diff options
Diffstat (limited to 'ansible/bgp/templates')
-rw-r--r-- | ansible/bgp/templates/bird.conf.j2 | 97 | ||||
-rw-r--r-- | ansible/bgp/templates/bird.conf2.j2 | 64 |
2 files changed, 161 insertions, 0 deletions
diff --git a/ansible/bgp/templates/bird.conf.j2 b/ansible/bgp/templates/bird.conf.j2 new file mode 100644 index 0000000..dfda44b --- /dev/null +++ b/ansible/bgp/templates/bird.conf.j2 @@ -0,0 +1,97 @@ +{% if bgp_mynet|default(false) %} +define mynet6 = {{ bgp_mynet }}; +{% endif %} +define tnet = {{ tnet }}; +define tnet_link = {{ tnet_link }}; + +log syslog all; + +debug protocols all; +{# + +filter tnet_import +{ +{% if bgp_mynet|default(false) %} + if net ~ mynet6 then reject "tnet_import reject mynet"; +{% endif %} + accept "tnet_import accept other"; +} + +filter tnet_export +{ +{% if bgp_mynet|default(false) %} + if net ~ mynet6 then accept "tnet_export accept mynet"; +{% endif %} + reject "tnet_export reject other"; +} +#} + +function is_tnet() +{ + return net ~ tnet && ! (net ~ tnet_link); +} + +protocol device { +} +{% if bgp_mynet_if|default(False) %} + +protocol direct { + interface "{{ bgp_mynet_if }}"; + ipv6 { + import all; + }; +} +{% endif %} + +protocol kernel kernel6 { + ipv6 { + import none; + export filter { +{% if bgp_mynet|default(false) %} + if net ~ mynet6 then reject "is mynet, reject"; +{% endif %} + if is_tnet() then accept "is tnet, accept"; + reject "not tnet"; + }; + }; +} +{% for peer in peers %} + +protocol bgp {{ peer.name }} { + local as {{ bgp_as }}; + neighbor {{ peer.ip }} as {{ peer.as }}; + + password "trygvis"; + + ipv6 { + import filter { + if is_tnet() then accept "from {{ peer.name }}, import accept"; + reject "from {{ peer.name }}, invalid tnet"; + }; + import keep filtered; + export filter { + if is_tnet() then accept "from {{ peer.name }}, export accept"; + reject "from {{ peer.name }}, invalid tnet"; + }; + }; +} +{% endfor %} +{% if bgp_radv %} + +protocol radv {{ bgp_radv_if }} { + ipv6 { + import all; + export all; + }; + + interface "{{ bgp_radv_if }}" { + max ra interval 600; # 10 for debugging + default lifetime 0; # No not use this as a default gateway + default preference low; + + prefix ::/0 { + #autonomous off; # So do not autoconfigure any IP + }; + }; +} +{% endif %} diff --git a/ansible/bgp/templates/bird.conf2.j2 b/ansible/bgp/templates/bird.conf2.j2 new file mode 100644 index 0000000..5ec3131 --- /dev/null +++ b/ansible/bgp/templates/bird.conf2.j2 @@ -0,0 +1,64 @@ +log syslog all; + +router id from "eth0"; + +debug protocols all; + +protocol device { +} + +protocol direct { + interface "wg0"; + ipv6 { + import filter { + if net ~ fdf3:aad9:a885::/48 then accept; + reject; + }; + }; +} + +filter tnet +{ + if net ~ fdf3:aad9:a885::/48 then accept "tnet ok"; + reject "tnet reject"; +} + +protocol kernel { + ipv6 { + import filter tnet; + export filter tnet; + }; + metric 0; +} + +protocol bgp akili { + #disabled; + local fdf3:aad9:a885:b3a::1 as 4230483679; + neighbor fdf3:aad9:a885:b3a::7 internal; + password "trygvis"; + direct; + + rr client; + + ipv6 { + import filter tnet; + import keep filtered; + export filter tnet; + }; +} + +protocol bgp astyanax { + #disabled; + local fdf3:aad9:a885:b3a::1 as 4230483679; + neighbor fdf3:aad9:a885:b3a::10 internal; + password "trygvis"; + direct; + + rr client; + + ipv6 { + import filter tnet; + import keep filtered; + export filter tnet; + }; +} |