From dfcfe9fbc7e8d0180286e9f697bf0563139bc399 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Sun, 10 Nov 2024 15:08:21 +0000 Subject: [PATCH] Switch to announcing routes from downstream routers to mika --- lakewood.united-states/bird.conf | 84 +------------------ lakewood.united-states/dn42/bird.conf | 82 ++++++++++++++++++ .../{ => dn42}/dn42-filter.conf | 0 .../{ => dn42}/peers/famfo.conf | 0 .../{ => dn42}/peers/haktron.conf | 0 .../{ => dn42}/peers/highdef.conf | 0 .../{ => dn42}/peers/kioubit.conf | 0 .../{ => dn42}/peers/lare.conf | 0 .../{ => dn42}/peers/mark22k.conf | 0 .../{ => dn42}/peers/ty3r0x.conf | 0 lakewood.united-states/v6gw/bird.conf | 48 +++++++++++ .../v6gw/peers/mika.frankfurt.conf | 11 +++ mika.frankfurt.vultr/bird.conf | 63 +------------- mika.frankfurt.vultr/downstream/bird.conf | 21 +++++ .../downstream/peers/lakewood.conf | 9 ++ mika.frankfurt.vultr/vultr/bird.conf | 60 +++++++++++++ mika.frankfurt.vultr/{ => vultr}/filter.conf | 2 +- .../{ => vultr}/peers/vultr.conf | 0 18 files changed, 236 insertions(+), 144 deletions(-) create mode 100644 lakewood.united-states/dn42/bird.conf rename lakewood.united-states/{ => dn42}/dn42-filter.conf (100%) rename lakewood.united-states/{ => dn42}/peers/famfo.conf (100%) rename lakewood.united-states/{ => dn42}/peers/haktron.conf (100%) rename lakewood.united-states/{ => dn42}/peers/highdef.conf (100%) rename lakewood.united-states/{ => dn42}/peers/kioubit.conf (100%) rename lakewood.united-states/{ => dn42}/peers/lare.conf (100%) rename lakewood.united-states/{ => dn42}/peers/mark22k.conf (100%) rename lakewood.united-states/{ => dn42}/peers/ty3r0x.conf (100%) create mode 100644 lakewood.united-states/v6gw/bird.conf create mode 100644 lakewood.united-states/v6gw/peers/mika.frankfurt.conf create mode 100644 mika.frankfurt.vultr/downstream/bird.conf create mode 100644 mika.frankfurt.vultr/downstream/peers/lakewood.conf create mode 100644 mika.frankfurt.vultr/vultr/bird.conf rename mika.frankfurt.vultr/{ => vultr}/filter.conf (66%) rename mika.frankfurt.vultr/{ => vultr}/peers/vultr.conf (100%) diff --git a/lakewood.united-states/bird.conf b/lakewood.united-states/bird.conf index ce451bf..1caa7bb 100644 --- a/lakewood.united-states/bird.conf +++ b/lakewood.united-states/bird.conf @@ -2,87 +2,7 @@ log stderr all; debug protocols { states, routes, filters, interfaces }; router id 252.222.50.251; -define DN42_OWN_AS = 4242420475; -define DN42_EXPORTABLE_NETSET = [ - fd51:9b17:dc40::/48 -]; -define DN42_OWN_REGION = 1; -define DN42_OWN_COUNTRY = 276; -define DN42_OWN_BANDWIDTH = 3; - -ipv6 table dn42; -roa6 table dn42_roa; - -include "/etc/bird/dn42-filter.conf"; - protocol device { scan time 10; } -protocol direct { - vrf "vrf-dn42"; - check link yes; - ipv6 { table dn42; }; -} - -protocol static { - # Sink routes of owned prefixes - route fd51:9b17:dc40::/48 unreachable; - ipv6 { table dn42; }; -} - -protocol kernel { - vrf "vrf-dn42"; - kernel table 20; - scan time 20; - learn; - merge paths 64; - - ipv6 { - table dn42; - import filter { - if !dn42_is_valid_network() then reject; # Only import valid networks - if source != RTS_STATIC then reject; # Don't import non-static routes - accept; - }; - export filter { - if source = RTS_STATIC then reject; # Don't export my routes back to kernel - # krt_prefsrc = DN42_OWN_IP; # Pick my own IP as default/source for these routes - accept; - }; - }; -} - -protocol rpki roa_dn42 { - roa6 { table dn42_roa; }; - remote ::1; - port 8082; - refresh 60; - retry 30; - expire 7200; -} - -template bgp dn42peer { - vrf "vrf-dn42"; - local as DN42_OWN_AS; - path metric 1; - - ipv6 { - table dn42; - }; -} - -protocol babel vlan42 { - vrf "vrf-dn42"; - - interface "br-dn42" { - type wired; - check link 1; - }; - - ipv6 { - table dn42; - import all; - export all; - }; -} - -include "/etc/bird/peers/*"; +include "/etc/bird/v6gw/bird.conf"; +include "/etc/bird/dn42/bird.conf"; diff --git a/lakewood.united-states/dn42/bird.conf b/lakewood.united-states/dn42/bird.conf new file mode 100644 index 0000000..79c95af --- /dev/null +++ b/lakewood.united-states/dn42/bird.conf @@ -0,0 +1,82 @@ +define DN42_OWN_AS = 4242420475; +define DN42_EXPORTABLE_NETSET = [ + fd51:9b17:dc40::/48 +]; +define DN42_OWN_REGION = 1; +define DN42_OWN_COUNTRY = 276; +define DN42_OWN_BANDWIDTH = 3; + +ipv6 table dn42; +roa6 table dn42_roa; + +include "/etc/bird/dn42/dn42-filter.conf"; + +protocol direct dn42_direct { + vrf "vrf-dn42"; + check link yes; + ipv6 { table dn42; }; +} + +protocol static dn42_static { + # Sink routes of owned prefixes + route fd51:9b17:dc40::/48 unreachable; + ipv6 { table dn42; }; +} + +protocol kernel dn42_kernel { + vrf "vrf-dn42"; + kernel table 20; + scan time 20; + learn; + merge paths 64; + + ipv6 { + table dn42; + import filter { + if !dn42_is_valid_network() then reject; # Only import valid networks + if source != RTS_STATIC then reject; # Don't import non-static routes + accept; + }; + export filter { + if source = RTS_STATIC then reject; # Don't export my routes back to kernel + # krt_prefsrc = DN42_OWN_IP; # Pick my own IP as default/source for these routes + accept; + }; + }; +} + +protocol rpki roa_dn42 { + roa6 { table dn42_roa; }; + remote ::1; + port 8082; + refresh 60; + retry 30; + expire 7200; +} + +template bgp dn42peer { + vrf "vrf-dn42"; + local as DN42_OWN_AS; + path metric 1; + + ipv6 { + table dn42; + }; +} + +protocol babel vlan42 { + vrf "vrf-dn42"; + + interface "br-dn42" { + type wired; + check link 1; + }; + + ipv6 { + table dn42; + import all; + export all; + }; +} + +include "/etc/bird/dn42/peers/*"; diff --git a/lakewood.united-states/dn42-filter.conf b/lakewood.united-states/dn42/dn42-filter.conf similarity index 100% rename from lakewood.united-states/dn42-filter.conf rename to lakewood.united-states/dn42/dn42-filter.conf diff --git a/lakewood.united-states/peers/famfo.conf b/lakewood.united-states/dn42/peers/famfo.conf similarity index 100% rename from lakewood.united-states/peers/famfo.conf rename to lakewood.united-states/dn42/peers/famfo.conf diff --git a/lakewood.united-states/peers/haktron.conf b/lakewood.united-states/dn42/peers/haktron.conf similarity index 100% rename from lakewood.united-states/peers/haktron.conf rename to lakewood.united-states/dn42/peers/haktron.conf diff --git a/lakewood.united-states/peers/highdef.conf b/lakewood.united-states/dn42/peers/highdef.conf similarity index 100% rename from lakewood.united-states/peers/highdef.conf rename to lakewood.united-states/dn42/peers/highdef.conf diff --git a/lakewood.united-states/peers/kioubit.conf b/lakewood.united-states/dn42/peers/kioubit.conf similarity index 100% rename from lakewood.united-states/peers/kioubit.conf rename to lakewood.united-states/dn42/peers/kioubit.conf diff --git a/lakewood.united-states/peers/lare.conf b/lakewood.united-states/dn42/peers/lare.conf similarity index 100% rename from lakewood.united-states/peers/lare.conf rename to lakewood.united-states/dn42/peers/lare.conf diff --git a/lakewood.united-states/peers/mark22k.conf b/lakewood.united-states/dn42/peers/mark22k.conf similarity index 100% rename from lakewood.united-states/peers/mark22k.conf rename to lakewood.united-states/dn42/peers/mark22k.conf diff --git a/lakewood.united-states/peers/ty3r0x.conf b/lakewood.united-states/dn42/peers/ty3r0x.conf similarity index 100% rename from lakewood.united-states/peers/ty3r0x.conf rename to lakewood.united-states/dn42/peers/ty3r0x.conf diff --git a/lakewood.united-states/v6gw/bird.conf b/lakewood.united-states/v6gw/bird.conf new file mode 100644 index 0000000..9cc0322 --- /dev/null +++ b/lakewood.united-states/v6gw/bird.conf @@ -0,0 +1,48 @@ +define V6GW_EXPORTABLE_NETSET = [ + 2a04:5b81:2060:b00b::/64, + 2a04:5b81:2060:d00d::/64, + 2a04:5b81:2060:f33d::/64 +]; + +define V6GW_OWN_AS = 4200000001; +function v6gw_is_selfnet() { + return net ~ V6GW_EXPORTABLE_NETSET; +} + +ipv6 table v6gw; + +protocol direct v6gw_direct { + vrf "vrf-v6"; + check link yes; + ipv6 { table v6gw; }; +} + +protocol kernel v6gw_kernel { + vrf "vrf-v6"; + kernel table 10; + scan time 20; + learn; + merge paths 64; + + ipv6 { + table v6gw; + import filter { + if !v6gw_is_selfnet() then reject; # Only import valid networks + if source != RTS_STATIC then reject; # Don't import non-static routes + accept; + }; + export none; + }; +} + +template bgp v6gwpeer { + vrf "vrf-v6"; + local as V6GW_OWN_AS; + path metric 1; + + ipv6 { + table v6gw; + }; +} + +include "/etc/bird/v6gw/peers/*"; diff --git a/lakewood.united-states/v6gw/peers/mika.frankfurt.conf b/lakewood.united-states/v6gw/peers/mika.frankfurt.conf new file mode 100644 index 0000000..676ec7d --- /dev/null +++ b/lakewood.united-states/v6gw/peers/mika.frankfurt.conf @@ -0,0 +1,11 @@ +protocol bgp mika_frankfurt from v6gwpeer { + neighbor fe80::1 as 4200000000; + interface "vultrbgp"; + ipv6 { + import none; + export filter { + if !v6gw_is_selfnet() then reject; + accept; + }; + }; +} diff --git a/mika.frankfurt.vultr/bird.conf b/mika.frankfurt.vultr/bird.conf index 9a610da..25d471b 100644 --- a/mika.frankfurt.vultr/bird.conf +++ b/mika.frankfurt.vultr/bird.conf @@ -3,71 +3,12 @@ timeformat protocol iso long; debug protocols { states, routes, filters, interfaces }; router id 45.77.54.132; -define OWN_AS = 4288000569; -define EXPORTABLE_NETSET = [ - 2a04:5b81:2010::/44{44,48}, - #2a04:5b81:2010::/48, - 2a04:5b81:2060::/44{44,48} -]; define VRF = "vrf-wgate"; define VRF_RTID = 20; ipv6 table main; -include "/etc/bird/filter.conf"; - protocol device { scan time 10; } -protocol direct { - vrf VRF; - check link yes; - ipv6 { - table main; - import filter { - if is_self_net() then accept; # Import own routed networks - reject; - }; - }; -} - -protocol static { - ipv6 { table main; }; -} - -protocol kernel { - vrf VRF; - kernel table VRF_RTID; - scan time 20; - learn; - merge paths 64; # ECMP - - ipv6 { - table main; - import filter { - if is_self_net() then accept; # Import own routed networks - if source != RTS_STATIC then reject; # Don't import non-static routes - accept; - }; - export filter { - if source = RTS_STATIC then reject; # Don't export my routes back to kernel - # krt_prefsrc = OWN_IP; # Pick my own IP as default/source for these routes - accept; - }; - }; -} - -template bgp peer_main { - vrf VRF; - local as OWN_AS; - path metric 1; - enable extended messages yes; - connect delay time 1; - connect retry time 20; - error wait time 10, 300; - - ipv6 { - table main; - }; -} - -include "/etc/bird/peers/*"; +include "/etc/bird/vultr/bird.conf"; +include "/etc/bird/downstream/bird.conf"; diff --git a/mika.frankfurt.vultr/downstream/bird.conf b/mika.frankfurt.vultr/downstream/bird.conf new file mode 100644 index 0000000..49c7016 --- /dev/null +++ b/mika.frankfurt.vultr/downstream/bird.conf @@ -0,0 +1,21 @@ +define DOWNSTREAM_OWN_AS = 4200000000; +define DOWNSTREAM_IMPORTABLE_ROUTES = [ + 2a04:5b81:2010::/44{44,64}, + 2a04:5b81:2060::/44{44,64} +]; + +template bgp downstream_peer { + vrf VRF; + local as DOWNSTREAM_OWN_AS; + path metric 1; + enable extended messages yes; + connect delay time 1; + connect retry time 20; + error wait time 10, 300; + + ipv6 { + table main; + }; +} + +include "/etc/bird/downstream/peers/*"; diff --git a/mika.frankfurt.vultr/downstream/peers/lakewood.conf b/mika.frankfurt.vultr/downstream/peers/lakewood.conf new file mode 100644 index 0000000..2b43956 --- /dev/null +++ b/mika.frankfurt.vultr/downstream/peers/lakewood.conf @@ -0,0 +1,9 @@ +protocol bgp lakewood from downstream_peer { + local as DOWNSTREAM_OWN_AS; + neighbor fe80::2 as 4200000001; + interface "caskd-lakewood"; + ipv6 { + import all; + export none; + }; +} diff --git a/mika.frankfurt.vultr/vultr/bird.conf b/mika.frankfurt.vultr/vultr/bird.conf new file mode 100644 index 0000000..95fdab5 --- /dev/null +++ b/mika.frankfurt.vultr/vultr/bird.conf @@ -0,0 +1,60 @@ +define OWN_AS = 4288000569; +define EXPORTABLE_NETSET = [ + 2a04:5b81:2010::/44{44,48}, + 2a04:5b81:2060::/44{44,48} +]; +include "/etc/bird/vultr/filter.conf"; + +protocol direct { + vrf VRF; + check link yes; + ipv6 { + table main; + import filter { + if is_self_net() then accept; # Import own routed networks + reject; + }; + }; +} + +protocol static { + ipv6 { table main; }; +} + +protocol kernel { + vrf VRF; + kernel table VRF_RTID; + scan time 20; + learn; + merge paths 64; # ECMP + + ipv6 { + table main; + import filter { + if is_self_net() then accept; # Import own routed networks + if source != RTS_STATIC then reject; # Don't import non-static routes + accept; + }; + export filter { + if source = RTS_STATIC then reject; # Don't export my routes back to kernel + # krt_prefsrc = OWN_IP; # Pick my own IP as default/source for these routes + accept; + }; + }; +} + +template bgp peer_main { + vrf VRF; + local as OWN_AS; + path metric 1; + enable extended messages yes; + connect delay time 1; + connect retry time 20; + error wait time 10, 300; + + ipv6 { + table main; + }; +} + +include "/etc/bird/vultr/peers/*"; diff --git a/mika.frankfurt.vultr/filter.conf b/mika.frankfurt.vultr/vultr/filter.conf similarity index 66% rename from mika.frankfurt.vultr/filter.conf rename to mika.frankfurt.vultr/vultr/filter.conf index 54f20f3..3b8f765 100644 --- a/mika.frankfurt.vultr/filter.conf +++ b/mika.frankfurt.vultr/vultr/filter.conf @@ -13,7 +13,7 @@ function import_filter() { } function export_filter() { - if !is_self_net() && source != RTS_BGP then reject; # Don't export anything but stuff learned from other peers or my own subnets + if !is_self_net() then reject; # Don't export anything but my own subnets accept; } diff --git a/mika.frankfurt.vultr/peers/vultr.conf b/mika.frankfurt.vultr/vultr/peers/vultr.conf similarity index 100% rename from mika.frankfurt.vultr/peers/vultr.conf rename to mika.frankfurt.vultr/vultr/peers/vultr.conf