caskd/bird-configs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Alex D. 2024-08-15 16:43:13 +00:00
commit fe14ec4940
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
12 changed files with 330 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
lakewood.united-states/bird.conf Normal file
View File

@ -0,0 +1,88 @@
log stderr all;
debug protocols { states, routes, filters, interfaces };
router id 252.222.50.251;
define DN42_OWN_AS = 4242420475;
define DN42_EXPORTABLE_NETSET = [
fd51:9b17:dc40::/48
];
define DN42_OWN_REGION = 1;
define DN42_OWN_COUNTRY = 276;
define DN42_OWN_BANDWIDTH = 3;
ipv6 table dn42;
roa6 table dn42_roa;
include "/etc/bird/dn42-filter.conf";
protocol device { scan time 10; }
protocol direct {
vrf "vrf-dn42";
check link yes;
ipv6 { table dn42; };
}
protocol static {
# Sink routes of owned prefixes
route fd51:9b17:dc40::/48 unreachable;
ipv6 { table dn42; };
}
protocol kernel {
vrf "vrf-dn42";
kernel table 20;
scan time 20;
learn;
merge paths 64;
ipv6 {
table dn42;
import filter {
if !dn42_is_valid_network() then reject; # Only import valid networks
if source != RTS_STATIC then reject; # Don't import non-static routes
accept;
};
export filter {
if source = RTS_STATIC then reject; # Don't export my routes back to kernel
# krt_prefsrc = DN42_OWN_IP; # Pick my own IP as default/source for these routes
accept;
};
};
}
protocol rpki roa_dn42 {
roa6 { table dn42_roa; };
remote ::1;
port 8082;
refresh 60;
retry 30;
expire 7200;
}
template bgp dn42peer {
vrf "vrf-dn42";
local as DN42_OWN_AS;
path metric 1;
ipv6 {
table dn42;
};
}
protocol babel vlan42 {
vrf "vrf-dn42";
interface "br-dn42" {
type wired;
check link 1;
};
ipv6 {
table dn42;
import all;
export all;
};
}
include "/etc/bird/peers/*";

91
lakewood.united-states/dn42-filter.conf Normal file
View File

@ -0,0 +1,91 @@
function dn42_is_self_net() {
return net ~ DN42_EXPORTABLE_NETSET;
}
function dn42_is_valid_network() {
return net ~ [
fd00::/8{44,64}
];
}
function dn42_update_latency(int link_latency)
int dn42_latency;
{
dn42_latency = link_latency;
bgp_community.add((64511, dn42_latency));
if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; }
else if (64511, 8) ~ bgp_community then { bgp_community.delete([(64511, 1..7)]); return 8; }
else if (64511, 7) ~ bgp_community then { bgp_community.delete([(64511, 1..6)]); return 7; }
else if (64511, 6) ~ bgp_community then { bgp_community.delete([(64511, 1..5)]); return 6; }
else if (64511, 5) ~ bgp_community then { bgp_community.delete([(64511, 1..4)]); return 5; }
else if (64511, 4) ~ bgp_community then { bgp_community.delete([(64511, 1..3)]); return 4; }
else if (64511, 3) ~ bgp_community then { bgp_community.delete([(64511, 1..2)]); return 3; }
else if (64511, 2) ~ bgp_community then { bgp_community.delete([(64511, 1..1)]); return 2; }
else return 1;
}
function dn42_update_bandwidth(int link_bandwidth)
int dn42_bandwidth;
{
dn42_bandwidth = link_bandwidth + 20;
bgp_community.add((64511, dn42_bandwidth));
if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; }
else if (64511, 22) ~ bgp_community then { bgp_community.delete([(64511, 23..29)]); return 22; }
else if (64511, 23) ~ bgp_community then { bgp_community.delete([(64511, 24..29)]); return 23; }
else if (64511, 24) ~ bgp_community then { bgp_community.delete([(64511, 25..29)]); return 24; }
else if (64511, 25) ~ bgp_community then { bgp_community.delete([(64511, 26..29)]); return 25; }
else if (64511, 26) ~ bgp_community then { bgp_community.delete([(64511, 27..29)]); return 26; }
else if (64511, 27) ~ bgp_community then { bgp_community.delete([(64511, 28..29)]); return 27; }
else if (64511, 28) ~ bgp_community then { bgp_community.delete([(64511, 29..29)]); return 28; }
else return 29;
}
function dn42_update_crypto(int link_crypto)
int dn42_crypto;
{
dn42_crypto = link_crypto + 30;
bgp_community.add((64511, dn42_crypto));
if (64511, 31) ~ bgp_community then { bgp_community.delete([(64511, 32..34)]); return 31; }
else if (64511, 32) ~ bgp_community then { bgp_community.delete([(64511, 33..34)]); return 32; }
else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; }
else return 34;
}
function dn42_update_flags(int link_latency; int link_bandwidth; int link_crypto)
int dn42_latency;
int dn42_bandwidth;
int dn42_crypto;
{
dn42_latency = dn42_update_latency(link_latency);
dn42_bandwidth = dn42_update_bandwidth(link_bandwidth) - 20;
dn42_crypto = dn42_update_crypto(link_crypto) - 30;
if dn42_bandwidth > DN42_OWN_BANDWIDTH then dn42_bandwidth = DN42_OWN_BANDWIDTH;
return true;
}
function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) {
if !dn42_is_valid_network() || dn42_is_self_net() then {
reject;
}
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
reject;
}
dn42_update_flags(link_latency, link_bandwidth, link_crypto);
accept;
}
function dn42_export_filter(int link_latency; int link_bandwidth; int link_crypto) {
if !dn42_is_valid_network() then reject; # Ignore anything non-DN42
if !dn42_is_self_net() && source != RTS_BGP then reject; # Don't export anything but stuff learned from other peers or my own subnets allowed on DN42
if dn42_is_self_net() then {
bgp_community.add((64511, DN42_OWN_REGION + 40));
bgp_community.add((64511, DN42_OWN_COUNTRY + 1000));
}
dn42_update_flags(link_latency, link_bandwidth, link_crypto);
accept;
}

7
lakewood.united-states/peers/famfo.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp famfo from dn42peer {
neighbor fe80::1411:1%famfo as 4242421411;
ipv6 {
import where dn42_import_filter(4, 3, 4);
export where dn42_export_filter(4, 3, 4);
};
}

7
lakewood.united-states/peers/haktron.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp haktron from dn42peer {
neighbor fe80::1%haktron as 4242422362;
ipv6 {
import where dn42_import_filter(4, 6, 1);
export where dn42_export_filter(4, 6, 1);
};
}

7
lakewood.united-states/peers/highdef.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp highdef from dn42peer {
neighbor fe80::117%highdef as 4242421080;
ipv6 {
import where dn42_import_filter(4, 3, 4);
export where dn42_export_filter(4, 3, 4);
};
}

7
lakewood.united-states/peers/kioubit.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp kioubit from dn42peer {
neighbor fe80::ade0%kioubit as 4242423914;
ipv6 {
import where dn42_import_filter(4, 3, 4);
export where dn42_export_filter(4, 3, 4);
};
}

7
lakewood.united-states/peers/lare.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp lare from dn42peer {
neighbor fe80::3035:130%lare as 4242423035;
ipv6 {
import where dn42_import_filter(4, 3, 4);
export where dn42_export_filter(4, 3, 4);
};
}

7
lakewood.united-states/peers/mark22k.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp mark22k from dn42peer {
neighbor fe80::2923%mark22k as 4242422923;
ipv6 {
import where dn42_import_filter(4, 3, 4);
export where dn42_export_filter(4, 3, 4);
};
}

7
lakewood.united-states/peers/ty3r0x.conf Normal file
View File

@ -0,0 +1,7 @@
protocol bgp ty3r0x_rx from dn42peer {
neighbor fe80::5054:ff:feed:8cf5%vnet5 as 4242422596;
ipv6 {
import where dn42_import_filter(4, 6, 1);
export where dn42_export_filter(4, 6, 1);
};
}

72
mika.frankfurt.vultr/bird.conf Normal file
View File

@ -0,0 +1,72 @@
log stderr all;
debug protocols { states, routes, filters, interfaces };
router id 45.77.54.132;
define OWN_AS = 4288000569;
define EXPORTABLE_NETSET = [
2a04:5b81:2010::/44{44,48},
#2a04:5b81:2010::/48,
2a04:5b81:2060::/44{44,48}
];
define VRF = "vrf-wgate";
define VRF_RTID = 20;
ipv6 table main;
include "/etc/bird/filter.conf";
protocol device { scan time 10; }
protocol direct {
vrf VRF;
check link yes;
ipv6 {
table main;
import filter {
if is_self_net() then accept; # Import own routed networks
reject;
};
};
}
protocol static {
ipv6 { table main; };
}
protocol kernel {
vrf VRF;
kernel table VRF_RTID;
scan time 20;
learn;
merge paths 64; # ECMP
ipv6 {
table main;
import filter {
if is_self_net() then accept; # Import own routed networks
if source != RTS_STATIC then reject; # Don't import non-static routes
accept;
};
export filter {
if source = RTS_STATIC then reject; # Don't export my routes back to kernel
# krt_prefsrc = OWN_IP; # Pick my own IP as default/source for these routes
accept;
};
};
}
template bgp peer_main {
vrf VRF;
local as OWN_AS;
path metric 1;
enable extended messages yes;
connect delay time 1;
connect retry time 20;
error wait time 10, 300;
ipv6 {
table main;
};
}
include "/etc/bird/peers/*";

19
mika.frankfurt.vultr/filter.conf Normal file
View File

@ -0,0 +1,19 @@
function is_self_net() {
return net ~ EXPORTABLE_NETSET;
}
function import_filter() {
if is_self_net() then {
reject;
}
#if (roa_check(main_roa, net, bgp_path.last) != ROA_VALID) then {
# reject;
#}
accept;
}
function export_filter() {
if !is_self_net() && source != RTS_BGP then reject; # Don't export anything but stuff learned from other peers or my own subnets
accept;
}

11
mika.frankfurt.vultr/peers/vultr.conf Normal file
View File

@ -0,0 +1,11 @@
protocol bgp vultr from peer_main {
local as OWN_AS;
#source address 2001:19f0:6c01:1ff9:5400:04ff:fe9c:6c94;
neighbor 2001:19f0:ffff::1 as 64515;
multihop 2;
password "REDACTED";
ipv6 {
import none;
export where export_filter();
};
}