graffen
/
ix-bird-config
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ROA

This commit is contained in:
graffen 2018-10-06 22:39:50 +00:00
parent 07cd688008
commit ee42d5bfea
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bgp4.conf
View File

@ -34,10 +34,19 @@ template pipe iBGP_Pipe {
export all; export all;
} }
roa table dn42_roa {
include "/var/lib/bird/bird_roa_dn42.conf";
};
protocol pipe { protocol pipe {
table master; table master;
peer table T_BGP4; peer table T_BGP4;
import filter { import filter {
if (roa_check(dn42_roa, net, bgp_path.last) = ROA_INVALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
}
# accept every subnet, except our own advertised subnet # accept every subnet, except our own advertised subnet
# filtering is important, because some guys try to advertise routes like 0.0.0$ # filtering is important, because some guys try to advertise routes like 0.0.0$
if is_valid_network() && !is_self_net() then { if is_valid_network() && !is_self_net() then {

11
bgp6.conf
View File

@ -34,11 +34,20 @@ template pipe iBGP_Pipe {
export all; export all;
} }
roa table dn42_roa6 {
include "/var/lib/bird/bird6_roa_dn42.conf";
};
protocol pipe { protocol pipe {
table master; table master;
peer table T_BGP6; peer table T_BGP6;
import filter { import filter {
# accept every subnet, except our own advertised subnet
if (roa_check(dn42_roa6, net, bgp_path.last) = ROA_INVALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
}
# accept every subnet, except our own advertised subnet
# filtering is important, because some guys try to advertise routes like 0.0.0$ # filtering is important, because some guys try to advertise routes like 0.0.0$
if is_valid_network() && !is_self_net() then { if is_valid_network() && !is_self_net() then {
accept; accept;