From b24d146845f820d2ac4c7883aa7c3e87d6b151ae Mon Sep 17 00:00:00 2001 From: daxi20 Date: Thu, 11 Jun 2026 13:53:26 +0800 Subject: [PATCH] remove dn42 --- bird/bird.conf | 1 - bird/conf/dn42.conf | 14 ---------- bird/filter/dn42_downstream.conf | 18 ------------ bird/filter/dn42_ibgp.conf | 15 ---------- bird/filter/dn42_import.conf | 10 ------- bird/filter/dn42_upstream0.conf | 34 ----------------------- bird/filter/dn42_upstream1.conf | 47 -------------------------------- bird/filter/inet_downstream.conf | 3 +- bird/function/dn42.conf | 9 ------ bird/function/tables.conf | 1 - bird/function/unet.conf | 1 - bird/net/dn42.conf | 14 ---------- bird/net/unet.conf | 15 ---------- bird/peers/dn42/ibgp.conf | 4 --- bird/template/dn42.conf | 47 -------------------------------- update.sh | 9 ++++++ 16 files changed, 10 insertions(+), 232 deletions(-) delete mode 100644 bird/conf/dn42.conf delete mode 100644 bird/filter/dn42_downstream.conf delete mode 100644 bird/filter/dn42_ibgp.conf delete mode 100644 bird/filter/dn42_import.conf delete mode 100644 bird/filter/dn42_upstream0.conf delete mode 100644 bird/filter/dn42_upstream1.conf delete mode 100644 bird/function/dn42.conf delete mode 100644 bird/net/dn42.conf delete mode 100644 bird/peers/dn42/ibgp.conf delete mode 100644 bird/template/dn42.conf diff --git a/bird/bird.conf b/bird/bird.conf index 3009ab3..fee1d47 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -50,5 +50,4 @@ include "/etc/bird/net/*.conf"; include "/etc/bird/filter/*.conf"; include "/etc/bird/template/*.conf"; include "/etc/bird/peers/inet/*.conf"; -include "/etc/bird/peers/dn42/*.conf"; include "/etc/bird/peers/unet/*.conf"; diff --git a/bird/conf/dn42.conf b/bird/conf/dn42.conf deleted file mode 100644 index f4cae6c..0000000 --- a/bird/conf/dn42.conf +++ /dev/null @@ -1,14 +0,0 @@ -protocol static route_dn42_export_v4 { - route 172.20.21.0/26 reject; - - ipv4 { - table dn42v4; - import filter { - bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 - bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp - bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp - accept; - }; - export none; - }; -} \ No newline at end of file diff --git a/bird/filter/dn42_downstream.conf b/bird/filter/dn42_downstream.conf deleted file mode 100644 index 55db7a1..0000000 --- a/bird/filter/dn42_downstream.conf +++ /dev/null @@ -1,18 +0,0 @@ -# 下游过滤器 -# 政策:发全表,只收下游和关联下游的 - -# 下游-发表控制器 -function function_dn42_downstream_export() { - if !is_dn42_prefix() || (bgp_path.len > 20) then return false; - # 硬性限制,没有1000,0的,不放 - if bgp_large_community !~ [(DN42_ASN, 1000,0)] then return false; - return true; -} - - -# 下游-收表控制器 -# 注意,配置下游时候,一定要注意手打一个 300 0 ,不然发不出去 -function function_dn42_downstream_import() { - if !is_dn42_prefix() || (bgp_path.len > 20) then return false; - return true; -} \ No newline at end of file diff --git a/bird/filter/dn42_ibgp.conf b/bird/filter/dn42_ibgp.conf deleted file mode 100644 index 3fce477..0000000 --- a/bird/filter/dn42_ibgp.conf +++ /dev/null @@ -1,15 +0,0 @@ -function function_dn42_ibgp_import() { - bgp_large_community.delete((DN42_ASN,3,0)); - if is_dn42_self_net() then return false; - if !is_dn42_prefix() then return false; - if bgp_large_community ~ [(DN42_ASN, 1,*)] then return false; - return true; -} - -function function_dn42_ibgp_export() { - bgp_large_community.delete((DN42_ASN,3,0)); - if is_dn42_self_net() then return false; - if !is_dn42_prefix() then return false; - if bgp_large_community ~ [(DN42_ASN, 1,*)] then return false; - return true; -} \ No newline at end of file diff --git a/bird/filter/dn42_import.conf b/bird/filter/dn42_import.conf deleted file mode 100644 index a2ef4d4..0000000 --- a/bird/filter/dn42_import.conf +++ /dev/null @@ -1,10 +0,0 @@ -# 对上游接收过滤器 -# 政策:全网照单接受 - -function function_dn42_bgp_import_from_upstream() { - if is_dn42_self_net() then return false; - if !is_dn42_prefix() || (bgp_path.len > 20) then return false; - # 允许转发给下游 - bgp_large_community.add((DN42_ASN,1000,0)); - return true; -} \ No newline at end of file diff --git a/bird/filter/dn42_upstream0.conf b/bird/filter/dn42_upstream0.conf deleted file mode 100644 index 88d8acf..0000000 --- a/bird/filter/dn42_upstream0.conf +++ /dev/null @@ -1,34 +0,0 @@ -# 普通上游(发布控制器) -# 政策:只发自己的 - -function function_dn42_bgp_export_to_upstream0() { - if !is_dn42_self_net() then return false; - if !is_dn42_prefix() then return false; - if source != RTS_STATIC then return false; - # 100禁止性过滤 - if bgp_large_community ~ [(DN42_ASN, 100, 100)] then return false; - if bgp_large_community ~ [(DN42_ASN, 100, 200)] then return false; - if bgp_large_community ~ [(DN42_ASN, 200, 201)] then return false; - - # 前置过滤:允许自己的段子-所有上游和普通上游 - if bgp_large_community ~ [(DN42_ASN, 200, 0)] then return true; - if bgp_large_community ~ [(DN42_ASN, 200, 1)] then return true; - if bgp_large_community ~ [(DN42_ASN, 200, 2)] then return false; - return false; -} - - -function function_dn42_control_bgp_upstream0(int peer_asn){ - # 1.禁止带有 201 0 (禁止一切外发)的发出去 - if bgp_large_community ~ [(DN42_ASN, 201, 0)] then return false; - # 2.禁止带有 201 peer asn (禁止向某一外发)的发出去 - if bgp_large_community ~ [(DN42_ASN, 201, peer_asn)] then return false; - - # 3.不带202,0(允许全体外发),但是带有202,peer asn(允许单一外发)的,放 - if (bgp_large_community !~ [(DN42_ASN, 202, 0)]) then { - if bgp_large_community ~ [(DN42_ASN, 202, peer_asn)] then return true; - } - # 4.带有202,0(允许一切外发)的,放 - if bgp_large_community ~ [(DN42_ASN, 202, 0)] then return true; - return false; -} \ No newline at end of file diff --git a/bird/filter/dn42_upstream1.conf b/bird/filter/dn42_upstream1.conf deleted file mode 100644 index aa69e74..0000000 --- a/bird/filter/dn42_upstream1.conf +++ /dev/null @@ -1,47 +0,0 @@ -# 能带下游的上游(发布控制器) -# 政策:发自己的+下游的 - -function function_dn42_bgp_export_to_upstream1() { - if source !~ [RTS_STATIC, RTS_BGP] then return false; - if !is_dn42_prefix() then return false; - # 100禁止性过滤 - if bgp_large_community ~ [(DN42_ASN, 100, 100)] then return false; - if bgp_large_community ~ [(DN42_ASN, 100, 200)] then return false; - if bgp_large_community ~ [(DN42_ASN, 200, 202)] then return false; - if source =RTS_STATIC then { - # 静态路由,允许 200,[0 2] - if bgp_large_community ~ [(DN42_ASN, 200, 0)] then return true; - if bgp_large_community ~ [(DN42_ASN, 200, 2)] then return true; - if bgp_large_community ~ [(DN42_ASN, 200, 1)] then return false; - } - if source = RTS_BGP then { - # BGP路由,允许 300,0 - if bgp_large_community ~ [(DN42_ASN, 10100, 4)] then return true; - } - return false; -} - - -function function_dn42_control_bgp_upstream1(int peer_asn){ - # 1.禁止带有 201 0 (禁止一切外发) 301 0(禁止下游段子转发)的发出去 - if bgp_large_community ~ [(DN42_ASN, 201, 0)] then return false; - if bgp_large_community ~ [(DN42_ASN, 301, 0)] then return false; - # 2.禁止带有 201 peer asn (禁止向某一外发) 301 peer asn(禁止向某一外发下游)的发出去 - if bgp_large_community ~ [(DN42_ASN, 201, peer_asn)] then return false; - if bgp_large_community ~ [(DN42_ASN, 301, peer_asn)] then return false; - - - # 3.不带202,0(允许全体外发),但是带有202,peer asn 放 - if (bgp_large_community !~ [(DN42_ASN, 202, 0)]) then { - if bgp_large_community ~ [(DN42_ASN, 202, peer_asn)] then return true; - } - # 不带302 0,但是有302 peer asn的,放 - if (bgp_large_community !~ [(DN42_ASN, 302, 0)]) then { - if bgp_large_community ~ [(DN42_ASN, 302, peer_asn)] then return true; - } - - # 4.带有202,0(允许一切外发)和302 0的,放 - if bgp_large_community ~ [(DN42_ASN, 202, 0)] then return true; - if bgp_large_community ~ [(DN42_ASN, 302, 0)] then return true; - return false; -} \ No newline at end of file diff --git a/bird/filter/inet_downstream.conf b/bird/filter/inet_downstream.conf index fd85cc7..3af4ec7 100644 --- a/bird/filter/inet_downstream.conf +++ b/bird/filter/inet_downstream.conf @@ -4,8 +4,7 @@ # 下游-发表控制器 function function_inet6_downstream_export() { if is_bogon_prefix() || (bgp_path.len > 20) then return false; - # 硬性限制,没有1000,0的,不放 - if bgp_large_community !~ [(LOCAL_ASN, 1000,0)] then return false; + if ! (bgp_large_community ~ [(LOCAL_ASN, 200, 0),(LOCAL_ASN, 10100, 0..9000)]) then return false; return true; } diff --git a/bird/function/dn42.conf b/bird/function/dn42.conf deleted file mode 100644 index cd4e342..0000000 --- a/bird/function/dn42.conf +++ /dev/null @@ -1,9 +0,0 @@ -function is_dn42_prefix() { - return net ~ [ - 172.20.0.0/14+ - ]; -} - -function is_dn42_self_net() { - return net ~ is_dn42_self_IPv4; -} \ No newline at end of file diff --git a/bird/function/tables.conf b/bird/function/tables.conf index b6dc5b6..639a815 100644 --- a/bird/function/tables.conf +++ b/bird/function/tables.conf @@ -2,7 +2,6 @@ ipv4 table t102v4; ipv6 table t102v6; ipv4 table inet4; ipv6 table inet6; -ipv4 table dn42v4; ipv4 table unet4; ipv6 table unet6; ipv4 table ospf4; diff --git a/bird/function/unet.conf b/bird/function/unet.conf index 0687427..4c1893f 100644 --- a/bird/function/unet.conf +++ b/bird/function/unet.conf @@ -7,7 +7,6 @@ function unet_is_valid_network_v4() { function unet_is_valid_network_v4_allnet(){ if unet_is_valid_network_v4() then return true; if is_self_net() then return true; - if is_dn42_self_net() then return true; return false; } diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf deleted file mode 100644 index f02e0c7..0000000 --- a/bird/net/dn42.conf +++ /dev/null @@ -1,14 +0,0 @@ -protocol pipe dn42v4_sync { - table dn42v4; - peer table master4; - export filter { - if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; - if !is_dn42_prefix() then reject; - bgp_community.empty; - bgp_large_community.empty; - bgp_large_community.add((UNET_ASN,10,4)); - krt_prefsrc = DN42_V4_kernel; - accept; - }; - import none; -} \ No newline at end of file diff --git a/bird/net/unet.conf b/bird/net/unet.conf index af805aa..5a2e615 100644 --- a/bird/net/unet.conf +++ b/bird/net/unet.conf @@ -23,21 +23,6 @@ protocol pipe unet6_inet6_sync { import none; } - -# DN42处理 => dn42v4/6 -protocol pipe unet4_dn42v4_sync { - table unet4; - peer table dn42v4; - export filter { - if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; - if !is_dn42_prefix() then { - if net!~[10.188.0.0/16+] then reject; - } - accept; - }; - import none; -} - # 剩下的进入master (只有V4) protocol pipe unet4_sync { table unet4; diff --git a/bird/peers/dn42/ibgp.conf b/bird/peers/dn42/ibgp.conf deleted file mode 100644 index 7c9972a..0000000 --- a/bird/peers/dn42/ibgp.conf +++ /dev/null @@ -1,4 +0,0 @@ -protocol bgp ibgp_unet_hk1 from dn42_ibgp { - source address fe80:15:3376:3::2:2; - neighbor fe80:15:3376:3::3:2%pccw1 as DN42_ASN; -} \ No newline at end of file diff --git a/bird/template/dn42.conf b/bird/template/dn42.conf deleted file mode 100644 index 06cc71c..0000000 --- a/bird/template/dn42.conf +++ /dev/null @@ -1,47 +0,0 @@ -template bgp dn42_up0_new { - graceful restart; - local as DN42_ASN; - ipv4 { - table dn42v4; - import filter {if !function_dn42_bgp_import_from_upstream() then reject; accept; }; - export filter {if !function_dn42_bgp_export_to_upstream0() then reject; accept; }; - }; - ipv6 {import none;export none;}; -} - -template bgp dn42_up1_new { - graceful restart; - local as DN42_ASN; - ipv4 { - table dn42v4; - import filter {if !function_dn42_bgp_import_from_upstream() then reject; accept; }; - export filter {if !function_dn42_bgp_export_to_upstream1() then reject; accept; }; - }; - ipv6 {import none;export none;}; -} - -template bgp dn42_ds { - graceful restart; - local as DN42_ASN; - ipv4 { - table dn42v4; - import filter {if !function_inet6_downstream_import() then reject; accept; }; - export filter {if !function_inet6_downstream_export() then reject; accept; }; - }; - ipv6 {import none;export none;}; -} - -template bgp dn42_ibgp_new { - graceful restart; - local as DN42_ASN; - med metric; - direct; - ipv4 { - table dn42v4; - next hop self; - gateway direct; - import filter {if !function_dn42_ibgp_import() then reject; accept; }; - export filter {if !function_dn42_ibgp_export() then reject; accept; }; - }; - ipv6 {import none;export none;}; -} \ No newline at end of file diff --git a/update.sh b/update.sh index 30c5adc..b744f61 100644 --- a/update.sh +++ b/update.sh @@ -3,12 +3,21 @@ cd git clone https://git.nia.ink/brnet/bird_config.git +rm /etc/bird/bird.conf +mv ./bird_config/bird/bird.conf /etc/bird/ + +rm /etc/bird/conf/dn42.conf + rm /etc/bird/filter/*.conf mv ./bird_config/bird/filter/*.conf /etc/bird/filter/ rm /etc/bird/function/*.conf mv ./bird_config/bird/function/*.conf /etc/bird/function/ +rm /etc/bird/net/dn42.conf +rm /etc/bird/net/unet.conf +mv ./bird_config/bird/net/unet.conf /etc/bird/net/ + rm /etc/bird/template/*.conf mv ./bird_config/bird/template/*.conf /etc/bird/template/