aboutsummaryrefslogtreecommitdiff
path: root/tnet/templates/bird-tnet.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'tnet/templates/bird-tnet.conf.j2')
-rw-r--r--tnet/templates/bird-tnet.conf.j238
1 files changed, 37 insertions, 1 deletions
diff --git a/tnet/templates/bird-tnet.conf.j2 b/tnet/templates/bird-tnet.conf.j2
index 57e557a..b11bf0c 100644
--- a/tnet/templates/bird-tnet.conf.j2
+++ b/tnet/templates/bird-tnet.conf.j2
@@ -27,13 +27,49 @@ template bgp tnet_tpl {
};
}
{% for p in tnet_bird_peers|default([])|sort %}
+{% set peer = tnet_bird_peers[p] %}
+{% set policy = peer.policy | default("tnet") %}
+{% if policy == "tnet" %}
protocol bgp tnet_{{ p }} from tnet_tpl {
neighbor {{ hostvars[p].tnet_wg[inventory_hostname].address }};
interface "tnet-{{ p }}";
-{% if tnet_bird_peers[p].rr_client|default(False) %}
+{% if peer.rr_client|default(False) %}
rr client;
{% endif %}
}
+{% elif policy == "dn42" %}
+protocol bgp {{ p }} {
+ local as 4242423538;
+ neighbor {{ peer.address }}
+ neighbor as {{ peer.as }};
+{% if peer.interface is defined %}
+ interface "{{ peer.interface }}";
+{% endif %}
+
+ ipv6 {
+ import filter {
+ if dn42_is_valid_network() && !is_tnet() then {
+ # Check when unknown or invalid according to ROA
+ if (roa_check(dn42_roa, net, bgp_path.last) == ROA_VALID) then {
+ accept;
+ } else {
+ print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
+ reject;
+ }
+ } else {
+ reject;
+ }
+ }
+ export filter {
+ if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
+ accept;
+ } else {
+ reject;
+ }
+ }
+ }
+}
+{% endif %}
{% endfor %}