You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
162 lines
3.0 KiB
Plaintext
162 lines
3.0 KiB
Plaintext
timeformat protocol iso long;
|
|
|
|
#log "bird.log" all;
|
|
# debug protocols all;
|
|
|
|
define ffrl_nat_address = {{ ffrl_ip4 }};
|
|
|
|
define ffmyk_as = 65032; # private AS of ffmyk
|
|
define ffrl_as = 201701; # public AS of rheinland
|
|
|
|
router id ffrl_nat_address;
|
|
|
|
ipv4 table ffrl4;
|
|
ipv6 table ffrl6;
|
|
|
|
function is_default4() {
|
|
return net ~ [
|
|
0.0.0.0/0
|
|
];
|
|
}
|
|
|
|
function is_default6() {
|
|
return net ~ [
|
|
::/0
|
|
];
|
|
}
|
|
|
|
function is_ffrl_nat4() {
|
|
return net ~ [
|
|
{{ ffrl_ip4 }}/32
|
|
];
|
|
}
|
|
|
|
function is_ffrl_public_nets6() {
|
|
return net ~ [
|
|
2a03:2260:1016::/48{48,56}
|
|
];
|
|
}
|
|
|
|
function is_ffrl_tunnel_nets4() {
|
|
return net ~ [
|
|
100.64.0.0/10
|
|
];
|
|
}
|
|
|
|
function is_ffrl_tunnel_nets6() {
|
|
return net ~ [
|
|
2a03:2260:0::/48
|
|
];
|
|
}
|
|
|
|
# BGP Import Filter für Rheinland
|
|
filter ebgp_ffrl_import_filter4 {
|
|
if is_default4() then accept;
|
|
reject;
|
|
}
|
|
|
|
# BGP Export Filter für Rheinland
|
|
filter ebgp_ffrl_export_filter4 {
|
|
if is_ffrl_nat4() then accept;
|
|
reject;
|
|
}
|
|
|
|
filter ebgp_ffrl_import_filter6 {
|
|
if is_default6() then accept;
|
|
reject;
|
|
}
|
|
|
|
filter ebgp_ffrl_export_filter6 {
|
|
if is_ffrl_public_nets6() then accept;
|
|
reject;
|
|
}
|
|
|
|
protocol device {
|
|
scan time 10;
|
|
}
|
|
|
|
# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
|
|
protocol static ffrl_uplink_hostroute4 {
|
|
ipv4 { table ffrl4; };
|
|
route {{ ffrl_ip4 }}/32 reject;
|
|
}
|
|
|
|
protocol static ffrl_public_routes6 {
|
|
ipv6 { table ffrl6; };
|
|
route 2a03:2260:1016::/48 reject;
|
|
route {{ wireguard_vpn_client_range }} reject;
|
|
}
|
|
|
|
# Wir legen die Transfernetze in die interne BIRD Routing Table
|
|
#protocol direct {
|
|
# ipv4;
|
|
# table ffrl4;
|
|
# interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %};
|
|
# import where is_ffrl_tunnel_nets4();
|
|
#}
|
|
|
|
# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
|
|
protocol kernel kernel_ffrl4 {
|
|
scan time 30;
|
|
ipv4 {
|
|
import none;
|
|
export filter {
|
|
krt_prefsrc = ffrl_nat_address;
|
|
accept;
|
|
};
|
|
table ffrl4;
|
|
};
|
|
kernel table 42;
|
|
};
|
|
|
|
protocol kernel kernel_ffrl6 {
|
|
scan time 30;
|
|
ipv6 {
|
|
import none;
|
|
export filter {
|
|
if is_default6() then accept;
|
|
reject;
|
|
};
|
|
table ffrl6;
|
|
};
|
|
kernel table 42;
|
|
};
|
|
|
|
# BGP Template für Rheinland Peerings
|
|
template bgp ffrl_uplink4 {
|
|
local as ffmyk_as;
|
|
ipv4 {
|
|
table ffrl4;
|
|
import keep filtered;
|
|
import filter ebgp_ffrl_import_filter4;
|
|
export filter ebgp_ffrl_export_filter4;
|
|
next hop self;
|
|
};
|
|
direct;
|
|
};
|
|
|
|
template bgp ffrl_uplink6 {
|
|
local as ffmyk_as;
|
|
ipv6 {
|
|
table ffrl6;
|
|
import keep filtered;
|
|
import filter ebgp_ffrl_import_filter6;
|
|
export filter ebgp_ffrl_export_filter6;
|
|
next hop self;
|
|
};
|
|
direct;
|
|
};
|
|
|
|
{% for peer in ffrl_peers %}
|
|
protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
|
|
source address {{ peer.ip4 }};
|
|
neighbor {{ peer.peer_ip4 }} as 201701;
|
|
};
|
|
|
|
protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
|
|
source address {{ peer.ip6 }};
|
|
neighbor {{ peer.peer_ip6 }} as 201701;
|
|
}
|
|
|
|
{% endfor %}
|