Update bird/bird.conf.tmpl, tinc/lixonet/tinc-up.tmpl, README.md files

README.md

@@ -10,18 +10,40 @@ Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html
 
 Run: `tincd -n lixonet -K`
 
-**Configuration options**
+# Configuration options
 
 All options are supplied in the `name=value` format on individual lines, i.e. `name=test_name_lixo`
 
+## Required options
+
+You **MUST** specify these options, or Lixonet will not work.
+
+#### Network options
+
  * `name` - The global neighbor name.  Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.
  * `address` - The *router* address to use.  This is your Lixonet routing layer address: 172.xxx.0.xxx
+ * `network_address` - The *network* address to use.  This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size)
  * `asn` - The BGP ASN to use.  We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212)
- * `netmask` - The routing layer netmask to use.  This should be `255.255.255.0` in most cases as our routing layer has always been a ``/24` subnet.  Used by Tinc and BIRD for the L2 mesh and route security ingress filtering respectively.
+
+#### Tinc options
  * `tinc_bind_address` - OPTIONAL: The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1).  This is _not_ the tunnel IP.
  * `tinc_connect_to` - OPTIONAL: A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`).  If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
 
-**Setup**
+## Non-required options:
+
+#### Network options
+ * `global_prefix`: global network prefix: defaults to `16`.
+ * `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too.
+ * `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
+
+#### BGP
+
+For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3
+
+ * `bgp_path_metric`: Enable comparison of path lengths when deciding which BGP route is the best one (`0` or `1`): defaults to `1`
+ * `bgp_aigp`: BGP AIGP state (`enable`, `disable`, or `originate`): defaults to `originate` (see BIRD documentation)
+
+# Setup
 
 Prerequisites:
 1. `docker` and `docker-compose` (Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux), `git`, and `curl` are installed (Alpine: `apk add`).  You may also want to make docker run at boot: `rc-update add docker boot`.

bird/bird.conf.tmpl

@@ -54,7 +54,7 @@ protocol kernel {               # Primary routing table
 # the global mesh network.
 function net_lixonet_global()
 {
-    return net ~ [ ${address:-172.30.0.0}/${global_prefix:-16} ];
+    return net ~ [ ${network_address}/${global_prefix:-16} ];
 }
 
 # Returns TRUE if the given tested network is within the router network prefix for
@@ -62,7 +62,7 @@ function net_lixonet_global()
 # for us.  Helps prevent a security vulnerability of hijacking another router.
 function net_lixonet_router()
 {
-    return net ~ [ ${address:-172.30.0.0}/${router_prefix:-24} ];
+    return net ~ [ ${network_address}/${router_prefix:-24} ];
 }
 
 filter lixonet_import
@@ -91,7 +91,7 @@ template bgp lixonet_client {
     source address ${address};      # What local IP address we use for any outbound TCP
                                     #  connections on port 179
 
-    path metric 1;		            # 1 = Prefer routes with shorter paths (like Cisco does)
+    path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does)
 
     # BGP channels
     # See: Channel configuration (BIRD BGP configuration) and the table shown there.
@@ -109,7 +109,7 @@ template bgp lixonet_client {
         # automatically attached to non-BGP routes with valid IGP metric (e.g. ospf_metric1)
         # as they are exported to the BGP session.
         # Thank-you, BIRD <3 - mane and nurd
-        aigp originate;
+        aigp ${bgp_aigp:-originate};
     };
 
     # Set filters for both exported (sent) and imported (received) BGP prefixes.

tinc/lixonet/tinc-up.tmpl

@@ -1,2 +1,2 @@
 #!/bin/sh
-ifconfig \$INTERFACE ${address} netmask ${netmask}
+ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0}