Update README.md, bird/bird.conf.tmpl files

README.md

@@ -37,14 +37,57 @@ All options are supplied in the `name=value` format on individual lines, i.e. `n
 
 You **MUST** specify these options, or Lixonet will not work.
 
-#### Network options
-
  * `git` - The Git clone repository URL, used for peer configurations.
  * `tinc_peer_name` - The global neighbor name.  Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.
  * `tinc_peer_address` - The *router* address to use.  This is your Lixonet routing layer address: 172.xxx.0.xxx
  * `network_address` - The *network* address to use.  This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size)
  * `bgp_asn` - The BGP ASN to use.  We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212)
 
+#### Configuration example
+
+A copy of the live configuration (`/etc/lixonet/teamlixo/lixonet.conf`) used by `denco_mane_lixo`:
+
+```
+git=http://git.team.lixo/lixonet/teamlixo.mesh.git
+tinc_peer_name=denco_mane_lixo
+tinc_peer_address=172.31.0.8
+tinc_bind_address=172.31.8.2
+bgp_asn=4206969008
+bgp_routes=172.31.8.0/21,172.31.254.0/24
+network_address=172.31.0.0
+netmask=255.255.255.0
+```
+
+(A key exists at `/etc/lixonet/teamlixo/tinc.key`)
+
+`cat /etc/network/interfaces`:
+```
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet dhcp
+        hostname lixonet
+```
+
+`ifconfig eth0`:
+```
+lixonet:/home/manevolent# ifconfig eth0
+eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
+          inet addr:172.31.8.2  Bcast:0.0.0.0  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:313268 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:266835 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:223824994 (213.4 MiB)  TX bytes:145971829 (139.2 MiB)
+```
+
+`docker ps -a | grep teamlixo` (built by `./build.sh`):
+```
+646e3b6b5456        teamlixo_tinc       "sh -c '/usr/sbin/ti…"   17 minutes ago      Up 15 minutes                                 teamlixo_tinc_1
+84fda16f829b        teamlixo_bird       "/bin/sh -c 'bird -c…"   17 minutes ago      Up 9 minutes                                  teamlixo_bird_1
+```
+
 ## Non-required options:
 
 #### General network options

bird/bird.conf.tmpl

@@ -67,6 +67,13 @@ function is_rpki_invalid_v4 () {
   return roa_check(r4, net, bgp_path.last_nonaggregated) = ROA_INVALID;
 }
 
+# Returns TRUE if the given tested network is the exact global network prefix for
+# Lixonet.  Used to filter the "unreachable" static route we typically static.
+function is_exact_lixonet_global_v4()
+{
+    return net ~ [ ${network_address}/${global_prefix:-16} ];
+}
+
 # Returns TRUE if the given tested network is within the global network prefix for
 # Lixonet.  Used to filter networks outside of this range as they are not within
 # the global mesh network.
@@ -103,6 +110,7 @@ filter bgp_import_filter_v4
 filter bgp_export_filter_v4
 {
     if is_lixonet_router_v4() then reject; # Reject poisons
+    if is_exact_lixonet_global_v4() then reject; # Reject the unreachable route
     if is_lixonet_global_v4() then accept; # Accept anything else
     reject; # Reject anything else (non-Lixonet)
 }
@@ -125,6 +133,11 @@ protocol static {
         export none;
     };
 
+    # Announce the whole network as unreachable; this returns packets that reach
+    # this router as unreachable (ICMP type=3, code=0) if no more specific route
+    # is defined for the network subnet
+    range ${network_address}/${global_prefix:-16}+ unreachable;
+
     # Announced networks
     {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}route {{.}} reject;
     {{ end }}{{ end }}