q

bird/filter/inet_downstream.conf

@@ -0,0 +1,15 @@
+# 下游-收表控制器
+function function_inet6_downstream_import() {
+    if is_bogon_prefix() || (bgp_path.len > 100) then return false;
+    bgp_large_community.add((LOCAL_ASN,200,0));
+    return true;
+}
+
+# 下游-发表控制器
+function function_inet6_downstream_export() {
+    # 过滤掉begon和过长的段子（太长了下游受不了）
+    if is_bogon_prefix() || (bgp_path.len > 100) then reject;
+    # BGP发出底线防控
+    if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;     
+    return true;
+}

bird/filter/inet_filter.conf

@@ -1,12 +1,12 @@
 function function_inet4_bgp_import() {
-    if is_self_net_inet4() then return false;
+    if is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then return false;
     bgp_large_community.add((LOCAL_ASN,200,0));
     return true;
 }
 
 function function_inet4_bgp_export() {
-    if !is_self_net_inet4() then return false;
+    if !is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then reject;
     if source != RTS_STATIC then reject;
     if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;     
@@ -14,44 +14,16 @@ function function_inet4_bgp_export() {
 }
 
 function function_inet6_bgp_import() {
-    if is_self_net_inet6() then return false;
+    if is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then return false;
     bgp_large_community.add((LOCAL_ASN,200,0));
     return true;
 }
 
 function function_inet6_bgp_export() {
-    if !is_self_net_inet6() then return false;
+    if !is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then reject;
     if source != RTS_STATIC then reject;
     if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;     
     return true;
 }
-
-function function_inet4_ibgp_import() {
-    if is_self_net_inet4() then return false;
-    if is_bogon_prefix() then return false;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}
-
-function function_inet4_ibgp_export() {
-    if is_self_net_inet4() then return false;
-    if is_bogon_prefix() then return false;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}
-
-function function_inet6_ibgp_import() {
-    if is_self_net_inet6() then reject;
-    if is_bogon_prefix() then reject;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}
-
-function function_inet6_ibgp_export() {
-    if is_self_net_inet6() then reject;
-    if is_bogon_prefix() then reject;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}

bird/filter/inet_ibgp.conf

@@ -0,0 +1,27 @@
+function function_inet4_ibgp_import() {
+    if is_self_net() then return false;
+    if is_bogon_prefix() then return false;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
+
+function function_inet4_ibgp_export() {
+    if is_self_net() then return false;
+    if is_bogon_prefix() then return false;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
+
+function function_inet6_ibgp_import() {
+    if is_self_net() then reject;
+    if is_bogon_prefix() then reject;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
+
+function function_inet6_ibgp_export() {
+    if is_self_net() then reject;
+    if is_bogon_prefix() then reject;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}

bird/function/dn42.conf

@@ -12,3 +12,11 @@ function is_dn42_prefix() {
         else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
     }
 }
+
+function is_dn42_self_net() {
+    case net.type {
+        NET_IP4: return net ~ IS_SELF_NET_dn42v4;
+        NET_IP6: return net ~ IS_SELF_NET_dn42v6;
+        else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
+    }
+}

bird/function/inet.conf

@@ -0,0 +1,7 @@
+function is_self_net() {
+    case net.type {
+        NET_IP4: return net ~ IS_SELF_NET_inet4;
+        NET_IP6: return net ~ IS_SELF_NET_inet6;
+        else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
+    }
+}

bird/function/unet.conf

@@ -6,13 +6,13 @@ function unet_is_valid_network_v4() {
 
 function unet_is_valid_network_v4_allnet(){
   if unet_is_valid_network_v4() then return true;
-  if is_self_net_inet4() then return true;
+  if is_self_net() then return true;
-  if is_self_net_dn42v4() then return true;
+  if is_dn42_self_net() then return true;
   return false;
 }
 
 function unet_is_voalid_net_v6(){
-  if is_self_net_inet6() then return true;
+  if is_self_net() then return true;
-  if is_self_net_dn42v6() then return true;
+  if is_dn42_self_net() then return true;
   return false;
 }

bird/template/dn42.conf

@@ -5,7 +5,7 @@ template bgp dn42_bgp_up {
         table dn42v4;
         import filter {
           if !is_dn42_prefix() then reject;
-          if is_self_net_dn42v4() then reject;
+          if is_dn42_self_net() then reject;
           bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
           accept;
         };
@@ -22,7 +22,7 @@ template bgp dn42_bgp_up {
         table dn42v6;
         import filter {
           if !is_dn42_prefix() then reject;
-          if is_self_net_dn42v6() then reject;
+          if is_dn42_self_net() then reject;
           bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
           accept;
         };
@@ -48,13 +48,13 @@ template bgp dn42_ibgp {
         import filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v4() then reject;
+            if is_dn42_self_net() then reject;
             accept; 
         };
         export filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v4() then reject;
+            if is_dn42_self_net() then reject;
             accept;
             };
     };
@@ -65,13 +65,13 @@ template bgp dn42_ibgp {
         import filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v6() then reject;
+            if is_dn42_self_net() then reject;
             accept; 
         };
         export filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v6() then reject;
+            if is_dn42_self_net() then reject;
             accept;
             };
     };

update.sh

@@ -6,12 +6,19 @@ git clone https://git.nia.ink/brnet/bird_config.git
 rm /etc/bird/filter -rf
 mv ./bird_config/bird/filter /etc/bird/filter
 
+rm /etc/bird/function -rf
+mv ./bird_config/bird/function /etc/bird/function
+
 rm /etc/bird/template -rf
 mv ./bird_config/bird/template /etc/bird/template
 
-rm /etc/bird/bird.conf -rf
+mv /etc/bird/whitelist/ipconfig.conf /etc/bird/whitelist/ipconfig.conf.bak
-mv ./bird_config/bird/bird.conf /etc/bird/bird.conf
+rm /etc/bird/whitelist/*.conf -rf
+mv /etc/bird/whitelist/ipconfig.conf.bak /etc/bird/whitelist/ipconfig.conf
 
+wget https://noc.zhuantou.com.cn/api/network.php?s=inet6-bird-function -O /etc/bird/whitelist/mynet_ipv6.conf
+wget https://noc.zhuantou.com.cn/api/network.php?s=inet4-bird-function -O /etc/bird/whitelist/mynet_ipv4.conf
+wget https://noc.zhuantou.com.cn/api/network.php?s=dn42-bird-function -O /etc/bird/whitelist/mynet_dn42.conf
 
 chmod -R 755 /etc/bird