brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix:add dn42 and change config

Browse Source
This commit is contained in:
gaoyuheng
2025-12-16 15:56:30 +08:00
parent 95a3532da2
commit 521702243b
20 changed files with 399 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bird/bird.conf
View File

@@ -13,8 +13,8 @@ protocol kernel {
import none; import none;
export filter { export filter {
if source = RTS_STATIC then reject; if source = RTS_STATIC then reject;
if !is_bogon_prefix() then { if is_dn42_prefix() then {
krt_prefsrc = LOCAL_V6_kernel; krt_prefsrc = DN42_V6_kernel;
accept; accept;
} }
reject; reject;
@@ -33,8 +33,8 @@ protocol kernel {
krt_prefsrc = UNET_V4_kernel; krt_prefsrc = UNET_V4_kernel;
accept; accept;
} }
if !is_bogon_prefix() then { if is_dn42_prefix() then {
krt_prefsrc = LOCAL_V4_kernel; krt_prefsrc = DN42_V4_kernel;
accept; accept;
} }
reject; reject;

42
bird/conf/aaa_ipconfig.conf Normal file
View File

@@ -0,0 +1,42 @@
function is_self_net() {
return net ~ [
44.32.191.0/24
];
}
function is_self_net_v6() {
return net ~ [
2406:840:e600::/44{44,48},
2a0f:1cc5:10::/44{44,48}
];
}
function unet_is_self_net() {
return net ~ [
10.188.6.0/23+,
10.188.5.124/30,
44.32.191.16/28,
44.32.191.7/32
];
}
function unet_is_self_net_v6() {
return net ~ [
2406:840:e603::/48{48,56},
2406:840:e60e::/56
];
}
function dn42_is_self_net() {
return net ~ [
172.20.21.0/26+
];
}
function dn42_is_self_net_v6() {
return net ~ [
fde8:936e:ee29::/48+
];
}

28
bird/conf/dn42.conf Normal file
View File

@@ -0,0 +1,28 @@
protocol static route_dn42_export_v4 {
route 172.20.21.0/26 reject;
ipv4 {
table dn42v4;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
protocol static route_dn42_export_v6 {
route fde8:936e:ee29::/48 reject;
ipv6 {
table dn42v6;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

13
bird/conf/inet_func.conf
View File

@@ -1,13 +0,0 @@
function is_self_net() {
return net ~ [
44.32.191.0/24
];
}
function is_self_net_v6() {
return net ~ [
2406:840:e600::/44{44,48},
2a0f:1cc5:10::/44{44,48}
];
}

18
bird/conf/unet.conf
View File

@@ -1,13 +1,3 @@
function unet_is_self_net() {
return net ~ [
10.188.6.0/23+,
10.188.5.124/30,
44.32.191.16/28,
44.32.191.7/32
];
}
protocol static route_unet_export_v4 { protocol static route_unet_export_v4 {
route 10.188.6.0/23 reject; route 10.188.6.0/23 reject;
route 10.188.5.124/30 reject; route 10.188.5.124/30 reject;
@@ -25,14 +15,6 @@ protocol static route_unet_export_v4 {
}; };
} }
function unet_is_self_net_v6() {
return net ~ [
2406:840:e603::/48{48,56},
2406:840:e60e::/56
];
}
protocol static route_unet_export_v6 { protocol static route_unet_export_v6 {
route 2406:840:e603::/48 reject; route 2406:840:e603::/48 reject;
route 2406:840:e60e::/56 reject; route 2406:840:e60e::/56 reject;

14
bird/function/dn42.conf Normal file
View File

@@ -0,0 +1,14 @@
define DN42_PREFIXES_V4 = [
172.20.0.0/14+
];
define DN42_PREFIXES_V6 = [
fd00::/8+
];
function is_dn42_prefix() {
case net.type {
NET_IP4: return net ~ DN42_PREFIXES_V4;
NET_IP6: return net ~ DN42_PREFIXES_V6;
else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}

6
bird/function/tables.conf
View File

@@ -1,6 +1,8 @@
ipv4 table inet4; ipv4 table inet4;
ipv6 table inet6; ipv6 table inet6;
ipv4 table ospf4; ipv4 table dn42v4;
ipv6 table ospf6; ipv6 table dn42v6;
ipv4 table unet4; ipv4 table unet4;
ipv6 table unet6; ipv6 table unet6;
ipv4 table ospf4;
ipv6 table ospf6;

5
bird/function/unet.conf
View File

@@ -10,7 +10,7 @@ function unet_is_valid_network_v4() {
function unet_is_valid_network_v4_anynet() { function unet_is_valid_network_v4_anynet() {
return net ~ [ return net ~ [
44.32.191.0/24+, 44.32.191.0/24+,
172.20.0.0/14+ 172.20.21.0/26+
]; ];
} }
@@ -23,6 +23,7 @@ function unet_is_valid_network_v4_allnet(){
function unet_is_voalid_net_v6(){ function unet_is_voalid_net_v6(){
return net ~ [ return net ~ [
2406:840:e600::/44{44,64}, 2406:840:e600::/44{44,64},
2a0f:1cc5:0010::/44{44,64} 2a0f:1cc5:0010::/44{44,64},
fde8:936e:ee29::/48{44,64}
]; ];
} }

17
bird/net/dn42.conf Normal file
View File

@@ -0,0 +1,17 @@
protocol pipe dn42v4_sync {
table dn42v4;
peer table master4;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe dn42v6_sync {
table dn42v6;
peer table master6;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}

34
bird/net/inet.conf Normal file
View File

@@ -0,0 +1,34 @@
protocol kernel {
scan time 20;
kernel table 102;
ipv4 {
table inet4;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject;
};
};
};
protocol kernel {
scan time 20;
kernel table 102;
ipv6 {
table inet6;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
accept;
}
reject;
};
};
};

17
bird/net/inet4.conf
View File

@@ -1,17 +0,0 @@
protocol kernel {
scan time 20;
kernel table 102;
merge paths yes limit 4;
ipv4 {
table inet4;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject;
};
};
};

9
bird/net/inet6.conf
View File

@@ -1,9 +0,0 @@
protocol pipe inet6_sync {
table inet6;
peer table master6;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
import none;
}

4
bird/net/ospf.conf
View File

@@ -1,6 +1,6 @@
protocol pipe ospf4_sync { protocol pipe ospf4_sync {
table ospf4; table ospf4;
peer table master4; peer table unet4;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept; accept;
@@ -10,7 +10,7 @@ protocol pipe ospf4_sync {
protocol pipe ospf6_sync { protocol pipe ospf6_sync {
table ospf6; table ospf6;
peer table master6; peer table unet6;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept; accept;

63
bird/net/unet.conf
View File

@@ -1,18 +1,63 @@
# 公网处理
protocol pipe unet4_inet4_sync {
table unet4;
peer table inet4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
protocol pipe unet6_inet6_sync {
table unet6;
peer table inet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
# DN42处理
protocol pipe unet4_dn42v4_sync {
table unet4;
peer table dn42v4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
protocol pipe unet6_dn42v6_sync {
table unet6;
peer table dn42v6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
# 剩下的进入master (只有V4)
protocol pipe unet4_sync { protocol pipe unet4_sync {
table unet4; table unet4;
peer table master4; peer table master4;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !unet_is_valid_network_v4() then reject;
accept; accept;
}; };
import none; import none;
} }
protocol pipe unet6_sync {
table unet6;
peer table master6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
import none;
}

4
bird/peers/dn42/ibgp.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp ibgp_unet_hk1 from dn42_ibgp {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as DN42_ASN;
}

63
bird/template/dn42.conf Normal file
View File

@@ -0,0 +1,63 @@
template bgp dn42_bgp_up {
graceful restart;
local as DN42_ASN;
ipv4 {
table dn42v4;
import filter {
if is_dn42_prefix() && !dn42_is_self_net() then accept;
reject;
};
export filter { if is_dn42_prefix() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
ipv6 {
table dn42v6;
import filter {
if is_dn42_prefix() && !dn42_is_self_net_v6() then accept;
reject;
};
export filter { if is_dn42_prefix() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp dn42_ibgp {
graceful restart;
local as DN42_ASN;
med metric;
direct;
ipv4 {
table dn42v4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net() then reject;
accept;
};
};
ipv6 {
table dn42v6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
};
}

2
bird/template/include.conf
View File

@@ -2,6 +2,8 @@ include "/etc/bird/template/inet.conf";
include "/etc/bird/template/inet_ixp.conf"; include "/etc/bird/template/inet_ixp.conf";
include "/etc/bird/peers/inet/*"; include "/etc/bird/peers/inet/*";
include "/etc/bird/template/dn42.conf";
include "/etc/bird/peers/dn42/*.conf";
include "/etc/bird/template/unet.conf"; include "/etc/bird/template/unet.conf";
include "/etc/bird/peers/unet/*.conf"; include "/etc/bird/peers/unet/*.conf";

161
bird/template/inet.conf
View File

@@ -1,23 +1,88 @@
filter filter_inet4_bgp_import {
if is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
}
filter filter_inet4_bgp_export {
if !is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
}
filter filter_inet6_bgp_import {
if is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
accept;
}
filter filter_inet6_bgp_export {
if !is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
}
filter filter_inet4_ibgp_import {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
filter filter_inet4_ibgp_export {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
filter filter_inet6_ibgp_import {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
filter filter_inet6_ibgp_export {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
}
template bgp tpl_inet_up {
graceful restart;
local as LOCAL_ASN;
ipv4 {
table inet4;
import filter_inet4_bgp_import;
export filter_inet4_bgp_export;
};
ipv6 {
table inet6;
import filter_inet6_bgp_import;
export filter_inet6_bgp_export;
};
}
template bgp tpl_inet4_up { template bgp tpl_inet4_up {
graceful restart; graceful restart;
local as LOCAL_ASN; local as LOCAL_ASN;
ipv4 { ipv4 {
table inet4; table inet4;
import filter { import filter_inet4_bgp_import;
if is_self_net() then reject; export filter_inet4_bgp_export;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export filter {
if !is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
}; };
} }
@@ -26,21 +91,29 @@ template bgp tpl_inet6_up {
local as LOCAL_ASN; local as LOCAL_ASN;
ipv6 { ipv6 {
table inet6; table inet6;
import filter { import filter_inet6_bgp_import;
if is_self_net_v6() then reject; export filter_inet6_bgp_export;
if is_bogon_prefix() || (bgp_path.len > 100) then reject; };
bgp_large_community.empty; }
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
accept; template bgp tpl_inet_ibgp {
}; graceful restart;
export filter { local as LOCAL_ASN;
if !is_self_net_v6() then reject; med metric;
if is_bogon_prefix() || (bgp_path.len > 100) then reject; direct;
if source != RTS_STATIC then reject; ipv4 {
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject; table inet4;
bgp_large_community.empty; next hop self;
accept; gateway direct;
}; import filter_inet4_ibgp_import;
export filter_inet4_ibgp_export;
};
ipv6 {
table inet6;
next hop self;
gateway direct;
import filter_inet6_ibgp_import;
export filter_inet6_ibgp_export;
}; };
} }
@@ -53,18 +126,8 @@ template bgp tpl_inet4_ibgp {
table inet4; table inet4;
next hop self; next hop self;
gateway direct; gateway direct;
import filter { import filter_inet4_ibgp_import;
if is_self_net() then reject; export filter_inet4_ibgp_export;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
}; };
} }
@@ -77,17 +140,7 @@ template bgp tpl_inet6_ibgp {
table inet6; table inet6;
next hop self; next hop self;
gateway direct; gateway direct;
import filter { import filter_inet6_ibgp_import;
if is_self_net_v6() then reject; export filter_inet6_ibgp_export;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
}; };
} }

4
bird/vars.conf
View File

@@ -2,6 +2,10 @@ define LOCAL_ASN = 153376;
define LOCAL_V4_kernel = 44.32.191.7; define LOCAL_V4_kernel = 44.32.191.7;
define LOCAL_V6_kernel = 2406:840:e603::1; define LOCAL_V6_kernel = 2406:840:e603::1;
define DN42L_ASN = 4242423376;
define DN42_V4_kernel = 172.20.21.7;
define DN42_V6_kernel = fde8:936e:ee29:3000::1;
define UNET_ASN = 4218818801; define UNET_ASN = 4218818801;
define UNET_V4_kernel = 10.188.6.2; define UNET_V4_kernel = 10.188.6.2;

21
update.sh
View File

@@ -2,16 +2,25 @@
cd cd
git clone https://git.nia.ink/brnet/bird_config.git git clone https://git.nia.ink/brnet/bird_config.git
rm -rf /etc/bird/net/
mv ./bird_config/bird/net /etc/bird/ -rf
rm -rf /etc/bird/function/
mv ./bird_config/bird/function /etc/bird/ -rf
rm -rf /etc/bird/template/
mv ./bird_config/bird/template /etc/bird/ -rf
mv ./bird_config/bird/peers/dn42 /etc/bird/peers -rf
rm -rf /etc/bird/bird.conf rm -rf /etc/bird/bird.conf
mv bird_config/bird/bird.conf /etc/bird mv ./bird_config/bird/bird.conf /etc/bird/
mv ./bird_config/bird/conf/dn42.conf /etc/bird/conf
mv ./bird_config/bird/conf/aaa_ipconfig.conf /etc/bird/conf
rm -rf /etc/bird/template
mv bird_config/bird/template /etc/bird
chmod -R 755 /etc/bird chmod -R 755 /etc/bird
echo "老规矩哈" echo "剩下的文件可能需要手动更新请手动更新后再行birdc c"
cd cd
rm -rf bird_config rm -rf bird_config