brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'master' (#4) from daxi20/bird_config:master into master

Browse Source 
Reviewed-on: #4
This commit was merged in pull request #4.
This commit is contained in:
daxi20
2025-10-12 18:41:47 +00:00
parent a6731adcb6 8ac68591ca
commit e75c6baf62
11 changed files with 207 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
bird/bird.conf
View File

@@ -12,6 +12,10 @@ protocol kernel {
import none;
export filter {
if source = RTS_STATIC then reject;
if dn42_is_valid_network_v6() then {
krt_prefsrc = DN42_V6_kernel;
accept;
}
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
accept;
@@ -27,24 +31,14 @@ protocol kernel {
import none;
export filter {
if source = RTS_STATIC then reject;
if unet_is_valid_network_v4() then {
if unet_is_valid_network_v4_unet() then {
krt_prefsrc = UNET_V4_kernel;
accept;
}
reject;
};
};
};
# echo "102 ipv4_pub" >> /etc/iproute2/rt_tables
protocol kernel {
scan time 20;
kernel table 102;
ipv4 {
table inet4;
import none;
export filter {
if source = RTS_STATIC then reject;
if dn42_is_valid_network() then {
krt_prefsrc = DN42_V4_kernel;
accept;
}
if !is_bogon_prefix() then {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
krt_prefsrc = LOCAL_V4_kernel;

45
bird/conf/mynet.conf
View File

@@ -45,6 +45,46 @@ protocol static route_int_export_v6 {
}
function dn42_is_self_net() {
return net ~ [
172.20.21.0/26+
];
}
protocol static route_dn42_export_v4 {
route 172.20.21.0/26 reject;
ipv4 {
table dn42v4;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
function dn42_is_self_net_v6() {
return net ~ [
fde8:936e:ee29::/48+
];
}
protocol static route_dn42_export_v6 {
route fde8:936e:ee29::/48 reject;
ipv6 {
table dn42v6;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
function unet_is_self_net() {
return net ~ [
10.188.2.0/23+,
@@ -56,6 +96,7 @@ function unet_is_self_net() {
protocol static route_unet_export_v4 {
route 10.188.2.0/23 reject;
route 10.188.11.0/24 reject;
route 172.20.21.0/29 reject;
ipv4 {
table unet4;
import filter {
@@ -71,12 +112,14 @@ protocol static route_unet_export_v4 {
function unet_is_self_net_v6() {
return net ~ [
2406:840:e601::/48{48,56}
2406:840:e601::/48{48,56},
fde8:936e:ee29:1000::/56
];
}
protocol static route_unet_export_v6 {
route 2406:840:e601::/48 reject;
route fde8:936e:ee29:1000::/56 reject;
ipv6 {
table unet6;
import filter {

32
bird/function/network.conf
View File

@@ -1,7 +1,21 @@
function unet_is_valid_network_v4() {
function dn42_is_valid_network() {
return net ~ [
172.20.0.0/14+,
10.100.0.0/14+,
172.31.0.0/16+,
10.127.0.0/16+
];
}
function dn42_is_valid_network_v6() {
return net ~ [
fd00::/8{32,64}
];
}
function unet_is_valid_network_v4_unet() {
return net ~ [
10.50.0.0/16+,
10.88.0.0/16+,
10.21.0.0/16+,
10.188.0.0/16+
];
@@ -14,15 +28,21 @@ function unet_is_valid_network_v4_anynet() {
];
}
function unet_is_valid_network_v4_allnet(){
if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false;
function unet_is_voalid_net_v4(){
if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4_unet() then return false;
return true;
}
function unet_is_voalid_net_v6(){
function unet_is_voalid_net_v6_anynet(){
return net ~ [
2406:840:e600::/44{44,56},
2a14:7580:9600::/40{40,56}
2a14:7580:9600::/40{45,56},
fde8:936e:ee29::/48{48,56}
];
}
function unet_is_voalid_net_v6(){
if !unet_is_voalid_net_v6_anynet() then return false;
return true;
}

42
bird/function/tables.conf
View File

@@ -2,6 +2,8 @@ ipv4 table inet4;
ipv6 table inet6;
ipv4 table unet4;
ipv6 table unet6;
ipv4 table dn42v4;
ipv6 table dn42v6;
ipv4 table ospf4;
ipv6 table ospf6;
@@ -15,15 +17,35 @@ protocol pipe inet6_sync {
};
}
#protocol pipe inet4_sync {
# table inet4;
# peer table master4;
# import none;
# export filter {
# if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
# accept;
# };
#}
protocol pipe inet4_sync {
table inet4;
peer table master4;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe dn42v4_sync {
table dn42v4;
peer table master4;
import none;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe dn42v6_sync {
table dn42v6;
peer table master6;
import none;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe unet4_sync {
table unet4;
@@ -42,7 +64,7 @@ protocol pipe unet6_sync {
};
}
protocol pipe ospf4_sync {
protocol pipe pipe_ospf4_sync {
table ospf4;
peer table master4;
export filter {

69
bird/net/dn42.conf Normal file
View File

@@ -0,0 +1,69 @@
template bgp dn42_peers {
local as DN42_ASN;
path metric 1;
ipv4 {
table dn42v4;
import filter {
if dn42_is_valid_network() && !dn42_is_self_net() then accept;
reject;
};
export filter {
if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject;
};
import limit 9000 action block;
};
ipv6 {
table dn42v6;
import filter {
if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
reject;
};
export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp dn42_ibgp {
graceful restart;
local as DN42_ASN;
med metric;
direct;
ipv4 {
table dn42v4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network() then reject;
if dn42_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network() then reject;
if dn42_is_self_net() then reject;
accept;
};
};
ipv6 {
table dn42v6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network_v6() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network_v6() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
};
}
include "/etc/bird/peers/dn42/*.conf";

24
bird/net/unet.conf
View File

@@ -1,13 +1,13 @@
template bgp unet_bgp_up0 {
template bgp unet_bgp_up {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept;
if unet_is_voalid_net_v4() && !unet_is_self_net() then accept;
reject;
};
export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
export filter { if unet_is_voalid_net_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
ipv6 {
@@ -21,20 +21,6 @@ template bgp unet_bgp_up0 {
};
}
template bgp unet_bgp_up1 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if unet_is_valid_network_v4() && !unet_is_self_net() then accept;
reject;
};
export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp unet_ibgp {
graceful restart;
local as UNET_ASN;
@@ -46,13 +32,13 @@ template bgp unet_ibgp {
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if !unet_is_voalid_net_v4() then reject;
if unet_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if !unet_is_voalid_net_v4() then reject;
if unet_is_self_net() then reject;
accept;
};

4
bird/peers/dn42/ibgp.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp dn42_ibgp_hk1 from dn42_ibgp {
source address 172.20.21.6;
neighbor 172.20.21.4 as DN42_ASN;
}

8
bird/peers/inet/bgp_zxix.conf Normal file
View File

@@ -0,0 +1,8 @@
protocol bgp int_bgp_zxix_rs1 from tpl_bgp_up {
neighbor 2406:840:1f:1000::1 as 140961;
}
protocol bgp int_bgp_zxix_140915_v6 from tpl_bgp_up {
source address 2406:840:1f:1000:0:15:3376:1;
neighbor 2406:840:1f:1000:0:14:915:2 as 140915;
}

4
bird/peers/inet/bgpexchange_jp.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp int_bgp_exchange_jp1 from tpl_bgp_up {
source address 2a0e:8f01:1000:9::10b;
neighbor 2a0e:8f01:1000:9::1 as 24381;
}

4
bird/vars.conf
View File

@@ -2,6 +2,10 @@ define LOCAL_ASN = 153376;
define LOCAL_V4_kernel = 10.188.2.3;
define LOCAL_V6_kernel = 2406:840:e601:1::1;
define DN42_ASN = 4242423376;
define DN42_V4_kernel = 172.20.21.6;
define DN42_V6_kernel = fde8:936e:ee29:1000::3;
define UNET_ASN = 4218818804;
define UNET_V4_kernel = 10.188.2.3;

15
update.sh
View File

@@ -1,22 +1,11 @@
#!/bin/bash
TABLE_NAME="ipv4_pub"
TABLE_ID=102
RT_TABLES="/etc/iproute2/rt_tables"
if ! grep -q "^${TABLE_ID}[[:space:]]\+${TABLE_NAME}" "$RT_TABLES"; then
echo "添加路由表 $TABLE_NAME(编号$TABLE_ID..."
echo "${TABLE_ID} ${TABLE_NAME}" >> "$RT_TABLES"
else
echo "路由表 $TABLE_NAME 已存在,无需创建"
fi
git clone https://git.nia.ink/brnet/bird_config.git
rm /etc/bird/bird.conf
rm /etc/bird/function/tables.conf
mv bird_config/bird.conf /etc/bird/bird.conf
mv bird_config/function/tables.conf /etc/bird/function/tables.conf
mv bird_config/bird/bird.conf /etc/bird/bird.conf
mv bird_config/bird/function/tables.conf /etc/bird/function/tables.conf
rm -rf bird_config
birdc c