brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

对相关的配置进行修整;

Browse Source
This commit is contained in:
daxi20
2025-10-03 21:47:58 +08:00
parent c454b5f16e
commit 1660565696
10 changed files with 30 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bird/bird.conf
View File

@@ -12,10 +12,6 @@ protocol kernel {
import none; import none;
export filter { export filter {
if source = RTS_STATIC then reject; if source = RTS_STATIC then reject;
if dn42_is_valid_network_v6() then {
krt_prefsrc = DN42_V6_kernel;
accept;
}
if !is_bogon_prefix() then { if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel; krt_prefsrc = LOCAL_V6_kernel;
accept; accept;
@@ -31,14 +27,10 @@ protocol kernel {
import none; import none;
export filter { export filter {
if source = RTS_STATIC then reject; if source = RTS_STATIC then reject;
if unet_is_valid_network_v4_unet() then { if unet_is_valid_network_v4() then {
krt_prefsrc = UNET_V4_kernel; krt_prefsrc = UNET_V4_kernel;
accept; accept;
} }
if dn42_is_valid_network() then {
krt_prefsrc = DN42_V4_kernel;
accept;
}
if !is_bogon_prefix() then { if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel; krt_prefsrc = LOCAL_V4_kernel;
accept; accept;

45
bird/conf/mynet.conf
View File

@@ -45,46 +45,6 @@ protocol static route_int_export_v6 {
} }
function dn42_is_self_net() {
return net ~ [
172.20.21.0/26+
];
}
protocol static route_dn42_export_v4 {
route 172.20.21.0/26 reject;
ipv4 {
table dn42v4;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
function dn42_is_self_net_v6() {
return net ~ [
fde8:936e:ee29::/48+
];
}
protocol static route_dn42_export_v6 {
route fde8:936e:ee29::/48 reject;
ipv6 {
table dn42v6;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
function unet_is_self_net() { function unet_is_self_net() {
return net ~ [ return net ~ [
10.188.2.0/23+, 10.188.2.0/23+,
@@ -96,7 +56,6 @@ function unet_is_self_net() {
protocol static route_unet_export_v4 { protocol static route_unet_export_v4 {
route 10.188.2.0/23 reject; route 10.188.2.0/23 reject;
route 10.188.11.0/24 reject; route 10.188.11.0/24 reject;
route 172.20.21.0/29 reject;
ipv4 { ipv4 {
table unet4; table unet4;
import filter { import filter {
@@ -112,14 +71,12 @@ protocol static route_unet_export_v4 {
function unet_is_self_net_v6() { function unet_is_self_net_v6() {
return net ~ [ return net ~ [
2406:840:e601::/48{48,56}, 2406:840:e601::/48{48,56}
fde8:936e:ee29:1000::/56
]; ];
} }
protocol static route_unet_export_v6 { protocol static route_unet_export_v6 {
route 2406:840:e601::/48 reject; route 2406:840:e601::/48 reject;
route fde8:936e:ee29:1000::/56 reject;
ipv6 { ipv6 {
table unet6; table unet6;
import filter { import filter {

36
bird/function/network.conf
View File

@@ -1,21 +1,7 @@
function dn42_is_valid_network() { function unet_is_valid_network_v4() {
return net ~ [
172.20.0.0/14+,
10.100.0.0/14+,
172.31.0.0/16+,
10.127.0.0/16+
];
}
function dn42_is_valid_network_v6() {
return net ~ [
fd00::/8{32,64}
];
}
function unet_is_valid_network_v4_unet() {
return net ~ [ return net ~ [
10.50.0.0/16+, 10.50.0.0/16+,
10.88.0.0/16+,
10.21.0.0/16+, 10.21.0.0/16+,
10.188.0.0/16+ 10.188.0.0/16+
]; ];
@@ -28,21 +14,15 @@ function unet_is_valid_network_v4_anynet() {
]; ];
} }
function unet_is_voalid_net_v4(){ function unet_is_valid_network_v4_allnet(){
if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4_unet() then return false; if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false;
return true; return true;
} }
function unet_is_voalid_net_v6_anynet(){
return net ~ [
2406:840:e600::/44{44,56},
2a14:7580:9600::/40{45,56},
fde8:936e:ee29::/48{48,56}
];
}
function unet_is_voalid_net_v6(){ function unet_is_voalid_net_v6(){
if !unet_is_voalid_net_v6_anynet() then return false; return net ~ [
return true; 2406:840:e600::/44{44,56},
2a14:7580:9600::/40{40,56}
];
} }

24
bird/function/tables.conf
View File

@@ -2,8 +2,6 @@ ipv4 table inet4;
ipv6 table inet6; ipv6 table inet6;
ipv4 table unet4; ipv4 table unet4;
ipv6 table unet6; ipv6 table unet6;
ipv4 table dn42v4;
ipv6 table dn42v6;
ipv4 table ospf4; ipv4 table ospf4;
ipv6 table ospf6; ipv6 table ospf6;
@@ -27,26 +25,6 @@ protocol pipe inet4_sync {
}; };
} }
protocol pipe dn42v4_sync {
table dn42v4;
peer table master4;
import none;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe dn42v6_sync {
table dn42v6;
peer table master6;
import none;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe unet4_sync { protocol pipe unet4_sync {
table unet4; table unet4;
peer table master4; peer table master4;
@@ -64,7 +42,7 @@ protocol pipe unet6_sync {
}; };
} }
protocol pipe pipe_ospf4_sync { protocol pipe ospf4_sync {
table ospf4; table ospf4;
peer table master4; peer table master4;
export filter { export filter {

69
bird/net/dn42.conf
View File

@@ -1,69 +0,0 @@
template bgp dn42_peers {
local as DN42_ASN;
path metric 1;
ipv4 {
table dn42v4;
import filter {
if dn42_is_valid_network() && !dn42_is_self_net() then accept;
reject;
};
export filter {
if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject;
};
import limit 9000 action block;
};
ipv6 {
table dn42v6;
import filter {
if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
reject;
};
export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp dn42_ibgp {
graceful restart;
local as DN42_ASN;
med metric;
direct;
ipv4 {
table dn42v4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network() then reject;
if dn42_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network() then reject;
if dn42_is_self_net() then reject;
accept;
};
};
ipv6 {
table dn42v6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network_v6() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network_v6() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
};
}
include "/etc/bird/peers/dn42/*.conf";

24
bird/net/unet.conf
View File

@@ -1,13 +1,13 @@
template bgp unet_bgp_up { template bgp unet_bgp_up0 {
graceful restart; graceful restart;
local as UNET_ASN; local as UNET_ASN;
ipv4 { ipv4 {
table unet4; table unet4;
import filter { import filter {
if unet_is_voalid_net_v4() && !unet_is_self_net() then accept; if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept;
reject; reject;
}; };
export filter { if unet_is_voalid_net_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block; import limit 9000 action block;
}; };
ipv6 { ipv6 {
@@ -21,6 +21,20 @@ template bgp unet_bgp_up {
}; };
} }
template bgp unet_bgp_up1 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if unet_is_valid_network_v4() && !unet_is_self_net() then accept;
reject;
};
export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp unet_ibgp { template bgp unet_ibgp {
graceful restart; graceful restart;
local as UNET_ASN; local as UNET_ASN;
@@ -32,13 +46,13 @@ template bgp unet_ibgp {
gateway direct; gateway direct;
import filter { import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v4() then reject; if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject; if unet_is_self_net() then reject;
accept; accept;
}; };
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v4() then reject; if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject; if unet_is_self_net() then reject;
accept; accept;
}; };

4
bird/peers/dn42/ibgp.conf
View File

@@ -1,4 +0,0 @@
protocol bgp dn42_ibgp_hk1 from dn42_ibgp {
source address 172.20.21.6;
neighbor 172.20.21.4 as DN42_ASN;
}

8
bird/peers/inet/bgp_zxix.conf
View File

@@ -1,8 +0,0 @@
protocol bgp int_bgp_zxix_rs1 from tpl_bgp_up {
neighbor 2406:840:1f:1000::1 as 140961;
}
protocol bgp int_bgp_zxix_140915_v6 from tpl_bgp_up {
source address 2406:840:1f:1000:0:15:3376:1;
neighbor 2406:840:1f:1000:0:14:915:2 as 140915;
}

4
bird/peers/inet/bgpexchange_jp.conf
View File

@@ -1,4 +0,0 @@
protocol bgp int_bgp_exchange_jp1 from tpl_bgp_up {
source address 2a0e:8f01:1000:9::10b;
neighbor 2a0e:8f01:1000:9::1 as 24381;
}

4
bird/vars.conf
View File

@@ -2,10 +2,6 @@ define LOCAL_ASN = 153376;
define LOCAL_V4_kernel = 10.188.2.3; define LOCAL_V4_kernel = 10.188.2.3;
define LOCAL_V6_kernel = 2406:840:e601:1::1; define LOCAL_V6_kernel = 2406:840:e601:1::1;
define DN42_ASN = 4242423376;
define DN42_V4_kernel = 172.20.21.6;
define DN42_V6_kernel = fde8:936e:ee29:1000::3;
define UNET_ASN = 4218818804; define UNET_ASN = 4218818804;
define UNET_V4_kernel = 10.188.2.3; define UNET_V4_kernel = 10.188.2.3;