diff --git a/bird/bird.conf b/bird/bird.conf index 95b4eec..49d4b2a 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -12,10 +12,6 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; - if dn42_is_valid_network_v6() then { - krt_prefsrc = DN42_V6_kernel; - accept; - } if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V6_kernel; accept; @@ -31,14 +27,10 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; - if unet_is_valid_network_v4_unet() then { + if unet_is_valid_network_v4() then { krt_prefsrc = UNET_V4_kernel; accept; } - if dn42_is_valid_network() then { - krt_prefsrc = DN42_V4_kernel; - accept; - } if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V4_kernel; accept; diff --git a/bird/conf/mynet.conf b/bird/conf/mynet.conf index a115890..4c9f064 100644 --- a/bird/conf/mynet.conf +++ b/bird/conf/mynet.conf @@ -45,46 +45,6 @@ protocol static route_int_export_v6 { } -function dn42_is_self_net() { - return net ~ [ - 172.20.21.0/26+ - ]; -} - -protocol static route_dn42_export_v4 { - route 172.20.21.0/26 reject; - ipv4 { - table dn42v4; - import filter { - bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 - bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp - bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp - accept; - }; - export none; - }; -} - -function dn42_is_self_net_v6() { - return net ~ [ - fde8:936e:ee29::/48+ - ]; -} - -protocol static route_dn42_export_v6 { - route fde8:936e:ee29::/48 reject; - ipv6 { - table dn42v6; - import filter { - bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 - bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp - bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp - accept; - }; - export none; - }; -} - function unet_is_self_net() { return net ~ [ 10.188.2.0/23+, @@ -96,7 +56,6 @@ function unet_is_self_net() { protocol static route_unet_export_v4 { route 10.188.2.0/23 reject; route 10.188.11.0/24 reject; - route 172.20.21.0/29 reject; ipv4 { table unet4; import filter { @@ -112,14 +71,12 @@ protocol static route_unet_export_v4 { function unet_is_self_net_v6() { return net ~ [ - 2406:840:e601::/48{48,56}, - fde8:936e:ee29:1000::/56 + 2406:840:e601::/48{48,56} ]; } protocol static route_unet_export_v6 { route 2406:840:e601::/48 reject; - route fde8:936e:ee29:1000::/56 reject; ipv6 { table unet6; import filter { diff --git a/bird/function/network.conf b/bird/function/network.conf index 5b3d9a3..7a6cd55 100644 --- a/bird/function/network.conf +++ b/bird/function/network.conf @@ -1,21 +1,7 @@ -function dn42_is_valid_network() { - return net ~ [ - 172.20.0.0/14+, - 10.100.0.0/14+, - 172.31.0.0/16+, - 10.127.0.0/16+ - ]; -} - -function dn42_is_valid_network_v6() { - return net ~ [ - fd00::/8{32,64} - ]; -} - -function unet_is_valid_network_v4_unet() { +function unet_is_valid_network_v4() { return net ~ [ 10.50.0.0/16+, + 10.88.0.0/16+, 10.21.0.0/16+, 10.188.0.0/16+ ]; @@ -28,21 +14,15 @@ function unet_is_valid_network_v4_anynet() { ]; } -function unet_is_voalid_net_v4(){ - if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4_unet() then return false; +function unet_is_valid_network_v4_allnet(){ + if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false; return true; } -function unet_is_voalid_net_v6_anynet(){ - return net ~ [ - 2406:840:e600::/44{44,56}, - 2a14:7580:9600::/40{45,56}, - fde8:936e:ee29::/48{48,56} - ]; -} - function unet_is_voalid_net_v6(){ - if !unet_is_voalid_net_v6_anynet() then return false; - return true; + return net ~ [ + 2406:840:e600::/44{44,56}, + 2a14:7580:9600::/40{40,56} + ]; } \ No newline at end of file diff --git a/bird/function/tables.conf b/bird/function/tables.conf index 35547eb..fb60958 100644 --- a/bird/function/tables.conf +++ b/bird/function/tables.conf @@ -2,8 +2,6 @@ ipv4 table inet4; ipv6 table inet6; ipv4 table unet4; ipv6 table unet6; -ipv4 table dn42v4; -ipv6 table dn42v6; ipv4 table ospf4; ipv6 table ospf6; @@ -27,26 +25,6 @@ protocol pipe inet4_sync { }; } -protocol pipe dn42v4_sync { - table dn42v4; - peer table master4; - import none; - export filter { - if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe dn42v6_sync { - table dn42v6; - peer table master6; - import none; - export filter { - if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; - accept; - }; -} - protocol pipe unet4_sync { table unet4; peer table master4; @@ -64,7 +42,7 @@ protocol pipe unet6_sync { }; } -protocol pipe pipe_ospf4_sync { +protocol pipe ospf4_sync { table ospf4; peer table master4; export filter { diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf deleted file mode 100644 index 032e301..0000000 --- a/bird/net/dn42.conf +++ /dev/null @@ -1,69 +0,0 @@ -template bgp dn42_peers { - local as DN42_ASN; - path metric 1; - - ipv4 { - table dn42v4; - import filter { - if dn42_is_valid_network() && !dn42_is_self_net() then accept; - reject; - }; - - export filter { - if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; - }; - import limit 9000 action block; - }; - ipv6 { - table dn42v6; - import filter { - if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept; - reject; - }; - export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; - import limit 9000 action block; - }; -} - - -template bgp dn42_ibgp { - graceful restart; - local as DN42_ASN; - med metric; - direct; - ipv4 { - table dn42v4; - next hop self; - gateway direct; - import filter { - if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; - if !dn42_is_valid_network() then reject; - if dn42_is_self_net() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; - if !dn42_is_valid_network() then reject; - if dn42_is_self_net() then reject; - accept; - }; - }; - ipv6 { - table dn42v6; - next hop self; - gateway direct; - import filter { - if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; - if !dn42_is_valid_network_v6() then reject; - if dn42_is_self_net_v6() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; - if !dn42_is_valid_network_v6() then reject; - if dn42_is_self_net_v6() then reject; - accept; - }; - }; -} -include "/etc/bird/peers/dn42/*.conf"; \ No newline at end of file diff --git a/bird/net/unet.conf b/bird/net/unet.conf index 6de5bde..231883e 100644 --- a/bird/net/unet.conf +++ b/bird/net/unet.conf @@ -1,13 +1,13 @@ -template bgp unet_bgp_up { +template bgp unet_bgp_up0 { graceful restart; local as UNET_ASN; ipv4 { table unet4; import filter { - if unet_is_voalid_net_v4() && !unet_is_self_net() then accept; + if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept; reject; }; - export filter { if unet_is_voalid_net_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 9000 action block; }; ipv6 { @@ -21,6 +21,20 @@ template bgp unet_bgp_up { }; } +template bgp unet_bgp_up1 { + graceful restart; + local as UNET_ASN; + ipv4 { + table unet4; + import filter { + if unet_is_valid_network_v4() && !unet_is_self_net() then accept; + reject; + }; + export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; +} + template bgp unet_ibgp { graceful restart; local as UNET_ASN; @@ -32,13 +46,13 @@ template bgp unet_ibgp { gateway direct; import filter { if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v4() then reject; + if !unet_is_valid_network_v4_allnet() then reject; if unet_is_self_net() then reject; accept; }; export filter { if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v4() then reject; + if !unet_is_valid_network_v4_allnet() then reject; if unet_is_self_net() then reject; accept; }; diff --git a/bird/peers/dn42/ibgp.conf b/bird/peers/dn42/ibgp.conf deleted file mode 100644 index 5d009ff..0000000 --- a/bird/peers/dn42/ibgp.conf +++ /dev/null @@ -1,4 +0,0 @@ -protocol bgp dn42_ibgp_hk1 from dn42_ibgp { - source address 172.20.21.6; - neighbor 172.20.21.4 as DN42_ASN; -} \ No newline at end of file diff --git a/bird/peers/inet/bgp_zxix.conf b/bird/peers/inet/bgp_zxix.conf deleted file mode 100644 index b48bb26..0000000 --- a/bird/peers/inet/bgp_zxix.conf +++ /dev/null @@ -1,8 +0,0 @@ -protocol bgp int_bgp_zxix_rs1 from tpl_bgp_up { - neighbor 2406:840:1f:1000::1 as 140961; -} - -protocol bgp int_bgp_zxix_140915_v6 from tpl_bgp_up { - source address 2406:840:1f:1000:0:15:3376:1; - neighbor 2406:840:1f:1000:0:14:915:2 as 140915; -} \ No newline at end of file diff --git a/bird/peers/inet/bgpexchange_jp.conf b/bird/peers/inet/bgpexchange_jp.conf deleted file mode 100644 index 57dc755..0000000 --- a/bird/peers/inet/bgpexchange_jp.conf +++ /dev/null @@ -1,4 +0,0 @@ -protocol bgp int_bgp_exchange_jp1 from tpl_bgp_up { - source address 2a0e:8f01:1000:9::10b; - neighbor 2a0e:8f01:1000:9::1 as 24381; -} \ No newline at end of file diff --git a/bird/vars.conf b/bird/vars.conf index c9872f4..9d4c024 100644 --- a/bird/vars.conf +++ b/bird/vars.conf @@ -2,10 +2,6 @@ define LOCAL_ASN = 153376; define LOCAL_V4_kernel = 10.188.2.3; define LOCAL_V6_kernel = 2406:840:e601:1::1; -define DN42_ASN = 4242423376; -define DN42_V4_kernel = 172.20.21.6; -define DN42_V6_kernel = fde8:936e:ee29:1000::3; - define UNET_ASN = 4218818804; define UNET_V4_kernel = 10.188.2.3;