bird 1.4.3 expects new bird.conf location
This commit is contained in:
Martin Schütte
parent
7b7b373de0
commit
fa0974df7c
3 changed files with 10 additions and 4 deletions
187
templates/etc/bird/bird.conf.erb
Normal file
187
templates/etc/bird/bird.conf.erb
Normal file
|
|
@ -0,0 +1,187 @@
|
|||
table ibgp; # internal BGP peerings
|
||||
table ebgp; # external (icvpn) BGP peerings
|
||||
table freifunk; # kernel table 42 for routing from ff network
|
||||
|
||||
define ownas = <%= @ff_as %>;
|
||||
|
||||
router id <%= @own_ipv4 %>;
|
||||
|
||||
### functions ###
|
||||
|
||||
# own network
|
||||
function is_self_net() {
|
||||
return (net ~ [<%= @ff_net %>+]);
|
||||
}
|
||||
|
||||
# freifunk ip ranges in general
|
||||
function is_freifunk() {
|
||||
return net ~ [ 10.0.0.0/8+,
|
||||
104.0.0.0/8+
|
||||
];
|
||||
}
|
||||
|
||||
# dn42 ip ranges
|
||||
function is_dn42() {
|
||||
return net ~ [ 172.22.0.0/15+,
|
||||
195.160.168.0/23+,
|
||||
91.204.4.0/22+,
|
||||
193.43.220.0/23+,
|
||||
87.106.29.254/32,
|
||||
85.25.246.16/28+,
|
||||
46.4.248.192/27+,
|
||||
94.45.224.0/19+,
|
||||
195.191.196.0/23+,
|
||||
80.244.241.224/27+,
|
||||
46.19.90.48/28+,
|
||||
46.19.90.96/28+,
|
||||
178.63.170.40/32,
|
||||
188.40.34.241/32,
|
||||
195.16.84.40/29+,
|
||||
37.1.89.160/29+,
|
||||
178.33.32.123/32+,
|
||||
37.1.89.160/29+,
|
||||
185.28.77.16/29+,
|
||||
185.28.77.192/27+,
|
||||
192.175.48.0/24+
|
||||
];
|
||||
}
|
||||
|
||||
# chaosvpn ranges
|
||||
function is_chaos() {
|
||||
return net ~ [ 10.4.0.0/16+,
|
||||
10.32.0.0/16+,
|
||||
10.42.16.0/20+, # legacy
|
||||
10.100.0.0/14+,
|
||||
10.104.0.0/14+,
|
||||
172.31.0.0/16+,
|
||||
83.133.178.0/23+,
|
||||
172.26.0.0/15+,
|
||||
176.9.52.58/32+,
|
||||
193.103.159.0/24+,
|
||||
193.103.160.0/23+,
|
||||
212.12.50.208/29+,
|
||||
213.238.61.128/26+
|
||||
];
|
||||
}
|
||||
|
||||
### kernel ###
|
||||
|
||||
# synchronize from bird to main kernel routing table
|
||||
# nothing in the other direction
|
||||
protocol kernel k_mast {
|
||||
scan time 10;
|
||||
import where is_chaos();
|
||||
export filter {
|
||||
krt_prefsrc = <%= @own_ipv4 %>;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
|
||||
# synchronize from birds freifunk table to kernel routing table 42
|
||||
# nothing in the other direction
|
||||
protocol kernel k_frei {
|
||||
scan time 10;
|
||||
table freifunk;
|
||||
kernel table 42;
|
||||
import none;
|
||||
export filter {
|
||||
krt_prefsrc = <%= @own_ipv4 %>;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
|
||||
# this pseudo-protocol watches all interface up/down events
|
||||
protocol device {
|
||||
scan time 10;
|
||||
};
|
||||
|
||||
### pipes ###
|
||||
|
||||
# sync nothing from main routing table to ebgp
|
||||
# sync routes (not own network) from ebgp to main routing table
|
||||
protocol pipe p_maintbl {
|
||||
peer table ebgp;
|
||||
import where !is_self_net();
|
||||
export none;
|
||||
};
|
||||
|
||||
# sync routes (not own network) from ebgp to ibgp
|
||||
# sync routes (all) from ibgp to ebgp
|
||||
protocol pipe p_ibgptbl {
|
||||
table ebgp;
|
||||
peer table ibgp;
|
||||
import all;
|
||||
export where !is_self_net();
|
||||
};
|
||||
|
||||
# sync routes (freifunk, dn42 and chaosvpn) from ibgp to freifunk
|
||||
# sync nothing from freifunk to ibgp
|
||||
protocol pipe p_freitbl {
|
||||
table ibgp;
|
||||
peer table freifunk;
|
||||
import none;
|
||||
export where (is_freifunk() || is_dn42() || is_chaos());
|
||||
};
|
||||
|
||||
### static routes ###
|
||||
|
||||
# if no openvpn is running, reject everything we do not have a route for
|
||||
protocol static unreachable_default {
|
||||
route 0.0.0.0/0 reject;
|
||||
table freifunk;
|
||||
};
|
||||
|
||||
protocol static static_ffhh {
|
||||
route <%= @ff_net %> reject;
|
||||
table ebgp;
|
||||
};
|
||||
|
||||
# in hamburg we use a /18 from our /16 in the mesh
|
||||
# create a route for that in freifunk table
|
||||
protocol static local_ffhh {
|
||||
route <%= @ff_mesh_net %> via "br-ffhh";
|
||||
table freifunk;
|
||||
};
|
||||
|
||||
### templates ###
|
||||
|
||||
# template for same city freifunk gateways
|
||||
template bgp locals {
|
||||
table ibgp;
|
||||
local as ownas;
|
||||
import filter {
|
||||
preference = 99;
|
||||
accept;
|
||||
};
|
||||
export where source = RTS_BGP;
|
||||
direct;
|
||||
next hop self;
|
||||
};
|
||||
|
||||
# template for icvpn gateways of other cities
|
||||
template bgp peers {
|
||||
table ebgp;
|
||||
local as ownas;
|
||||
# ignore routes for our own network
|
||||
import where ((is_freifunk() || is_dn42() || is_chaos()) && !is_self_net());
|
||||
export where (is_freifunk() || is_dn42() || is_chaos());
|
||||
route limit 10000;
|
||||
};
|
||||
|
||||
### local gateways ###
|
||||
|
||||
<% @peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
|
||||
protocol bgp <%= key %> from <%= hash["template"] %> {
|
||||
neighbor <%= hash["ip"] %> as ownas;
|
||||
};
|
||||
<% end -%><% end -%>
|
||||
|
||||
### icvpn peerings ###
|
||||
|
||||
<% if @gw_do_ic_peering -%>
|
||||
<% @ic_peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
|
||||
protocol bgp <%= key %> from <%= hash["template"] %> {
|
||||
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
|
||||
};
|
||||
<% end -%><% end -%>
|
||||
<% end -%>
|
||||
87
templates/etc/bird/bird6.conf.erb
Normal file
87
templates/etc/bird/bird6.conf.erb
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
# managed by puppet
|
||||
#
|
||||
# the ff ip of the gateway
|
||||
router id <%= @own_ipv4 %>;
|
||||
|
||||
# routing tables
|
||||
table ffhh;
|
||||
|
||||
# filter to check ulas
|
||||
function is_ula() {
|
||||
return (net ~ [ fc00::/7{48,64} ]);
|
||||
}
|
||||
|
||||
function is_self() {
|
||||
return (proto = "static_ffhh");
|
||||
}
|
||||
|
||||
filter ffhh_internal_export {
|
||||
if (proto = "local_ffhh") then accept;
|
||||
if (source != RTS_BGP) then reject;
|
||||
if (is_ula() && proto != "static_ffhh") then accept;
|
||||
else reject;
|
||||
}
|
||||
|
||||
# don't use kernel's routes for bird, but export bird's routes to kernel
|
||||
protocol kernel {
|
||||
scan time 20; # Scan kernel routing table every 20 seconds
|
||||
import none; # Default is import all
|
||||
export all;
|
||||
}
|
||||
|
||||
# This pseudo-protocol watches all interface up/down events.
|
||||
protocol device {
|
||||
scan time 10; # Scan interfaces every 10 seconds
|
||||
}
|
||||
|
||||
# define our routes
|
||||
protocol static static_ffhh {
|
||||
table ffhh;
|
||||
# reject route if announced from external
|
||||
route fd51:2bb2:fd0d::/48 reject;
|
||||
};
|
||||
|
||||
protocol static local_ffhh {
|
||||
table ffhh;
|
||||
route fd51:2bb2:fd0d::/64 via "br-ffhh";
|
||||
};
|
||||
|
||||
protocol pipe pipe_ffhh {
|
||||
peer table ffhh;
|
||||
import all;
|
||||
export none;
|
||||
};
|
||||
|
||||
# template for internal routing
|
||||
template bgp bgp_ibgp {
|
||||
table ffhh;
|
||||
local as 65112;
|
||||
source address <%= @own_ipv6 %>;
|
||||
import all;
|
||||
export where source = RTS_BGP;
|
||||
gateway direct;
|
||||
next hop self;
|
||||
};
|
||||
|
||||
# icvpn template for hamburg03
|
||||
template bgp bgp_icvpn {
|
||||
local as 65112;
|
||||
source address <%= @own_ipv6 %>;
|
||||
table ffhh;
|
||||
import where is_ula();
|
||||
export where is_self() || (source = RTS_BGP);
|
||||
};
|
||||
|
||||
<% @peerings_v6.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv6 -%>
|
||||
protocol bgp <%= key %> from <%= hash["template"] %> {
|
||||
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
|
||||
};
|
||||
<% end -%><% end -%>
|
||||
|
||||
<% if @gw_do_ic_peering -%>
|
||||
<% @ic_peerings_v6.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv6 -%>
|
||||
protocol bgp <%= key %> from <%= hash["template"] %> {
|
||||
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
|
||||
};
|
||||
<% end -%><% end -%>
|
||||
<% end -%>
|
||||
Loading…
Add table
Add a link
Reference in a new issue