From 947a310e20c2c7d5636b286e2216db8643b07b69 Mon Sep 17 00:00:00 2001 From: daxi20 Date: Thu, 30 Oct 2025 10:25:57 +0800 Subject: [PATCH] add dn42 --- bird/bird.conf | 10 +++- bird/conf/dn42.conf | 41 ++++++++++++++ bird/conf/{pub.conf => inet.conf} | 0 bird/conf/{mynet.conf => unet.conf} | 0 bird/function/dn42.conf | 35 ++++++++++++ bird/function/inet.conf | 22 ++++++++ bird/function/tables.conf | 61 --------------------- bird/function/{network.conf => unet.conf} | 22 +++++++- bird/net/dn42.conf | 65 +++++++++++++++++++++++ bird/net/ospf.conf.disable | 21 ++++++++ bird/peers/dn42/ibgp.conf | 0 bird/vars.conf | 4 ++ 12 files changed, 218 insertions(+), 63 deletions(-) create mode 100644 bird/conf/dn42.conf rename bird/conf/{pub.conf => inet.conf} (100%) rename bird/conf/{mynet.conf => unet.conf} (100%) create mode 100644 bird/function/dn42.conf create mode 100644 bird/function/inet.conf delete mode 100644 bird/function/tables.conf rename bird/function/{network.conf => unet.conf} (58%) create mode 100644 bird/net/dn42.conf create mode 100644 bird/peers/dn42/ibgp.conf diff --git a/bird/bird.conf b/bird/bird.conf index 49d4b2a..2b89437 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -12,6 +12,10 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; + if dn42_is_self_net_v6() then { # 检查DN42自有网段 + krt_prefsrc = DN42_V6_kernel; + accept; + } if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V6_kernel; accept; @@ -27,7 +31,11 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; - if unet_is_valid_network_v4() then { + if dn42_is_self_net() then { # 检查DN42自有网段 + krt_prefsrc = DN42_V4_kernel; + accept; + } + if unet_is_valid_network_v4() then { # 检查UNET自有网段 krt_prefsrc = UNET_V4_kernel; accept; } diff --git a/bird/conf/dn42.conf b/bird/conf/dn42.conf new file mode 100644 index 0000000..54706ae --- /dev/null +++ b/bird/conf/dn42.conf @@ -0,0 +1,41 @@ +function dn42_is_self_net() { + return net ~ [ + 172.20.21.0/26+ + ]; +} + +protocol static route_dn42_export_v4 { + route 172.20.21.0/26 reject; + + ipv4 { + table dn42v4; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} + + +function dn42_is_self_net_v6() { + return net ~ [ + fde8:936e:ee29::/48+ + ]; +} + +protocol static route_dn42_export_v6 { + route fde8:936e:ee29::/48 reject; + ipv6 { + table dn42v6; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} diff --git a/bird/conf/pub.conf b/bird/conf/inet.conf similarity index 100% rename from bird/conf/pub.conf rename to bird/conf/inet.conf diff --git a/bird/conf/mynet.conf b/bird/conf/unet.conf similarity index 100% rename from bird/conf/mynet.conf rename to bird/conf/unet.conf diff --git a/bird/function/dn42.conf b/bird/function/dn42.conf new file mode 100644 index 0000000..cae18da --- /dev/null +++ b/bird/function/dn42.conf @@ -0,0 +1,35 @@ +ipv4 table dn42v4; +ipv6 table dn42v6; + +function dn42_is_valid_network() { + return net ~ [ + 172.20.0.0/14{21,29}, # dn42 + 172.20.0.0/24{28,32}, # dn42 Anycast + 172.21.0.0/24{28,32}, # dn42 Anycast + 172.22.0.0/24{28,32}, # dn42 Anycast + 172.23.0.0/24{28,32}, # dn42 Anycast + ]; +} + +function dn42_is_valid_network_v6() { + return net ~ [ + fd00::/8{44,64} # ULA address space as per RFC 4193 + ]; +} + +protocol pipe dn42v6_sync { + table dn42v4; + peer table master4; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} +protocol pipe dn42v6_sync { + table dn42v6; + peer table master6; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} \ No newline at end of file diff --git a/bird/function/inet.conf b/bird/function/inet.conf new file mode 100644 index 0000000..c194811 --- /dev/null +++ b/bird/function/inet.conf @@ -0,0 +1,22 @@ +ipv4 table inet4; +ipv6 table inet6; + +protocol pipe inet6_sync { + table inet6; + peer table master6; + import none; + export filter { + if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; + accept; + }; +} + +protocol pipe inet4_sync { + table inet4; + peer table master4; + import none; + export filter { + if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; + accept; + }; +} \ No newline at end of file diff --git a/bird/function/tables.conf b/bird/function/tables.conf deleted file mode 100644 index fb60958..0000000 --- a/bird/function/tables.conf +++ /dev/null @@ -1,61 +0,0 @@ -ipv4 table inet4; -ipv6 table inet6; -ipv4 table unet4; -ipv6 table unet6; -ipv4 table ospf4; -ipv6 table ospf6; - -protocol pipe inet6_sync { - table inet6; - peer table master6; - import none; - export filter { - if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe inet4_sync { - table inet4; - peer table master4; - import none; - export filter { - if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe unet4_sync { - table unet4; - peer table master4; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} -protocol pipe unet6_sync { - table unet6; - peer table master6; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe ospf4_sync { - table ospf4; - peer table master4; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} - -protocol pipe ospf6_sync { - table ospf6; - peer table master6; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - accept; - }; -} \ No newline at end of file diff --git a/bird/function/network.conf b/bird/function/unet.conf similarity index 58% rename from bird/function/network.conf rename to bird/function/unet.conf index 7a6cd55..0d34028 100644 --- a/bird/function/network.conf +++ b/bird/function/unet.conf @@ -1,3 +1,6 @@ +ipv4 table unet4; +ipv6 table unet6; + function unet_is_valid_network_v4() { return net ~ [ 10.50.0.0/16+, @@ -25,4 +28,21 @@ function unet_is_voalid_net_v6(){ 2406:840:e600::/44{44,56}, 2a14:7580:9600::/40{40,56} ]; -} \ No newline at end of file +} + +protocol pipe unet4_sync { + table unet4; + peer table master4; + export filter { + if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; + accept; + }; +} +protocol pipe unet6_sync { + table unet6; + peer table master6; + export filter { + if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; + accept; + }; +} diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf new file mode 100644 index 0000000..4cb00a8 --- /dev/null +++ b/bird/net/dn42.conf @@ -0,0 +1,65 @@ +template bgp dn42_bgp_up { + graceful restart; + local as DN42_ASN; + ipv4 { + table dn42v4; + import filter { + if dn42_is_valid_network() && !dn42_is_self_net() then accept; + reject; + }; + export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; + ipv6 { + table dn42v6; + import filter { + if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept; + reject; + }; + export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; +} + +template bgp dn42_ibgp { + graceful restart; + local as DN42_ASN; + med metric; + direct; + ipv4 { + table dn42v4; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + }; + ipv6 { + table dn42v6; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + }; +} + +include "/etc/bird/peers/dn42/*.conf"; \ No newline at end of file diff --git a/bird/net/ospf.conf.disable b/bird/net/ospf.conf.disable index 93e110c..8fa4fe4 100644 --- a/bird/net/ospf.conf.disable +++ b/bird/net/ospf.conf.disable @@ -1 +1,22 @@ +ipv4 table ospf4; +ipv6 table ospf6; + +protocol pipe ospf4_sync { + table ospf4; + peer table master4; + export filter { + if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; + accept; + }; +} + +protocol pipe ospf6_sync { + table ospf6; + peer table master6; + export filter { + if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; + accept; + }; +} + include "/etc/bird/peers/ospf/*.conf"; diff --git a/bird/peers/dn42/ibgp.conf b/bird/peers/dn42/ibgp.conf new file mode 100644 index 0000000..e69de29 diff --git a/bird/vars.conf b/bird/vars.conf index b041e01..66be0fe 100644 --- a/bird/vars.conf +++ b/bird/vars.conf @@ -2,6 +2,10 @@ define LOCAL_ASN = 153376; define LOCAL_V4_kernel = 44.32.191.7; define LOCAL_V6_kernel = 2406:840:e603::1; +define DN42_ASN = 4242423376; +define DN42_V4_kernel = 172.20.21.2; +define DN42_V6_kernel = fde8:936e:ee29::1; + define UNET_ASN = 4218818801; define UNET_V4_kernel = 10.188.6.2;