-
Notifications
You must be signed in to change notification settings - Fork 25
/
bird.conf.j2
223 lines (192 loc) · 6.02 KB
/
bird.conf.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#jinja2: trim_blocks: "true", lstrip_blocks: "true"
{% set V6_SADR_DEFAULT_ROUTE = '::/0 from ' ~ freifunk_global_prefix %}
log syslog all;
debug protocols {states};
# Include additional bird config files for runtime extendability
include "/dev/shm/bird_*.conf";
protocol device { };
##
## Kernel <-> Babel tables
##
ipv6 sadr table v6_main;
ipv4 table v4_main;
ipv4 table v4_babel_ff;
ipv4 table v4_babel_default;
protocol kernel kernel_v6_main {
ipv6 sadr {
table v6_main;
import all;
export all;
};
learn all; # Allow learning loopback route
}
# Currently not in use due to OLSRD->Babel migration
# For now babel IPv4 routes land in the subsequent KRTs
protocol kernel kernel_v4_main {
ipv4 {
table v4_main;
import none;
export none;
};
}
protocol kernel kernel_v4_babel_ff {
kernel table 10;
ipv4 {
table v4_babel_ff;
import none;
export all;
};
}
protocol pipe pipe_v4_main_to_babel_ff {
table v4_main;
peer table v4_babel_ff;
export where net != 0.0.0.0/0;
import none;
}
protocol kernel kernel_v4_babel_default {
kernel table 11;
ipv4 {
table v4_babel_default;
import none;
export all;
};
}
protocol pipe pipe_v4_main_to_babel_default {
table v4_main;
peer table v4_babel_default;
export where net = 0.0.0.0/0;
import none;
}
##
## Uplink static IPv4 route
##
{% if uplink['ipv4'] | ansible.utils.ipaddr('prefix') >= 30 %}
{% set v4_nexthop = uplink['ipv4'] | ansible.utils.ipaddr('peer') %}
{% else %}
{% set v4_nexthop = uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') %}
{%- endif %}
protocol static static_uplink {
ipv4 { table v4_main; };
check link;
route 0.0.0.0/0 via {{ v4_nexthop }} dev "{{ uplink['ifname'] }}";
}
##
## Babel Section
##
protocol babel babel_mesh {
randomize router id yes;
ipv6 sadr {
table v6_main;
# Import only /56 location aggregates and default routes
import filter {
if ! (net.len = 56 || net = {{ V6_SADR_DEFAULT_ROUTE }}) then reject;
{% for interface in mesh_links %}
if ifname = "{{ interface['ifname'] }}" then {
babel_metric = babel_metric + {{ interface.get('mesh_metric', mesh_metric_default_in) }};
accept;
}
{% endfor %}
if ifname ~ "wg_*" then {
babel_metric = babel_metric + {{ mesh_metric_tunnel_in }};
accept;
}
accept;
};
export where source = RTS_BABEL || net = {{ ipv6_prefix }} from ::/0 || net = {{ V6_SADR_DEFAULT_ROUTE }};
};
ipv4 {
table v4_main;
import filter {
if ifname ~ "gre4-*" then reject;
{% for interface in mesh_links %}
if ifname = "{{ interface['ifname'] }}" then {
babel_metric = babel_metric + {{ interface.get('mesh_metric', mesh_metric_default_in) }};
accept;
}
{% endfor %}
if ifname ~ "wg_*" then {
babel_metric = babel_metric + {{ mesh_metric_tunnel_in }};
accept;
}
accept;
};
export where source = RTS_BABEL || net = 0.0.0.0/0; # Readvertise Babel routes and advertise default route
};
# Mesh interfaces
{% for interface in mesh_links %}
interface "{{ interface['ifname'] }}" {
type wireless;
};
{% endfor %}
# GRE Tunnels
{% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %}
interface "gre4-{{ hostvars[gateway]['gre_tunnel_alias'] }}" {
type wireless;
rxcost {{ gre_metric }}; # Keep for now, could be implemented as export filter later
};
{% endfor %}
# Wireguard tunnel links which are dynamically established
interface "wg_*" {
type wireless;
rxcost {{ mesh_metric_tunnel_in }}; # Keep for now, could be implemented as export filter later
};
}
{% if 'ipv6' in uplink %}
##
## BGP Section
##
ipv6 table v6_bgp_upstream;
# Define local attribute as yet another safetynet to ensure that we dont announce the bgpdisco
# routes to our upstream which will likely make the internet explode.
# While that sounds funny that aint a joke - Take it very serious or risk our trust!!
attribute int really_announce_to_upstream;
# Attention. Following rules are redundant for good reasons.
# 1. Let only pass routes which carry the really_announce_to_upstream route attribute being true
# 2. Filter for networks we explicitly would like to advertise, configurable through group_vars.
# Please do not remove those and pay attention, because we are abusing BGP for really funky stuff
# in our Backbone. Those routes must never reach the internet, otherwise it might break. Not kidding!
filter bgp_export_aggregates {
# See 1.
if ! ( defined( really_announce_to_upstream ) && really_announce_to_upstream = 1312 ) then reject;
# See 2.
if net !~ [ {{ freifunk_global_prefix }}{{ '{' }}{{ freifunk_wahlkreis_announcement_prefix }},{{ freifunk_wahlkreis_announcement_prefix}}{{ '}' }} ] then reject;
# Allow Traffic Engineering on routes which made it until here.
include "/dev/shm/announcement*.bird.conf";
accept;
}
protocol static static_v6_bgp_upstream {
ipv6 { table v6_bgp_upstream; };
{% for wahlkreis in freifunk_wahlkreis_prefixes %}
{% for no in range(0, wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix) | int) %}
route {{ wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix, no) }} unreachable {
really_announce_to_upstream = 1312;
};
{% endfor %}
{% endfor %}
}
protocol bgp bgp_upstream {
local {{ uplink['ipv6'] | ansible.utils.ipaddr('address') }} as {{ local_asn }};
neighbor {{ uplink['ipv6'] | ansible.utils.ipaddr('peer') }} as {{ peer_asn }};
ipv6 {
table v6_bgp_upstream;
import where net = ::/0;
export filter bgp_export_aggregates;
};
}
##
## Hack to announce create a source specifc default route pointing to BGP Next Hop
## Details: https://github.com/freifunk-berlin/bbb-configs/issues/1062#issuecomment-2466541315
##
ipv6 sadr table v6_default_via_bgp;
protocol static static_v6_default_via_bgp {
ipv6 sadr { table v6_default_via_bgp; };
igp table v6_bgp_upstream; # Where to lookup recursive resolved next-hop
route {{ V6_SADR_DEFAULT_ROUTE }} recursive ::;
}
protocol pipe pipe_v6_default_via_bgp_to_main {
table v6_default_via_bgp;
peer table v6_main;
export where dest != RTD_UNREACHABLE;
import none;
}
{% endif %}