From de7c73a9071ce69eb0839ddba73c7e6e363c7e89 Mon Sep 17 00:00:00 2001 From: graffen Date: Sat, 15 Sep 2018 18:52:01 +0000 Subject: [PATCH] Set up iBGP & v6 OSPF to uk-lon1 --- bgp6.conf | 57 +++++++++++++++++++++++++++++++++++++++++++++++ bird6.conf | 24 ++++++++++++++++++-- ospf6.conf | 37 ++++++++++++++++++++++++++++++ peers6/iB_uk_lon1 | 12 ++++++++++ 4 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 bgp6.conf create mode 100644 ospf6.conf create mode 100644 peers6/iB_uk_lon1 diff --git a/bgp6.conf b/bgp6.conf new file mode 100644 index 0000000..496e549 --- /dev/null +++ b/bgp6.conf @@ -0,0 +1,57 @@ +template bgp dnpeers { + local as OWNAS; + table T_BGP6; + + # metric is the number of hops between us and the peer + path metric 1; + + # this line allows debugging filter rules + # filtered routes can be looked up in birdc using the "show route filtered" command + import keep filtered on; + + import all; + export all; + #source address 172.20.170.192; +}; + +template bgp iBGP_Peer { + local as OWNAS; + igp table T_OSPF6; + path metric on; + import keep filtered; +# import where iBGP_import_peer_policy(); +# export where iBGP_export_peer_policy(); + import all; + export all; + source address OWNIP; + next hop self; +} + +template pipe iBGP_Pipe { + # table name will come from peer definition + peer table master; + import all; + export all; +} + + +protocol pipe { + table master; + peer table T_BGP6; + import filter { + # accept every subnet, except our own advertised subnet + # filtering is important, because some guys try to advertise routes like 0.0.0$ + if is_valid_network() && !is_self_net() then { + accept; + } + reject; + }; + + export filter { + # here we export the whole net + if is_valid_network() then { + accept; + } + reject; + }; +}; diff --git a/bird6.conf b/bird6.conf index 82f40c9..c3df896 100644 --- a/bird6.conf +++ b/bird6.conf @@ -1,4 +1,5 @@ table T_BGP6; +table T_OSPF6; protocol device { scan time 10; @@ -43,7 +44,26 @@ template bgp dnpeers { path metric 1; import all; export all; - import limit 1000 action block; +} + +template bgp iBGP_Peer { + local as OWNAS; + igp table T_OSPF6; + path metric on; + import keep filtered; +# import where iBGP_import_peer_policy(); +# export where iBGP_export_peer_policy(); + import all; + export all; + source address OWNIP; + next hop self; +} + +template pipe iBGP_Pipe { + # table name will come from peer definition + peer table master; + import all; + export all; } protocol pipe { @@ -67,5 +87,5 @@ protocol pipe { }; - +include "/etc/bird/ospf6.conf"; include "/etc/bird/peers6/*"; diff --git a/ospf6.conf b/ospf6.conf new file mode 100644 index 0000000..abe82a3 --- /dev/null +++ b/ospf6.conf @@ -0,0 +1,37 @@ +protocol ospf { + table T_OSPF6; + import all; + export all; + + area 0 { + interface "wg-ospf-*" { + }; + + interface "wg-uk-lon1" { + }; + + interface "lo" { + stub; + }; + }; +} + +protocol direct { + table T_OSPF6; + import where is_self_net(); + export none; + + interface "lo"; +} + +filter filter_OSPF6 { + ospf_metric1 = 1000; + if source = RTS_STATIC then accept; + else reject; +}; + +protocol pipe { + peer table T_OSPF6; + import all; + export filter filter_OSPF6; +} diff --git a/peers6/iB_uk_lon1 b/peers6/iB_uk_lon1 new file mode 100644 index 0000000..a7d2f03 --- /dev/null +++ b/peers6/iB_uk_lon1 @@ -0,0 +1,12 @@ +table T_IBGP_UK_LON1_V6; + +protocol bgp iB_uk_lon1 from iBGP_Peer { + table T_IBGP_UK_LON1_V6; + neighbor fd62:77fb:94bf::196 as 4242423934; + import where dn42_import_filter(3,24,34); + export where dn42_export_filter(3,24,34); +}; + +protocol pipe P_IBGP_UK_LON1 from iBGP_Pipe { + table T_IBGP_UK_LON1_V6; +}