aboutsummaryrefslogtreecommitdiff
path: root/ansible/bgp/templates
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2023-10-07 23:58:44 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2023-10-07 23:58:44 +0200
commit18133a7854edec361f7699af0662027d527be540 (patch)
treed0f1751739076e6927397c0b754a98d968983c07 /ansible/bgp/templates
parent6967e11d9c14554300e07fd70a6a93ffe224f8d3 (diff)
downloadinfra-18133a7854edec361f7699af0662027d527be540.tar.gz
infra-18133a7854edec361f7699af0662027d527be540.tar.bz2
infra-18133a7854edec361f7699af0662027d527be540.tar.xz
infra-18133a7854edec361f7699af0662027d527be540.zip
bgp setup
Diffstat (limited to 'ansible/bgp/templates')
-rw-r--r--ansible/bgp/templates/bird.conf.j297
-rw-r--r--ansible/bgp/templates/bird.conf2.j264
2 files changed, 161 insertions, 0 deletions
diff --git a/ansible/bgp/templates/bird.conf.j2 b/ansible/bgp/templates/bird.conf.j2
new file mode 100644
index 0000000..dfda44b
--- /dev/null
+++ b/ansible/bgp/templates/bird.conf.j2
@@ -0,0 +1,97 @@
+{% if bgp_mynet|default(false) %}
+define mynet6 = {{ bgp_mynet }};
+{% endif %}
+define tnet = {{ tnet }};
+define tnet_link = {{ tnet_link }};
+
+log syslog all;
+
+debug protocols all;
+{#
+
+filter tnet_import
+{
+{% if bgp_mynet|default(false) %}
+ if net ~ mynet6 then reject "tnet_import reject mynet";
+{% endif %}
+ accept "tnet_import accept other";
+}
+
+filter tnet_export
+{
+{% if bgp_mynet|default(false) %}
+ if net ~ mynet6 then accept "tnet_export accept mynet";
+{% endif %}
+ reject "tnet_export reject other";
+}
+#}
+
+function is_tnet()
+{
+ return net ~ tnet && ! (net ~ tnet_link);
+}
+
+protocol device {
+}
+{% if bgp_mynet_if|default(False) %}
+
+protocol direct {
+ interface "{{ bgp_mynet_if }}";
+ ipv6 {
+ import all;
+ };
+}
+{% endif %}
+
+protocol kernel kernel6 {
+ ipv6 {
+ import none;
+ export filter {
+{% if bgp_mynet|default(false) %}
+ if net ~ mynet6 then reject "is mynet, reject";
+{% endif %}
+ if is_tnet() then accept "is tnet, accept";
+ reject "not tnet";
+ };
+ };
+}
+{% for peer in peers %}
+
+protocol bgp {{ peer.name }} {
+ local as {{ bgp_as }};
+ neighbor {{ peer.ip }} as {{ peer.as }};
+
+ password "trygvis";
+
+ ipv6 {
+ import filter {
+ if is_tnet() then accept "from {{ peer.name }}, import accept";
+ reject "from {{ peer.name }}, invalid tnet";
+ };
+ import keep filtered;
+ export filter {
+ if is_tnet() then accept "from {{ peer.name }}, export accept";
+ reject "from {{ peer.name }}, invalid tnet";
+ };
+ };
+}
+{% endfor %}
+{% if bgp_radv %}
+
+protocol radv {{ bgp_radv_if }} {
+ ipv6 {
+ import all;
+ export all;
+ };
+
+ interface "{{ bgp_radv_if }}" {
+ max ra interval 600; # 10 for debugging
+ default lifetime 0; # No not use this as a default gateway
+ default preference low;
+
+ prefix ::/0 {
+ #autonomous off; # So do not autoconfigure any IP
+ };
+ };
+}
+{% endif %}
diff --git a/ansible/bgp/templates/bird.conf2.j2 b/ansible/bgp/templates/bird.conf2.j2
new file mode 100644
index 0000000..5ec3131
--- /dev/null
+++ b/ansible/bgp/templates/bird.conf2.j2
@@ -0,0 +1,64 @@
+log syslog all;
+
+router id from "eth0";
+
+debug protocols all;
+
+protocol device {
+}
+
+protocol direct {
+ interface "wg0";
+ ipv6 {
+ import filter {
+ if net ~ fdf3:aad9:a885::/48 then accept;
+ reject;
+ };
+ };
+}
+
+filter tnet
+{
+ if net ~ fdf3:aad9:a885::/48 then accept "tnet ok";
+ reject "tnet reject";
+}
+
+protocol kernel {
+ ipv6 {
+ import filter tnet;
+ export filter tnet;
+ };
+ metric 0;
+}
+
+protocol bgp akili {
+ #disabled;
+ local fdf3:aad9:a885:b3a::1 as 4230483679;
+ neighbor fdf3:aad9:a885:b3a::7 internal;
+ password "trygvis";
+ direct;
+
+ rr client;
+
+ ipv6 {
+ import filter tnet;
+ import keep filtered;
+ export filter tnet;
+ };
+}
+
+protocol bgp astyanax {
+ #disabled;
+ local fdf3:aad9:a885:b3a::1 as 4230483679;
+ neighbor fdf3:aad9:a885:b3a::10 internal;
+ password "trygvis";
+ direct;
+
+ rr client;
+
+ ipv6 {
+ import filter tnet;
+ import keep filtered;
+ export filter tnet;
+ };
+}