puppet-ff_gw/templates/etc/bird/bird6.conf.erb
2014-05-19 22:17:18 +02:00

87 lines
1.9 KiB
Text

# managed by puppet
#
# the ff ip of the gateway
router id <%= @own_ipv4 %>;
# routing tables
table ffhh;
# filter to check ulas
function is_ula() {
return (net ~ [ fc00::/7{48,64} ]);
}
function is_self() {
return (proto = "static_ffhh");
}
filter ffhh_internal_export {
if (proto = "local_ffhh") then accept;
if (source != RTS_BGP) then reject;
if (is_ula() && proto != "static_ffhh") then accept;
else reject;
}
# don't use kernel's routes for bird, but export bird's routes to kernel
protocol kernel {
scan time 20; # Scan kernel routing table every 20 seconds
import none; # Default is import all
export all;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# define our routes
protocol static static_ffhh {
table ffhh;
# reject route if announced from external
route fd51:2bb2:fd0d::/48 reject;
};
protocol static local_ffhh {
table ffhh;
route fd51:2bb2:fd0d::/64 via "br-ffhh";
};
protocol pipe pipe_ffhh {
peer table ffhh;
import all;
export none;
};
# template for internal routing
template bgp locals {
table ffhh;
local as 65112;
source address <%= @own_ipv6 %>;
import all;
export where source = RTS_BGP;
direct;
next hop self;
};
<% @peerings_v6.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv6 -%>
protocol bgp <%= key %> from <%= hash["template"] %> {
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
};
<% end -%><% end -%>
<% if @gw_do_ic_peering -%>
# icvpn template for hamburg03
template bgp peers {
local as 65112;
source address <%= @ic_vpn_ip6 %>;
table ffhh;
import where is_ula();
export where is_self() || (source = RTS_BGP);
};
<% @ic_peerings_v6.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv6 -%>
protocol bgp <%= key %> from <%= hash["template"] %> {
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
};
<% end -%><% end -%>
<% end -%>