brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

史诗更新

Browse Source
This commit is contained in:
daxi20
2025-11-13 14:41:55 +08:00
parent cde500b4f6
commit ddeecd2c99
10 changed files with 167 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bird/bird.conf
View File

@@ -40,4 +40,5 @@ protocol kernel {
}; };
}; };
include "/etc/bird/net/*.conf"; include "/etc/bird/net/*.conf";
include "/etc/bird/template/*.conf";

22
bird/function/inet.conf
View File

@@ -1,22 +0,0 @@
ipv4 table inet4;
ipv6 table inet6;
protocol pipe inet6_sync {
table inet6;
peer table master6;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe inet4_sync {
table inet4;
peer table master4;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}

22
bird/function/unet.conf
View File

@@ -1,6 +1,3 @@
ipv4 table unet4;
ipv6 table unet6;
function unet_is_valid_network_v4() { function unet_is_valid_network_v4() {
return net ~ [ return net ~ [
10.50.0.0/16+, 10.50.0.0/16+,
@@ -28,21 +25,4 @@ function unet_is_voalid_net_v6(){
2406:840:e600::/44{44,64}, 2406:840:e600::/44{44,64},
2a0f:1cc5:0010::/44{44,64} 2a0f:1cc5:0010::/44{44,64}
]; ];
} }
protocol pipe unet4_sync {
table unet4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe unet6_sync {
table unet6;
peer table master6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}

18
bird/net/inet4.conf Normal file
View File

@@ -0,0 +1,18 @@
ipv4 table inet4;
protocol kernel {
scan time 20;
kernel table 103;
ipv4 {
table inet4;
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject;
};
};
};

11
bird/net/inet6.conf Normal file
View File

@@ -0,0 +1,11 @@
ipv6 table inet6;
protocol pipe inet6_sync {
table inet6;
peer table master6;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}

0
bird/net/ospf.conf.disable → bird/net/ospf.conf
View File

119
bird/net/unet.conf
View File

@@ -1,106 +1,19 @@
template bgp unet_bgp_up0 { ipv4 table unet4;
graceful restart; ipv6 table unet6;
local as UNET_ASN;
ipv4 { protocol pipe unet4_sync {
table unet4; table unet4;
import filter { peer table master4;
if !unet_is_valid_network_v4_allnet() then reject; export filter {
if unet_is_self_net() then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
bgp_large_community.empty; accept;
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !unet_is_valid_network_v4_allnet() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import limit 9000 action block;
};
ipv6 {
table unet6;
import filter {
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !unet_is_voalid_net_v6() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import limit 9000 action block;
}; };
} }
protocol pipe unet6_sync {
template bgp unet_bgp_up1 { table unet6;
graceful restart; peer table master6;
local as UNET_ASN; export filter {
ipv4 { if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
table unet4; accept;
import filter {
if !unet_is_valid_network_v4() then reject;
if unet_is_self_net() then reject;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !unet_is_valid_network_v4() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import limit 9000 action block;
}; };
} }
template bgp unet_ibgp {
graceful restart;
local as UNET_ASN;
med metric;
direct;
ipv4 {
table unet4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
};
ipv6 {
table unet6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
};
}
include "/etc/bird/peers/unet/*.conf";

2
bird/net/inet.conf → bird/template/inet.conf
View File

@@ -6,6 +6,7 @@ template bgp tpl_inet4_up {
import filter { import filter {
if is_self_net() then reject; if is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject; if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if net ~ [0.0.0.0/0] then reject; # 不导入默认路由
bgp_large_community.empty; bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
accept; accept;
@@ -29,6 +30,7 @@ template bgp tpl_inet6_up {
import filter { import filter {
if is_self_net_v6() then reject; if is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject; if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if net ~ [::/0] then reject; # 不导入默认路由
bgp_large_community.empty; bgp_large_community.empty;
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
accept; accept;

106
bird/template/unet.conf Normal file
View File

@@ -0,0 +1,106 @@
template bgp unet_bgp_up0 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !unet_is_valid_network_v4_allnet() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import limit 9000 action block;
};
ipv6 {
table unet6;
import filter {
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !unet_is_voalid_net_v6() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import limit 9000 action block;
};
}
template bgp unet_bgp_up1 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if !unet_is_valid_network_v4() then reject;
if unet_is_self_net() then reject;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !unet_is_valid_network_v4() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
import limit 9000 action block;
};
}
template bgp unet_ibgp {
graceful restart;
local as UNET_ASN;
med metric;
direct;
ipv4 {
table unet4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
};
ipv6 {
table unet6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
};
}
include "/etc/bird/peers/unet/*.conf";

18
update.sh
View File

@@ -1,15 +1,19 @@
#!/bin/bash #!/bin/bash
rm /etc/bird/net/inet.conf cd
curl https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/net/inet.conf > /etc/bird/net/inet.conf git clone https://git.nia.ink/brnet/bird_config.git
mv /etc/bird /etc/bird.old
mv bird_config/bird /etc/
rm -rf /etc/bird/peers
cp /etc/bird.old/peers /etc/bird/
rm -rf /etc/bird/conf
cp /etc/bird.old/conf /etc/bird/
rm /etc/bird/vars.conf
cp /etc/bird.old/vars.conf /etc/bird/vars.conf.dis
chmod -R 755 /etc/bird chmod -R 755 /etc/bird
echo "请更新peers/inet的全部配置信息birdc c" echo "请务必检查配置文件修改vars文件名并重新启动bird"
echo "内网V4tpl_inet4_ibgp"
echo "内网V6tpl_inet6_ibgp"
echo "外网V4tpl_inet4_up"
echo "外网V6tpl_inet6_up"
cd cd
rm update.sh rm update.sh