KAAAsS/dn42-bird-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add basic config

Browse Source
This commit is contained in:
KAAAsS 2021-04-15 21:13:45 +08:00
commit 273ad82fb8
8 changed files with 2978 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
conf
concrete

195
bird.conf Normal file
View File

@ -0,0 +1,195 @@
# Refer: https://dn42.dev/howto/Bird2
# Refer: https://lantian.pub/article/modify-website/bird-confederation.lantian
include "/etc/bird/conf/net-info.conf";
router id OWNIP;
protocol device {
scan time 10;
}
/*
* Utility functions
*/
function is_self_net() {
return net ~ OWNNETSET;
}
function is_self_net_v6() {
return net ~ OWNNETSETv6;
}
function is_valid_network() {
return net ~ [
172.20.0.0/14{21,29}, # dn42
172.20.0.0/24{28,32}, # dn42 Anycast
172.21.0.0/24{28,32}, # dn42 Anycast
172.22.0.0/24{28,32}, # dn42 Anycast
172.23.0.0/24{28,32}, # dn42 Anycast
172.31.0.0/16+, # ChaosVPN
10.100.0.0/14+, # ChaosVPN
10.127.0.0/16{16,32}, # neonetwork
10.0.0.0/8{15,24} # Freifunk.net
];
}
roa4 table dn42_roa;
roa6 table dn42_roa_v6;
protocol static {
roa4 { table dn42_roa; };
include "/etc/bird/roa_dn42.conf";
};
protocol static {
roa6 { table dn42_roa_v6; };
include "/etc/bird/roa_dn42_v6.conf";
};
function is_valid_network_v6() {
return net ~ [
fd00::/8{44,64} # ULA address space as per RFC 4193
];
}
function is_kas_network() {
if net ~ [
172.16.0.0/24+
] then accept;
if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
accept;
} else reject;
}
function is_kas_network_v6() {
if net ~ [
fd08:93f3:b7eb::def:0/112+
] then accept;
if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then {
accept;
} else reject;
}
protocol kernel {
scan time 20;
ipv6 {
import none;
export filter {
if source = RTS_STATIC then reject;
krt_prefsrc = OWNIPv6;
accept;
};
};
};
protocol kernel {
scan time 20;
ipv4 {
import none;
export filter {
if source = RTS_STATIC then reject;
krt_prefsrc = OWNIP;
accept;
};
};
}
protocol static {
route OWNNET reject;
ipv4 {
import all;
export none;
};
}
protocol static {
route OWNNETv6 reject;
ipv6 {
import all;
export none;
};
}
template bgp dn42_external_peer {
local as OWNAS;
path metric 1;
ipv4 {
import filter {
if is_valid_network() && !is_self_net() then {
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
} else accept;
} else reject;
};
export filter {
bgp_path.delete([4215350000..4215359999]);
if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject;
};
import limit 1000 action block;
};
ipv6 {
import filter {
if is_valid_network_v6() && !is_self_net_v6() then {
if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
} else accept;
} else reject;
};
export filter {
bgp_path.delete([4215350000..4215359999]);
if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject;
};
import limit 1000 action block;
};
}
template bgp kas_edge_peer {
local as KASNET_AS;
confederation OWNAS;
confederation member yes;
path metric 1;
direct;
enable extended messages on;
ipv4 {
next hop self yes;
import filter { is_kas_network(); };
export filter { is_kas_network(); };
};
ipv6 {
next hop self yes;
import filter { is_kas_network_v6(); };
export filter { is_kas_network_v6(); };
};
};
template bgp kas_internal_peer {
local as KASNET_AS;
path metric 1;
direct;
enable extended messages on;
ipv4 {
next hop self yes;
import filter { is_kas_network(); };
export filter { is_kas_network(); };
};
ipv6 {
next hop self yes;
import filter { is_kas_network_v6(); };
export filter { is_kas_network_v6(); };
};
};
include "/etc/bird/conf/peers/*.conf";
include "/etc/bird/conf/edges/*.conf";
include "/etc/bird/conf/internals/*.conf";

15
example/edges/edge-name.conf Normal file
View File

@ -0,0 +1,15 @@
rotocol bgp kasnet_<edge name>_v4 from kas_edge_peer {
neighbor <edge ipv4> external;
ipv6 {
import none;
export none;
};
};
protocol bgp kasnet_<edge name>_v6 from kas_edge_peer {
neighbor <edge ipv6> external;
ipv4 {
import none;
export none;
};
};

3
example/internals/internal-name.conf Normal file
View File

@ -0,0 +1,3 @@
protocol bgp kasnet_<peer name> from kas_internal_peer {
neighbor <peer ip> external;
};

16
example/net-info.conf Normal file
View File

@ -0,0 +1,16 @@
# DN42 ASN
define OWNAS = 4242421535;
# Node IP
define OWNIP = 172.20.150.129;
define OWNIPv6 = fd08:93f3:b7eb::1;
# DN42 IP Prefix
define OWNNET = 172.20.150.128/28;
define OWNNETv6 = fd08:93f3:b7eb::/48;
define OWNNETSET = [172.20.150.128/28+];
define OWNNETSETv6 = [fd08:93f3:b7eb::/48+];
# Private ASN (for BGP confederation)
# my format: 42<dn42 asn last 4 digit><node ip last 8 bit>
define KASNET_AS = 4215350129;

17
example/peers/peer-name.conf Normal file
View File

@ -0,0 +1,17 @@
protocol bgp dn42_<peer name>_v4 from dn42_external_peer {
neighbor <peer ipv4> as <peer asn>;
direct;
ipv6 {
import none;
export none;
};
};
protocol bgp dn42_<peer name>_v6 from dn42_external_peer {
neighbor <peer ipv4> % 'dn42-<peer name>' as <peer asn>;
direct;
ipv4 {
import none;
export none;
};
};

1467
roa_dn42.conf Normal file
View File

File diff suppressed because it is too large Load Diff

1263
roa_dn42_v6.conf Normal file
View File

File diff suppressed because it is too large Load Diff