Update bird/bird.conf.tmpl

This commit is contained in:
sump pump 2020-05-21 01:49:27 +00:00
parent 1b5e4d846d
commit 948828eb5e

View File

@ -59,8 +59,8 @@ protocol kernel { # Primary routing table
scan time 10; # Scan kernel routing table every 10 seconds
ipv4 {
table lixonet;
import none; # Don't try to import any routes from the kernel
export all; # Export everything we are told to the kernel
import none; # Don't try to import any routes from the kernel
export filter kernel_export_filter; # Export everything we are told to the kernel
};
};
@ -86,10 +86,33 @@ function is_lixonet_router()
return net ~ [ ${network_address}/${router_prefix:-24}+ ];
}
filter lixonet_route_filter
function is_own_route()
{
return net ~ [
{{ if len "${routes:-}" }}{{ range "$routes" | split "," }}{{.}}+;{{ end }}{{ end }}
];
}
filter bgp_import_filter
{
# TODO: check RPKI here!
if source ~ [RTS_STATIC] then reject; # Reject our own routes
if is_lixonet_router() then reject; # Reject poisons
if is_own_route() then reject; # Reject poisons
if is_lixonet_global() then accept; # Accept anything else
reject; # Reject anything else (non-Lixonet)
}
filter bgp_export_filter
{
if is_lixonet_router() then reject; # Reject poisons
if is_lixonet_global() then accept; # Accept anything else
reject; # Reject anything else (non-Lixonet)
}
filter kernel_export_filter
{
if is_own_route() then reject; # Reject poisons
if is_lixonet_global() then accept; # Accept anything else
reject; # Reject anything else (non-Lixonet)
}
@ -131,8 +154,8 @@ template bgp lixonet_client {
# Set filters for both exported (sent) and imported (received) BGP prefixes.
# This is explicitly required per RFC 8212, at least on export.
# See: https://gitlab.labs.nic.cz/labs/bird/commit/3831b619661d08d935fd78656732cd2f339ff811
export filter lixonet_route_filter;
import filter lixonet_route_filter;
export filter bgp_export_filter;
import filter bgp_import_filter;
};
};