Beginning of iBGP filtering rules

This commit is contained in:
graffen 2018-11-14 15:17:03 +00:00
parent 3d0bf0d9ed
commit 19ab372608
3 changed files with 25 additions and 7 deletions

View file

@ -19,7 +19,7 @@ template bgp ibgppeer {
igp table T_OSPF;
path metric on;
import keep filtered;
import all;
import where iBGP_import_peer_policy();
export filter {
if is_self_net() then {
reject;

View file

@ -19,10 +19,15 @@ template bgp ibgppeer {
igp table T_OSPF;
path metric on;
import keep filtered;
# import where iBGP_import_peer_policy();
import where iBGP_import_peer_policy();
# export where iBGP_export_peer_policy();
import all;
export all;
export filter {
if is_self_net() then {
reject;
}
accept;
};
source address OWNIP;
next hop self;
}

View file

@ -44,9 +44,9 @@ int dn42_crypto;
# replace 4 with your calculated bandwidth value
if dn42_bandwidth > 4 then dn42_bandwidth = 4;
bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-200*bgp_path.len+100*dn42_crypto; #(as suggested by tombii)
bgp_local_pref = 1000*dn42_bandwidth - 10*dn42_latency; if dn42_crypto < 2 then bgp_local_pref = 0; #(as suggested by Jplitza)
bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-400*(bgp_path.len-1)+100*dn42_crypto; #(as suggested by Mic92 - prefer direct tunnel)
# bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-200*bgp_path.len+100*dn42_crypto; #(as suggested by tombii)
# bgp_local_pref = 1000*dn42_bandwidth - 10*dn42_latency; if dn42_crypto < 2 then bgp_local_pref = 0; #(as suggested by Jplitza)
# bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-400*(bgp_path.len-1)+100*dn42_crypto; #(as suggested by Mic92 - prefer direct tunnel)
return true;
}
@ -75,3 +75,16 @@ function dn42_export_filter(int link_latency; int link_bandwith; int link_crypto
}
reject;
}
# iBGP Peer Policies
function iBGP_import_peer_policy() {
if bgp_path.len > 64 then return false; # Reject too long BGP Paths
if is_self_net() then return false; # Reject local used networks (IXP, Peerings) from iBGP Peers
if ( bgp_local_pref > 1000 ) then { # Reset local pref on iBGP Links, to do AS Path Metric only
bgp_local_pref = 100;
}
return true; # Allow all on iBGP Links
};