From 622a68301adcd27b053f55c8e49a3b75c446cb53 Mon Sep 17 00:00:00 2001 From: Jesper Hess Nielsen Date: Sat, 25 Apr 2020 11:24:24 +0200 Subject: [PATCH] Rework BGP home to iBGP --- host_vars/frb1.cph.dk.routers.v6.hessnet.dk.yml | 14 ++++++++++---- inventory | 2 +- roles/bird/templates/bird.conf.j2 | 15 +++++++++++++-- roles/playbook.yml | 2 +- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/host_vars/frb1.cph.dk.routers.v6.hessnet.dk.yml b/host_vars/frb1.cph.dk.routers.v6.hessnet.dk.yml index 81e3e2a..2810681 100644 --- a/host_vars/frb1.cph.dk.routers.v6.hessnet.dk.yml +++ b/host_vars/frb1.cph.dk.routers.v6.hessnet.dk.yml @@ -15,12 +15,17 @@ bgp_peers: neighbor_ip: "2a01:4262:1ab:20::1" - name: "hessnet_home" - template: "peer_hessnet" - peer_asn: "64512" + template: "ibgp_hessnet" + peer_asn: "209616" neighbor_ip: "2001:678:15c:a00::1" filters: - export: "{ peer_export_dfz(); }" - import: "myroutes_import_export" + import: "{ accept; }" + export: "{ if is_own_route() then reject; accept; }" + + - name: "ibgp_fra1" + template: "ibgp_hessnet" + peer_asn: "209616" + neighbor_ip: "2001:678:15c:b00::" announce_from_here: true configure_static_multihop_routes: false @@ -35,3 +40,4 @@ wireguard: 36306139376436666165393831363435626633313935333838613938616631666531343964666464 3833643632343962666464383336626234646362336531366331 publickey: IBJriIpmeq+hqVCBYPn7PxDXhH/ymxpG+6BOYedfZXY= + \ No newline at end of file diff --git a/inventory b/inventory index 0a0cd20..539dbc2 100644 --- a/inventory +++ b/inventory @@ -6,7 +6,7 @@ archvm2.hosts.v6.hessnet.dk vul1.ams.nl.routers.v6.hessnet.dk [routers_copenhagen] -frb1.cph.dk.routers.v6.hessnet.dk +frb1.cph.dk.routers.v6.hessnet.dk ansible_host=hessnet-router.hessnet.dk [routers:children] routers_vultr diff --git a/roles/bird/templates/bird.conf.j2 b/roles/bird/templates/bird.conf.j2 index 7935fb0..47f5327 100644 --- a/roles/bird/templates/bird.conf.j2 +++ b/roles/bird/templates/bird.conf.j2 @@ -92,7 +92,7 @@ function peer_export_dfz_and_default() { } filter kernel_export { - if source !~ [ RTS_BGP, RTS_OSPF, RTS_STATIC ] then reject; + if source !~ [ RTS_BGP, RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC ] then reject; if is_default_route() then accept; if is_own_route() then accept; reject; @@ -100,6 +100,7 @@ filter kernel_export { filter ospf_export { if source = RTS_DEVICE then accept; + if is_own_route() then accept; reject; } @@ -119,7 +120,7 @@ filter transit_export { } filter myroutes_import_export { - if source !~ [ RTS_BGP, RTS_OSPF, RTS_STATIC ] then reject; + if source !~ [ RTS_BGP, RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC ] then reject; if is_own_route() then accept; reject; } @@ -232,6 +233,15 @@ template bgp peer_hessnet { }; } +template bgp ibgp_hessnet { + local as my_asn; + ipv6 { + next hop self; + import all; + export all; + }; +} + {% for peer in bgp_peers %} protocol bgp {{ peer.name }} from {{ peer.template }} { neighbor {{peer.neighbor_ip}} as {{peer.peer_asn}}; @@ -257,6 +267,7 @@ protocol ospf v3 { interface "wg*" { }; interface "tun*" { }; + interface "v6tunnel*" { }; }; ipv6 { diff --git a/roles/playbook.yml b/roles/playbook.yml index 978170f..faacee1 100644 --- a/roles/playbook.yml +++ b/roles/playbook.yml @@ -19,4 +19,4 @@ become: "yes" roles: - { role: "bird", tags: "bird" } - - "wireguard-tools" \ No newline at end of file + - "wireguard" \ No newline at end of file