add dn42

bird/bird.conf

@@ -12,6 +12,10 @@ protocol kernel {
         import none;
         export filter {
             if source = RTS_STATIC then reject;
+            if dn42_is_self_net_v6() then {   # 检查DN42自有网段
+                krt_prefsrc = DN42_V6_kernel;
+                accept;
+            }
             if !is_bogon_prefix() then {
                 krt_prefsrc = LOCAL_V6_kernel;
                 accept;
@@ -27,7 +31,11 @@ protocol kernel {
         import none;
         export filter {
             if source = RTS_STATIC then reject;
-            if unet_is_valid_network_v4() then {
+            if dn42_is_self_net() then {   # 检查DN42自有网段
+                krt_prefsrc = DN42_V4_kernel;
+                accept;
+            }
+            if unet_is_valid_network_v4() then {   # 检查UNET自有网段
                 krt_prefsrc = UNET_V4_kernel;
                 accept;
             }

bird/conf/dn42.conf

@@ -0,0 +1,41 @@
+function dn42_is_self_net() {
+  return net ~ [
+    172.20.21.0/26+
+  ];
+}
+
+protocol static route_dn42_export_v4 {
+    route 172.20.21.0/26 reject; 
+
+    ipv4 {
+        table dn42v4;
+        import filter {
+            bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
+            bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
+            bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
+            accept;
+        };
+        export none;
+    };
+}
+
+
+function dn42_is_self_net_v6() {
+  return net ~ [
+    fde8:936e:ee29::/48+
+    ];
+}
+
+protocol static route_dn42_export_v6 {
+    route fde8:936e:ee29::/48 reject; 
+    ipv6 {
+        table dn42v6;
+        import filter {
+            bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
+            bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
+            bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
+            accept;
+        };
+        export none;
+    };
+}

bird/function/dn42.conf

@@ -0,0 +1,35 @@
+ipv4 table dn42v4;
+ipv6 table dn42v6;
+
+function dn42_is_valid_network() {
+  return net ~ [
+    172.20.0.0/14{21,29}, # dn42
+    172.20.0.0/24{28,32}, # dn42 Anycast
+    172.21.0.0/24{28,32}, # dn42 Anycast
+    172.22.0.0/24{28,32}, # dn42 Anycast
+    172.23.0.0/24{28,32}, # dn42 Anycast
+  ];
+}
+
+function dn42_is_valid_network_v6() {
+  return net ~ [
+    fd00::/8{44,64} # ULA address space as per RFC 4193
+  ];
+}
+
+protocol pipe dn42v6_sync {
+  table dn42v4;
+  peer table master4;
+  export filter {
+    if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+protocol pipe dn42v6_sync {
+  table dn42v6;
+  peer table master6;
+  export filter {
+    if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
+    accept;
+    };
+}

bird/function/inet.conf

@@ -0,0 +1,22 @@
+ipv4 table inet4;
+ipv6 table inet6;
+
+protocol pipe inet6_sync {
+  table inet6;
+  peer table master6;
+  import none;
+  export filter {
+    if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe inet4_sync {
+  table inet4;
+  peer table master4;
+  import none;
+  export filter {
+    if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
+    accept;
+    };
+}

bird/function/tables.conf

@@ -1,61 +0,0 @@
-ipv4 table inet4;
-ipv6 table inet6;
-ipv4 table unet4;
-ipv6 table unet6;
-ipv4 table ospf4;
-ipv6 table ospf6;
-
-protocol pipe inet6_sync {
-  table inet6;
-  peer table master6;
-  import none;
-  export filter {
-    if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
-    accept;
-    };
-}
-
-protocol pipe inet4_sync {
-  table inet4;
-  peer table master4;
-  import none;
-  export filter {
-    if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
-    accept;
-    };
-}
-
-protocol pipe unet4_sync {
-  table unet4;
-  peer table master4;
-  export filter {
-    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
-    accept;
-    };
-}
-protocol pipe unet6_sync {
-  table unet6;
-  peer table master6;
-  export filter {
-    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
-    accept;
-    };
-}
-
-protocol pipe ospf4_sync {
-  table ospf4;
-  peer table master4;
-  export filter {
-    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
-    accept;
-    };
-}
-
-protocol pipe ospf6_sync {
-  table ospf6;
-  peer table master6;
-  export filter {
-    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
-    accept;
-    };
-}

bird/function/unet.conf

@@ -1,3 +1,6 @@
+ipv4 table unet4;
+ipv6 table unet6;
+
 function unet_is_valid_network_v4() {
   return net ~ [
     10.50.0.0/16+,
@@ -26,3 +29,20 @@ function unet_is_voalid_net_v6(){
     2a14:7580:9600::/40{40,56}
   ];
 }
+
+protocol pipe unet4_sync {
+  table unet4;
+  peer table master4;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+protocol pipe unet6_sync {
+  table unet6;
+  peer table master6;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}

bird/net/dn42.conf

@@ -0,0 +1,65 @@
+template bgp dn42_bgp_up {
+    graceful restart;
+    local as DN42_ASN;
+    ipv4 {
+        table dn42v4;
+        import filter {
+          if dn42_is_valid_network() && !dn42_is_self_net() then accept;
+          reject;
+        };
+        export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        import limit 9000 action block; 
+    };
+    ipv6 {
+        table dn42v6;
+        import filter {
+          if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
+          reject;
+        };
+        export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        import limit 9000 action block; 
+    };
+}
+
+template bgp dn42_ibgp {
+    graceful restart;
+    local as DN42_ASN;
+    med metric;
+    direct;
+    ipv4 {
+        table dn42v4;
+        next hop self;
+        gateway direct;
+        import filter { 
+            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
+            if !dn42_is_valid_network() then reject;
+            if dn42_is_self_net() then reject;
+            accept; 
+        };
+        export filter { 
+            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
+            if !dn42_is_valid_network() then reject;
+            if dn42_is_self_net() then reject;
+            accept;
+            };
+    };
+    ipv6 {
+        table dn42v6;
+        next hop self;
+        gateway direct;
+        import filter { 
+            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
+            if !dn42_is_valid_network_v6() then reject;
+            if dn42_is_self_net_v6() then reject;
+            accept; 
+        };
+        export filter { 
+            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
+            if !dn42_is_valid_network_v6() then reject;
+            if dn42_is_self_net_v6() then reject;
+            accept;
+            };
+    };
+}
+
+include "/etc/bird/peers/dn42/*.conf";

bird/net/ospf.conf.disable

@@ -1 +1,22 @@
+ipv4 table ospf4;
+ipv6 table ospf6;
+
+protocol pipe ospf4_sync {
+  table ospf4;
+  peer table master4;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe ospf6_sync {
+  table ospf6;
+  peer table master6;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
 include "/etc/bird/peers/ospf/*.conf";

bird/vars.conf

@@ -2,6 +2,10 @@ define LOCAL_ASN = 153376;
 define LOCAL_V4_kernel = 44.32.191.7;
 define LOCAL_V6_kernel = 2406:840:e603::1;
 
+define DN42_ASN = 4242423376;
+define DN42_V4_kernel = 172.20.21.2;
+define DN42_V6_kernel = fde8:936e:ee29::1;
+
 define UNET_ASN = 4218818801;
 define UNET_V4_kernel = 10.188.6.2;