puppet-ff_gw/templates/etc/bird/bird.conf.erb
2014-05-20 15:54:52 +02:00

187 lines
4 KiB
Text

table ibgp; # internal BGP peerings
table ebgp; # external (icvpn) BGP peerings
table freifunk; # kernel table 42 for routing from ff network
define ownas = <%= @ff_as %>;
router id <%= @own_ipv4 %>;
### functions ###
# own network
function is_self_net() {
return (net ~ [<%= @ff_net %>+]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
# dn42 ip ranges
function is_dn42() {
return net ~ [ 172.22.0.0/15+,
195.160.168.0/23+,
91.204.4.0/22+,
193.43.220.0/23+,
87.106.29.254/32,
85.25.246.16/28+,
46.4.248.192/27+,
94.45.224.0/19+,
195.191.196.0/23+,
80.244.241.224/27+,
46.19.90.48/28+,
46.19.90.96/28+,
178.63.170.40/32,
188.40.34.241/32,
195.16.84.40/29+,
37.1.89.160/29+,
178.33.32.123/32+,
37.1.89.160/29+,
185.28.77.16/29+,
185.28.77.192/27+,
192.175.48.0/24+
];
}
# chaosvpn ranges
function is_chaos() {
return net ~ [ 10.4.0.0/16+,
10.32.0.0/16+,
10.42.16.0/20+, # legacy
10.100.0.0/14+,
10.104.0.0/14+,
172.31.0.0/16+,
83.133.178.0/23+,
172.26.0.0/15+,
176.9.52.58/32+,
193.103.159.0/24+,
193.103.160.0/23+,
212.12.50.208/29+,
213.238.61.128/26+
];
}
### kernel ###
# synchronize from bird to main kernel routing table
# nothing in the other direction
protocol kernel k_mast {
scan time 10;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
};
# synchronize from birds freifunk table to kernel routing table 42
# nothing in the other direction
protocol kernel k_frei {
scan time 10;
table freifunk;
kernel table 42;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
};
# this pseudo-protocol watches all interface up/down events
protocol device {
scan time 10;
};
### pipes ###
# sync nothing from main routing table to ebgp
# sync routes (not own network) from ebgp to main routing table
protocol pipe p_maintbl {
peer table ebgp;
import where !is_self_net();
export none;
};
# sync routes (not own network) from ebgp to ibgp
# sync routes (all) from ibgp to ebgp
protocol pipe p_ibgptbl {
table ebgp;
peer table ibgp;
import all;
export where !is_self_net();
};
# sync routes (freifunk, dn42 and chaosvpn) from ibgp to freifunk
# sync nothing from freifunk to ibgp
protocol pipe p_freitbl {
table ibgp;
peer table freifunk;
import none;
export where (is_freifunk() || is_dn42() || is_chaos());
};
### static routes ###
# if no openvpn is running, reject everything we do not have a route for
protocol static unreachable_default {
route 0.0.0.0/0 reject;
table freifunk;
};
protocol static static_ffhh {
route <%= @ff_net %> reject;
table ebgp;
};
# in hamburg we use a /18 from our /16 in the mesh
# create a route for that in freifunk table
protocol static local_ffhh {
route <%= @ff_mesh_net %> via "br-ffhh";
table freifunk;
};
### templates ###
# template for same city freifunk gateways
template bgp locals {
table ibgp;
local as ownas;
import filter {
preference = 99;
accept;
};
export where source = RTS_BGP;
direct;
next hop self;
};
# template for icvpn gateways of other cities
template bgp peers {
table ebgp;
local as ownas;
# ignore routes for our own network
import where ((is_freifunk() || is_dn42()) && !is_chaos() && !is_self_net());
export where ((is_freifunk() || is_dn42()) && !is_chaos());
route limit 10000;
};
### local gateways ###
<% @peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
protocol bgp <%= key %> from <%= hash["template"] %> {
neighbor <%= hash["ip"] %> as ownas;
};
<% end -%><% end -%>
### icvpn peerings ###
<% if @gw_do_ic_peering -%>
<% @ic_peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
protocol bgp <%= key %> from <%= hash["template"] %> {
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
};
<% end -%><% end -%>
<% end -%>