brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix:add dn42 and change config

Browse Source
This commit is contained in:
gaoyuheng
2025-12-16 15:56:30 +08:00
parent 95a3532da2
commit 521702243b
20 changed files with 399 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bird/bird.conf
View File

@@ -13,8 +13,8 @@ protocol kernel {
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
if is_dn42_prefix() then {
krt_prefsrc = DN42_V6_kernel;
accept;
}
reject;
@@ -33,8 +33,8 @@ protocol kernel {
krt_prefsrc = UNET_V4_kernel;
accept;
}
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
if is_dn42_prefix() then {
krt_prefsrc = DN42_V4_kernel;
accept;
}
reject;

42
bird/conf/aaa_ipconfig.conf Normal file
View File

@@ -0,0 +1,42 @@
function is_self_net() {
return net ~ [
44.32.191.0/24
];
}
function is_self_net_v6() {
return net ~ [
2406:840:e600::/44{44,48},
2a0f:1cc5:10::/44{44,48}
];
}
function unet_is_self_net() {
return net ~ [
10.188.6.0/23+,
10.188.5.124/30,
44.32.191.16/28,
44.32.191.7/32
];
}
function unet_is_self_net_v6() {
return net ~ [
2406:840:e603::/48{48,56},
2406:840:e60e::/56
];
}
function dn42_is_self_net() {
return net ~ [
172.20.21.0/26+
];
}
function dn42_is_self_net_v6() {
return net ~ [
fde8:936e:ee29::/48+
];
}

28
bird/conf/dn42.conf Normal file
View File

@@ -0,0 +1,28 @@
protocol static route_dn42_export_v4 {
route 172.20.21.0/26 reject;
ipv4 {
table dn42v4;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
protocol static route_dn42_export_v6 {
route fde8:936e:ee29::/48 reject;
ipv6 {
table dn42v6;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

13
bird/conf/inet_func.conf
View File

@@ -1,13 +0,0 @@
function is_self_net() {
return net ~ [
44.32.191.0/24
];
}
function is_self_net_v6() {
return net ~ [
2406:840:e600::/44{44,48},
2a0f:1cc5:10::/44{44,48}
];
}

18
bird/conf/unet.conf
View File

@@ -1,13 +1,3 @@
function unet_is_self_net() {
return net ~ [
10.188.6.0/23+,
10.188.5.124/30,
44.32.191.16/28,
44.32.191.7/32
];
}
protocol static route_unet_export_v4 {
route 10.188.6.0/23 reject;
route 10.188.5.124/30 reject;
@@ -25,14 +15,6 @@ protocol static route_unet_export_v4 {
};
}
function unet_is_self_net_v6() {
return net ~ [
2406:840:e603::/48{48,56},
2406:840:e60e::/56
];
}
protocol static route_unet_export_v6 {
route 2406:840:e603::/48 reject;
route 2406:840:e60e::/56 reject;

14
bird/function/dn42.conf Normal file
View File

@@ -0,0 +1,14 @@
define DN42_PREFIXES_V4 = [
172.20.0.0/14+
];
define DN42_PREFIXES_V6 = [
fd00::/8+
];
function is_dn42_prefix() {
case net.type {
NET_IP4: return net ~ DN42_PREFIXES_V4;
NET_IP6: return net ~ DN42_PREFIXES_V6;
else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}

8
bird/function/tables.conf
View File

@@ -1,6 +1,8 @@
ipv4 table inet4;
ipv6 table inet6;
ipv4 table ospf4;
ipv6 table ospf6;
ipv4 table dn42v4;
ipv6 table dn42v6;
ipv4 table unet4;
ipv6 table unet6;
ipv6 table unet6;
ipv4 table ospf4;
ipv6 table ospf6;

5
bird/function/unet.conf
View File

@@ -10,7 +10,7 @@ function unet_is_valid_network_v4() {
function unet_is_valid_network_v4_anynet() {
return net ~ [
44.32.191.0/24+,
172.20.0.0/14+
172.20.21.0/26+
];
}
@@ -23,6 +23,7 @@ function unet_is_valid_network_v4_allnet(){
function unet_is_voalid_net_v6(){
return net ~ [
2406:840:e600::/44{44,64},
2a0f:1cc5:0010::/44{44,64}
2a0f:1cc5:0010::/44{44,64},
fde8:936e:ee29::/48{44,64}
];
}

17
bird/net/dn42.conf Normal file
View File

@@ -0,0 +1,17 @@
protocol pipe dn42v4_sync {
table dn42v4;
peer table master4;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe dn42v6_sync {
table dn42v6;
peer table master6;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}

34
bird/net/inet.conf Normal file
View File

@@ -0,0 +1,34 @@
protocol kernel {
scan time 20;
kernel table 102;
ipv4 {
table inet4;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject;
};
};
};
protocol kernel {
scan time 20;
kernel table 102;
ipv6 {
table inet6;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
accept;
}
reject;
};
};
};

17
bird/net/inet4.conf
View File

@@ -1,17 +0,0 @@
protocol kernel {
scan time 20;
kernel table 102;
merge paths yes limit 4;
ipv4 {
table inet4;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject;
};
};
};

9
bird/net/inet6.conf
View File

@@ -1,9 +0,0 @@
protocol pipe inet6_sync {
table inet6;
peer table master6;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
import none;
}

4
bird/net/ospf.conf
View File

@@ -1,6 +1,6 @@
protocol pipe ospf4_sync {
table ospf4;
peer table master4;
peer table unet4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
@@ -10,7 +10,7 @@ protocol pipe ospf4_sync {
protocol pipe ospf6_sync {
table ospf6;
peer table master6;
peer table unet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;

63
bird/net/unet.conf
View File

@@ -1,18 +1,63 @@
# 公网处理
protocol pipe unet4_inet4_sync {
table unet4;
peer table inet4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
protocol pipe unet6_inet6_sync {
table unet6;
peer table inet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
# DN42处理
protocol pipe unet4_dn42v4_sync {
table unet4;
peer table dn42v4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
protocol pipe unet6_dn42v6_sync {
table unet6;
peer table dn42v6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
# 剩下的进入master (只有V4)
protocol pipe unet4_sync {
table unet4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !unet_is_valid_network_v4() then reject;
accept;
};
import none;
}
protocol pipe unet6_sync {
table unet6;
peer table master6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
import none;
}

4
bird/peers/dn42/ibgp.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp ibgp_unet_hk1 from dn42_ibgp {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as DN42_ASN;
}

63
bird/template/dn42.conf Normal file
View File

@@ -0,0 +1,63 @@
template bgp dn42_bgp_up {
graceful restart;
local as DN42_ASN;
ipv4 {
table dn42v4;
import filter {
if is_dn42_prefix() && !dn42_is_self_net() then accept;
reject;
};
export filter { if is_dn42_prefix() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
ipv6 {
table dn42v6;
import filter {
if is_dn42_prefix() && !dn42_is_self_net_v6() then accept;
reject;
};
export filter { if is_dn42_prefix() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp dn42_ibgp {
graceful restart;
local as DN42_ASN;
med metric;
direct;
ipv4 {
table dn42v4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net() then reject;
accept;
};
};
ipv6 {
table dn42v6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
};
}

2
bird/template/include.conf
View File

@@ -2,6 +2,8 @@ include "/etc/bird/template/inet.conf";
include "/etc/bird/template/inet_ixp.conf";
include "/etc/bird/peers/inet/*";
include "/etc/bird/template/dn42.conf";
include "/etc/bird/peers/dn42/*.conf";
include "/etc/bird/template/unet.conf";
include "/etc/bird/peers/unet/*.conf";

163
bird/template/inet.conf
View File

@@ -1,23 +1,88 @@
filter filter_inet4_bgp_import {
if is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
}
filter filter_inet4_bgp_export {
if !is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
}
filter filter_inet6_bgp_import {
if is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
accept;
}
filter filter_inet6_bgp_export {
if !is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
}
filter filter_inet4_ibgp_import {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
filter filter_inet4_ibgp_export {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
filter filter_inet6_ibgp_import {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
filter filter_inet6_ibgp_export {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
template bgp tpl_inet_up {
graceful restart;
local as LOCAL_ASN;
ipv4 {
table inet4;
import filter_inet4_bgp_import;
export filter_inet4_bgp_export;
};
ipv6 {
table inet6;
import filter_inet6_bgp_import;
export filter_inet6_bgp_export;
};
}
template bgp tpl_inet4_up {
graceful restart;
local as LOCAL_ASN;
ipv4 {
table inet4;
import filter {
if is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export filter {
if !is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import filter_inet4_bgp_import;
export filter_inet4_bgp_export;
};
}
@@ -26,21 +91,29 @@ template bgp tpl_inet6_up {
local as LOCAL_ASN;
ipv6 {
table inet6;
import filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import filter_inet6_bgp_import;
export filter_inet6_bgp_export;
};
}
template bgp tpl_inet_ibgp {
graceful restart;
local as LOCAL_ASN;
med metric;
direct;
ipv4 {
table inet4;
next hop self;
gateway direct;
import filter_inet4_ibgp_import;
export filter_inet4_ibgp_export;
};
ipv6 {
table inet6;
next hop self;
gateway direct;
import filter_inet6_ibgp_import;
export filter_inet6_ibgp_export;
};
}
@@ -53,18 +126,8 @@ template bgp tpl_inet4_ibgp {
table inet4;
next hop self;
gateway direct;
import filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
import filter_inet4_ibgp_import;
export filter_inet4_ibgp_export;
};
}
@@ -77,17 +140,7 @@ template bgp tpl_inet6_ibgp {
table inet6;
next hop self;
gateway direct;
import filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
import filter_inet6_ibgp_import;
export filter_inet6_ibgp_export;
};
}
}

4
bird/vars.conf
View File

@@ -2,6 +2,10 @@ define LOCAL_ASN = 153376;
define LOCAL_V4_kernel = 44.32.191.7;
define LOCAL_V6_kernel = 2406:840:e603::1;
define DN42L_ASN = 4242423376;
define DN42_V4_kernel = 172.20.21.7;
define DN42_V6_kernel = fde8:936e:ee29:3000::1;
define UNET_ASN = 4218818801;
define UNET_V4_kernel = 10.188.6.2;