diff --git a/bird/bird.conf b/bird/bird.conf index 49d4b2a..b5fad7a 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -27,10 +27,6 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; - if unet_is_valid_network_v4() then { - krt_prefsrc = UNET_V4_kernel; - accept; - } if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V4_kernel; accept; @@ -40,4 +36,5 @@ protocol kernel { }; }; -include "/etc/bird/net/*.conf"; \ No newline at end of file +include "/etc/bird/template/*.conf"; +include "/etc/bird/peers/*.conf"; \ No newline at end of file diff --git a/bird/conf/mynet.conf b/bird/conf/mynet.conf index 4c9f064..3cf03af 100644 --- a/bird/conf/mynet.conf +++ b/bird/conf/mynet.conf @@ -4,87 +4,8 @@ function is_self_net() { ]; } -protocol static route_int_export_v4 { - route 44.32.191.0/24 reject; - ipv4 { - table inet4; - import filter { - bgp_large_community.add((LOCAL_ASN,3,0)); - bgp_large_community.add((LOCAL_ASN,1,0)); - bgp_large_community.add((LOCAL_ASN,200,0)); - accept; - }; - export none; - }; -} - function is_self_net_v6() { return net ~ [ - 2406:840:e600::/44{44,48}, - 2a14:7580:9600::/40{40,48} + 2406:840:e600::/44{44,48} ]; -} - -protocol static route_int_export_v6 { - route 2406:840:e600::/48 reject; - route 2406:840:e601::/48 reject; - route 2406:840:e608::/46 reject; - route 2a14:7580:9600::/47 reject; - route 2a14:7580:9603::/48 reject; - route 2a14:7580:9604::/48 reject; - ipv6 { - table inet6; - import filter { - bgp_large_community.add((LOCAL_ASN,3,0)); - bgp_large_community.add((LOCAL_ASN,1,0)); - bgp_large_community.add((LOCAL_ASN,200,0)); - accept; - }; - export none; - }; -} - - -function unet_is_self_net() { - return net ~ [ - 10.188.2.0/23+, - 10.188.11.0/24, - 172.20.21.0/29 - ]; -} - -protocol static route_unet_export_v4 { - route 10.188.2.0/23 reject; - route 10.188.11.0/24 reject; - ipv4 { - table unet4; - import filter { - bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核 - bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp - bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp - accept; - }; - export none; - }; -} - - -function unet_is_self_net_v6() { - return net ~ [ - 2406:840:e601::/48{48,56} - ]; -} - -protocol static route_unet_export_v6 { - route 2406:840:e601::/48 reject; - ipv6 { - table unet6; - import filter { - bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核 - bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp - bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp - accept; - }; - export none; - }; -} +} \ No newline at end of file diff --git a/bird/conf/static.conf b/bird/conf/static.conf new file mode 100644 index 0000000..8856aba --- /dev/null +++ b/bird/conf/static.conf @@ -0,0 +1,28 @@ +protocol static route_int_export_v4 { + route 44.32.191.0/24 reject; + ipv4 { + table inet4; + import filter { + bgp_large_community.add((LOCAL_ASN,3,0)); + bgp_large_community.add((LOCAL_ASN,1,0)); + bgp_large_community.add((LOCAL_ASN,200,0)); + accept; + }; + export none; + }; +} + +protocol static route_int_export_v6 { + route 2406:840:e600::/48 reject; + + ipv6 { + table inet6; + import filter { + bgp_large_community.add((LOCAL_ASN,3,0)); + bgp_large_community.add((LOCAL_ASN,1,0)); + bgp_large_community.add((LOCAL_ASN,200,0)); + accept; + }; + export none; + }; +} \ No newline at end of file diff --git a/bird/function/network.conf b/bird/function/network.conf deleted file mode 100644 index 7a6cd55..0000000 --- a/bird/function/network.conf +++ /dev/null @@ -1,28 +0,0 @@ -function unet_is_valid_network_v4() { - return net ~ [ - 10.50.0.0/16+, - 10.88.0.0/16+, - 10.21.0.0/16+, - 10.188.0.0/16+ - ]; -} - -function unet_is_valid_network_v4_anynet() { - return net ~ [ - 172.20.21.0/26+, - 44.32.191.0/24+ - ]; -} - -function unet_is_valid_network_v4_allnet(){ - if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false; - return true; -} - - -function unet_is_voalid_net_v6(){ - return net ~ [ - 2406:840:e600::/44{44,56}, - 2a14:7580:9600::/40{40,56} - ]; -} \ No newline at end of file diff --git a/bird/function/tables.conf b/bird/function/tables.conf index fb60958..c194811 100644 --- a/bird/function/tables.conf +++ b/bird/function/tables.conf @@ -1,9 +1,5 @@ ipv4 table inet4; ipv6 table inet6; -ipv4 table unet4; -ipv6 table unet6; -ipv4 table ospf4; -ipv6 table ospf6; protocol pipe inet6_sync { table inet6; @@ -23,39 +19,4 @@ protocol pipe inet4_sync { if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; accept; }; -} - -protocol pipe unet4_sync { - table unet4; - peer table master4; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} -protocol pipe unet6_sync { - table unet6; - peer table master6; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe ospf4_sync { - table ospf4; - peer table master4; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe ospf6_sync { - table ospf6; - peer table master6; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; } \ No newline at end of file diff --git a/bird/net/ospf.conf b/bird/net/ospf.conf deleted file mode 100644 index 93e110c..0000000 --- a/bird/net/ospf.conf +++ /dev/null @@ -1 +0,0 @@ -include "/etc/bird/peers/ospf/*.conf"; diff --git a/bird/net/unet.conf b/bird/net/unet.conf deleted file mode 100644 index 231883e..0000000 --- a/bird/net/unet.conf +++ /dev/null @@ -1,79 +0,0 @@ -template bgp unet_bgp_up0 { - graceful restart; - local as UNET_ASN; - ipv4 { - table unet4; - import filter { - if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept; - reject; - }; - export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; - import limit 9000 action block; - }; - ipv6 { - table unet6; - import filter { - if unet_is_voalid_net_v6() && !unet_is_self_net_v6() then accept; - reject; - }; - export filter { if unet_is_voalid_net_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; - import limit 9000 action block; - }; -} - -template bgp unet_bgp_up1 { - graceful restart; - local as UNET_ASN; - ipv4 { - table unet4; - import filter { - if unet_is_valid_network_v4() && !unet_is_self_net() then accept; - reject; - }; - export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; - import limit 9000 action block; - }; -} - -template bgp unet_ibgp { - graceful restart; - local as UNET_ASN; - med metric; - direct; - ipv4 { - table unet4; - next hop self; - gateway direct; - import filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; - if unet_is_self_net() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; - if unet_is_self_net() then reject; - accept; - }; - }; - ipv6 { - table unet6; - next hop self; - gateway direct; - import filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v6() then reject; - if unet_is_self_net_v6() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v6() then reject; - if unet_is_self_net_v6() then reject; - accept; - }; - }; -} - -include "/etc/bird/peers/unet/*.conf"; \ No newline at end of file diff --git a/bird/peers/bgp.conf b/bird/peers/bgp.conf new file mode 100644 index 0000000..beb36b1 --- /dev/null +++ b/bird/peers/bgp.conf @@ -0,0 +1,4 @@ +protocol bgp inet_bgp_as153376 from tpl_bgp_up { + source address fe80:15:3376:3::2:2; + neighbor fe80:15:3376:3::3:2%pccw1 as 153376; +} \ No newline at end of file diff --git a/bird/peers/inet/ibgp.conf b/bird/peers/inet/ibgp.conf deleted file mode 100644 index 0171c30..0000000 --- a/bird/peers/inet/ibgp.conf +++ /dev/null @@ -1,4 +0,0 @@ -protocol bgp int_ibgp_hk1 from tpl_ibgp { - source address fe80:15:3376:3::2:1; - neighbor fe80:15:3376:3::3:1%pccw1 as LOCAL_ASN; -} \ No newline at end of file diff --git a/bird/peers/ospf/ospf_ipv4.conf b/bird/peers/ospf/ospf_ipv4.conf deleted file mode 100644 index 773fa74..0000000 --- a/bird/peers/ospf/ospf_ipv4.conf +++ /dev/null @@ -1,32 +0,0 @@ -protocol ospf v3 ospf_ipv4 { - ipv4 { - table ospf4; - import all; - export filter { - if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject; - accept; - }; - import limit 1000 action block; - }; - area 0 { - interface "pccw1" { - cost 5; - password "114514"; - }; - - }; -} - - -protocol static route_ospf_export_v4 { - route 10.188.3.0/24 reject; - ipv4 { - table ospf4; - import filter { - bgp_large_community.add((UNET_ASN,301,0));# 允许导出至OSPF - bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核 - accept; - }; - export none; - }; -} \ No newline at end of file diff --git a/bird/peers/ospf/ospf_ipv6.conf b/bird/peers/ospf/ospf_ipv6.conf deleted file mode 100644 index f01e591..0000000 --- a/bird/peers/ospf/ospf_ipv6.conf +++ /dev/null @@ -1,33 +0,0 @@ -protocol ospf v3 ospf_ipv6 { - ipv6 { - table ospf6; - import all; - export filter { - if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject; - accept; - }; - import limit 1000 action block; - }; - area 0 { - interface "pccw1" { - cost 5; - }; - }; -} - -protocol static route_ospf_export_v6 { - route 2406:840:e601:1::/64 reject; - route 2406:840:e601:3::/64 reject; - route 2406:840:e601:4::/63 reject; - route 2406:840:e601:2000::/51 reject; - - ipv6 { - table ospf6; - import filter { - bgp_large_community.add((UNET_ASN,301,0));# 允许导出至OSPF - bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核 - accept; - }; - export none; - }; -} \ No newline at end of file diff --git a/bird/peers/unet/ibgp.conf b/bird/peers/unet/ibgp.conf deleted file mode 100644 index f02aa48..0000000 --- a/bird/peers/unet/ibgp.conf +++ /dev/null @@ -1,4 +0,0 @@ -protocol bgp unet_ibgp_hk1 from unet_ibgp { - source address fe80:15:3376:3::2:2; - neighbor fe80:15:3376:3::3:2%pccw1 as UNET_ASN; -} \ No newline at end of file diff --git a/bird/net/inet.conf b/bird/template/inet.conf similarity index 98% rename from bird/net/inet.conf rename to bird/template/inet.conf index 733c9fa..8e00fab 100644 --- a/bird/net/inet.conf +++ b/bird/template/inet.conf @@ -74,5 +74,4 @@ template bgp tpl_ibgp { accept; }; }; -} -include "/etc/bird/peers/inet/*"; \ No newline at end of file +} \ No newline at end of file diff --git a/bird/vars.conf b/bird/vars.conf index 9d4c024..a47b8af 100644 --- a/bird/vars.conf +++ b/bird/vars.conf @@ -2,7 +2,4 @@ define LOCAL_ASN = 153376; define LOCAL_V4_kernel = 10.188.2.3; define LOCAL_V6_kernel = 2406:840:e601:1::1; -define UNET_ASN = 4218818804; -define UNET_V4_kernel = 10.188.2.3; - router id 154.37.212.38; \ No newline at end of file