graffen/ix-bird-config
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add ROA

Browse source
This commit is contained in:
graffen 2018-10-06 22:39:50 +00:00
parent 07cd688008
commit ee42d5bfea
2 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bgp4.conf
View file

@ -34,10 +34,19 @@ template pipe iBGP_Pipe {
export all; export all;
} }
roa table dn42_roa {
include "/var/lib/bird/bird_roa_dn42.conf";
};
protocol pipe { protocol pipe {
table master; table master;
peer table T_BGP4; peer table T_BGP4;
import filter { import filter {
if (roa_check(dn42_roa, net, bgp_path.last) = ROA_INVALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
}
# accept every subnet, except our own advertised subnet # accept every subnet, except our own advertised subnet
# filtering is important, because some guys try to advertise routes like 0.0.0$ # filtering is important, because some guys try to advertise routes like 0.0.0$
if is_valid_network() && !is_self_net() then { if is_valid_network() && !is_self_net() then {

9
bgp6.conf
View file

@ -34,10 +34,19 @@ template pipe iBGP_Pipe {
export all; export all;
} }
roa table dn42_roa6 {
include "/var/lib/bird/bird6_roa_dn42.conf";
};
protocol pipe { protocol pipe {
table master; table master;
peer table T_BGP6; peer table T_BGP6;
import filter { import filter {
if (roa_check(dn42_roa6, net, bgp_path.last) = ROA_INVALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
}
# accept every subnet, except our own advertised subnet # accept every subnet, except our own advertised subnet
# filtering is important, because some guys try to advertise routes like 0.0.0$ # filtering is important, because some guys try to advertise routes like 0.0.0$
if is_valid_network() && !is_self_net() then { if is_valid_network() && !is_self_net() then {