Update bird/bird.conf.tmpl, tinc/lixonet/tinc-up.tmpl, README.md files

This commit is contained in:
sump pump 2020-05-20 23:53:46 +00:00
parent 5feb5ab492
commit cadbcca75c
3 changed files with 30 additions and 8 deletions

View File

@ -10,18 +10,40 @@ Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html
Run: `tincd -n lixonet -K`
**Configuration options**
# Configuration options
All options are supplied in the `name=value` format on individual lines, i.e. `name=test_name_lixo`
## Required options
You **MUST** specify these options, or Lixonet will not work.
#### Network options
* `name` - The global neighbor name. Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.
* `address` - The *router* address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx
* `network_address` - The *network* address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size)
* `asn` - The BGP ASN to use. We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212)
* `netmask` - The routing layer netmask to use. This should be `255.255.255.0` in most cases as our routing layer has always been a ``/24` subnet. Used by Tinc and BIRD for the L2 mesh and route security ingress filtering respectively.
#### Tinc options
* `tinc_bind_address` - OPTIONAL: The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1). This is _not_ the tunnel IP.
* `tinc_connect_to` - OPTIONAL: A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`). If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
**Setup**
## Non-required options:
#### Network options
* `global_prefix`: global network prefix: defaults to `16`.
* `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too.
* `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
#### BGP
For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3
* `bgp_path_metric`: Enable comparison of path lengths when deciding which BGP route is the best one (`0` or `1`): defaults to `1`
* `bgp_aigp`: BGP AIGP state (`enable`, `disable`, or `originate`): defaults to `originate` (see BIRD documentation)
# Setup
Prerequisites:
1. `docker` and `docker-compose` (Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux), `git`, and `curl` are installed (Alpine: `apk add`). You may also want to make docker run at boot: `rc-update add docker boot`.

View File

@ -54,7 +54,7 @@ protocol kernel { # Primary routing table
# the global mesh network.
function net_lixonet_global()
{
return net ~ [ ${address:-172.30.0.0}/${global_prefix:-16} ];
return net ~ [ ${network_address}/${global_prefix:-16} ];
}
# Returns TRUE if the given tested network is within the router network prefix for
@ -62,7 +62,7 @@ function net_lixonet_global()
# for us. Helps prevent a security vulnerability of hijacking another router.
function net_lixonet_router()
{
return net ~ [ ${address:-172.30.0.0}/${router_prefix:-24} ];
return net ~ [ ${network_address}/${router_prefix:-24} ];
}
filter lixonet_import
@ -91,7 +91,7 @@ template bgp lixonet_client {
source address ${address}; # What local IP address we use for any outbound TCP
# connections on port 179
path metric 1; # 1 = Prefer routes with shorter paths (like Cisco does)
path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does)
# BGP channels
# See: Channel configuration (BIRD BGP configuration) and the table shown there.
@ -109,7 +109,7 @@ template bgp lixonet_client {
# automatically attached to non-BGP routes with valid IGP metric (e.g. ospf_metric1)
# as they are exported to the BGP session.
# Thank-you, BIRD <3 - mane and nurd
aigp originate;
aigp ${bgp_aigp:-originate};
};
# Set filters for both exported (sent) and imported (received) BGP prefixes.

View File

@ -1,2 +1,2 @@
#!/bin/sh
ifconfig \$INTERFACE ${address} netmask ${netmask}
ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0}