.0.0/0 reject;
route 0.0.0.0/0 reject; table freifunk;
}; };
protocol static static_ffhh { protocol static static_ffhh {
table ffhh; route 10.112.0.0/16 reject;
route 10.112.0.0/16 reject; table ebgp;
}; };
# in hamburg we use a /18 from our /16 in the mesh
# create a route for that in freifunk table
protocol static local_ffhh { protocol static local_ffhh {
table ffhh; route 10.112.0.0/18 via "br-ffhh";
route 10.112.0.0/18 via "freifunk"; table freifunk;
}; };
protocol static dn42_aggregate_ffhh { ### templates ###
table ffhh;
route 172.22.0.0/15 reject; # template for same city freifunk gateways
template bgp locals {
table ibgp;
local as ownas;
import filter {
preference = 99;
accept;
};
export where source = RTS_BGP;
direct;
next hop self;
}; };
# template for icvpn gateways of other cities
template bgp bgp_ibgp { template bgp peers {
local as 65112; table ebgp;
table ibgp; local as ownas;
import filter { # ignore routes for our own network
preference = 99; import where ((is_freifunk() || is_dn42()) && !is_self_net());
accept; export where (is_freifunk() || is_dn42());
}; route limit 10000;
export all;
gateway direct;
next hop self;
}; };
template bgp bgp_icvpn { ### local gateways ###
local as 65112;
table icvpn;
import where (is_freifunk_dn42() && !is_self_net());
export all;
};
<% @peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%> <% @peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
protocol bgp <%= key %> from <%= hash["template"] %> { protocol bgp <%= key %> from <%= hash["template"] %> {
@ -142,6 +159,8 @@ protocol bgp <%= key %> from <%= hash["template"] %> {
}; };
<% end -%><% end -%> <% end -%><% end -%>
### icvpn peerings ###
<% if @gw_do_ic_peering -%> <% if @gw_do_ic_peering -%>
<% @ic_peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%> <% @ic_peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
protocol bgp <%= key %> from <%= hash["template"] %> { protocol bgp <%= key %> from <%= hash["template"] %> {