graffen/ansible-hessnet
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add possibility of configuring static routes in the router yml files and clean up OSPF filters

Browse source
This commit is contained in:
Jesper Hess 2020-04-27 08:56:13 +02:00
parent d49d45d3f6
commit cc2e9cd1c5
Signed by: graffen
GPG key ID: 351A89E40D763F0F
2 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
host_vars/frb1.cph.dk.routers.v6.hessnet.dk.yml
View file

@ -21,7 +21,7 @@ bgp_peers:
filters: filters:
import: "{ accept; }" import: "{ accept; }"
export: "{ if is_own_route() then reject; accept; }" export: "{ if is_own_route() then reject; accept; }"
- name: "ibgp_fra1" - name: "ibgp_fra1"
template: "ibgp_hessnet" template: "ibgp_hessnet"
peer_asn: "209616" peer_asn: "209616"
@ -30,6 +30,12 @@ bgp_peers:
announce_from_here: true announce_from_here: true
configure_static_multihop_routes: false configure_static_multihop_routes: false
extra_static_routes:
- route: "2001:678:15c:b00::/128"
destination: "wg-fra1"
- route: "2001:678:15c:c00::/128"
destination: "v6tunnel-home"
wireguard: wireguard:
privatekey: !vault | privatekey: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

20
roles/bird/templates/bird.conf.j2
View file

@ -99,7 +99,7 @@ filter kernel_export {
} }
filter ospf_export { filter ospf_export {
if source = RTS_DEVICE then accept; if source !~ [ RTS_DEVICE ] then reject;
if is_own_route() then accept; if is_own_route() then accept;
reject; reject;
} }
@ -111,16 +111,14 @@ filter transit_import {
} }
filter transit_export { filter transit_export {
{% if configure_static_multihop_routes is sameas true %}
if proto = "noAnnounce_v6" then reject; if proto = "noAnnounce_v6" then reject;
if proto = "noAnnounce_v4" then reject; if proto = "noAnnounce_v4" then reject;
{% endif %}
if is_own_aggregated_net() then accept; if is_own_aggregated_net() then accept;
reject; reject;
} }
filter myroutes_import_export { filter myroutes_import_export {
if source !~ [ RTS_BGP, RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC ] then reject; if source !~ [ RTS_BGP, RTS_STATIC ] then reject;
if is_own_route() then accept; if is_own_route() then accept;
reject; reject;
} }
@ -141,25 +139,33 @@ protocol static announce_v4 {
} }
{% endif %} {% endif %}
{% if configure_static_multihop_routes is sameas true %}
protocol static noAnnounce_v6 { protocol static noAnnounce_v6 {
ipv6; ipv6;
{% if configure_static_multihop_routes is sameas true %}
{% for peer in bgp_peers %} {% for peer in bgp_peers %}
{% if peer.neighbor_ip | ipv6 %} {% if peer.neighbor_ip | ipv6 %}
route {{ peer.neighbor_ip }}/128 via {{ router_v6_ip }}; route {{ peer.neighbor_ip }}/128 via {{ router_v6_ip }};
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %}
{% if extra_static_routes is defined %}
# other static routes
{% for route in extra_static_routes %}
route {{ route.route }} via "{{ route.destination }}";
{% endfor %}
{% endif %}
} }
protocol static noAnnounce_v4 { protocol static noAnnounce_v4 {
ipv4; ipv4;
{% if configure_static_multihop_routes is sameas true %}
{% for peer in bgp_peers %} {% for peer in bgp_peers %}
{% if peer.neighbor_ip | ipv4 %} {% if peer.neighbor_ip | ipv4 %}
route {{ peer.neighbor_ip }}/32 via {{ router_v4_ip }}; route {{ peer.neighbor_ip }}/32 via {{ router_v4_ip }};
{% endif %} {% endif %}
{% endfor %} {% endfor %}
}
{% endif %} {% endif %}
}
protocol device { protocol device {
scan time 5; scan time 5;
@ -238,7 +244,7 @@ template bgp ibgp_hessnet {
ipv6 { ipv6 {
next hop self; next hop self;
import all; import all;
export all; export filter { if is_own_route() then reject; accept; };
}; };
} }