2 files changed, 20 insertions, 5 deletions

diff --git a/tnet/files/knot/bird-tnet-pre.conf b/tnet/files/knot/bird-tnet-pre.conf
index 7994dfe..ec31fa2 100644
--- a/tnet/files/knot/bird-tnet-pre.conf
+++ b/tnet/files/knot/bird-tnet-pre.conf
@@ -5,3 +5,17 @@ function is_tnet() # -> bool
 {
   return net ~ tnet && ! (net ~ tnet_router);
 }
+
+roa6 table dn42_roa;
+
+protocol static {
+    roa6 { table dn42_roa; };
+    include "/etc/bird/dn42_roa_bird2_6.conf";
+};
+
+function dn42_is_valid_network() # -> bool
+{
+  return net ~ [
+    fd00::/8{44,64} # ULA address space as per RFC 4193
+  ];
+}
diff --git a/tnet/files/knot/bird-tnet.conf b/tnet/files/knot/bird-tnet.conf
index bb76fe8..66189e1 100644
--- a/tnet/files/knot/bird-tnet.conf
+++ b/tnet/files/knot/bird-tnet.conf
@@ -50,14 +50,15 @@ protocol bgp tnet_node2 from tnet_tpl {
 
 protocol bgp routedbits_lon1 {
   local    as 4242423538;
-  neighbor fe80::207
+  neighbor fe80::207;
   neighbor as 4242420207;
+  interface "tnet-rtdbts_l1";
 
   ipv6 {
     import filter {
       if dn42_is_valid_network() && !is_tnet() then {
         # Check when unknown or invalid according to ROA
-        if (roa_check(dn42_roa, net, bgp_path.last) == ROA_VALID) then {
+        if (roa_check(dn42_roa, net, bgp_path.last) = ROA_VALID) then {
           accept;
         } else {
           print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
@@ -66,13 +67,13 @@ protocol bgp routedbits_lon1 {
       } else {
         reject;
       }
-    }
+    };
     export filter {
       if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
         accept;
       } else {
         reject;
       }
-    }
-  }
+    };
+  };
 }