nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update bird/bird.conf.tmpl

Browse Source
This commit is contained in:
sump pump 2020-05-21 01:49:27 +00:00
parent 1b5e4d846d
commit 948828eb5e
1 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
bird/bird.conf.tmpl
View File

@ -59,8 +59,8 @@ protocol kernel { # Primary routing table
scan time 10; # Scan kernel routing table every 10 seconds scan time 10; # Scan kernel routing table every 10 seconds
ipv4 { ipv4 {
table lixonet; table lixonet;
import none; # Don't try to import any routes from the kernel import none; # Don't try to import any routes from the kernel
export all; # Export everything we are told to the kernel export filter kernel_export_filter; # Export everything we are told to the kernel
}; };
}; };
@ -86,10 +86,33 @@ function is_lixonet_router()
return net ~ [ ${network_address}/${router_prefix:-24}+ ]; return net ~ [ ${network_address}/${router_prefix:-24}+ ];
} }
filter lixonet_route_filter function is_own_route()
{
return net ~ [
{{ if len "${routes:-}" }}{{ range "$routes" | split "," }}{{.}}+;{{ end }}{{ end }}
];
}
filter bgp_import_filter
{ {
# TODO: check RPKI here! # TODO: check RPKI here!
if source ~ [RTS_STATIC] then reject; # Reject our own routes
if is_lixonet_router() then reject; # Reject poisons if is_lixonet_router() then reject; # Reject poisons
if is_own_route() then reject; # Reject poisons
if is_lixonet_global() then accept; # Accept anything else
reject; # Reject anything else (non-Lixonet)
}
filter bgp_export_filter
{
if is_lixonet_router() then reject; # Reject poisons
if is_lixonet_global() then accept; # Accept anything else
reject; # Reject anything else (non-Lixonet)
}
filter kernel_export_filter
{
if is_own_route() then reject; # Reject poisons
if is_lixonet_global() then accept; # Accept anything else if is_lixonet_global() then accept; # Accept anything else
reject; # Reject anything else (non-Lixonet) reject; # Reject anything else (non-Lixonet)
} }
@ -131,8 +154,8 @@ template bgp lixonet_client {
# Set filters for both exported (sent) and imported (received) BGP prefixes. # Set filters for both exported (sent) and imported (received) BGP prefixes.
# This is explicitly required per RFC 8212, at least on export. # This is explicitly required per RFC 8212, at least on export.
# See: https://gitlab.labs.nic.cz/labs/bird/commit/3831b619661d08d935fd78656732cd2f339ff811 # See: https://gitlab.labs.nic.cz/labs/bird/commit/3831b619661d08d935fd78656732cd2f339ff811
export filter lixonet_route_filter; export filter bgp_export_filter;
import filter lixonet_route_filter; import filter bgp_import_filter;
}; };
}; };