diff --git a/bird/bird.conf b/bird/bird.conf index 1df7f8e..8c98ec6 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -12,6 +12,10 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; + if dn42_is_valid_network_v6() then { + krt_prefsrc = DN42_V6_kernel; + accept; + } if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V6_kernel; accept; @@ -27,24 +31,14 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; - if unet_is_valid_network_v4() then { + if unet_is_valid_network_v4_unet() then { krt_prefsrc = UNET_V4_kernel; accept; } - reject; - }; - }; -}; - -# echo "102 ipv4_pub" >> /etc/iproute2/rt_tables -protocol kernel { - scan time 20; - kernel table 102; - ipv4 { - table inet4; - import none; - export filter { - if source = RTS_STATIC then reject; + if dn42_is_valid_network() then { + krt_prefsrc = DN42_V4_kernel; + accept; + } if !is_bogon_prefix() then { if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; krt_prefsrc = LOCAL_V4_kernel; diff --git a/bird/conf/mynet.conf b/bird/conf/mynet.conf index 4c9f064..a115890 100644 --- a/bird/conf/mynet.conf +++ b/bird/conf/mynet.conf @@ -45,6 +45,46 @@ protocol static route_int_export_v6 { } +function dn42_is_self_net() { + return net ~ [ + 172.20.21.0/26+ + ]; +} + +protocol static route_dn42_export_v4 { + route 172.20.21.0/26 reject; + ipv4 { + table dn42v4; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} + +function dn42_is_self_net_v6() { + return net ~ [ + fde8:936e:ee29::/48+ + ]; +} + +protocol static route_dn42_export_v6 { + route fde8:936e:ee29::/48 reject; + ipv6 { + table dn42v6; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} + function unet_is_self_net() { return net ~ [ 10.188.2.0/23+, @@ -56,6 +96,7 @@ function unet_is_self_net() { protocol static route_unet_export_v4 { route 10.188.2.0/23 reject; route 10.188.11.0/24 reject; + route 172.20.21.0/29 reject; ipv4 { table unet4; import filter { @@ -71,12 +112,14 @@ protocol static route_unet_export_v4 { function unet_is_self_net_v6() { return net ~ [ - 2406:840:e601::/48{48,56} + 2406:840:e601::/48{48,56}, + fde8:936e:ee29:1000::/56 ]; } protocol static route_unet_export_v6 { route 2406:840:e601::/48 reject; + route fde8:936e:ee29:1000::/56 reject; ipv6 { table unet6; import filter { diff --git a/bird/function/network.conf b/bird/function/network.conf index 7a6cd55..5b3d9a3 100644 --- a/bird/function/network.conf +++ b/bird/function/network.conf @@ -1,7 +1,21 @@ -function unet_is_valid_network_v4() { +function dn42_is_valid_network() { + return net ~ [ + 172.20.0.0/14+, + 10.100.0.0/14+, + 172.31.0.0/16+, + 10.127.0.0/16+ + ]; +} + +function dn42_is_valid_network_v6() { + return net ~ [ + fd00::/8{32,64} + ]; +} + +function unet_is_valid_network_v4_unet() { return net ~ [ 10.50.0.0/16+, - 10.88.0.0/16+, 10.21.0.0/16+, 10.188.0.0/16+ ]; @@ -14,15 +28,21 @@ function unet_is_valid_network_v4_anynet() { ]; } -function unet_is_valid_network_v4_allnet(){ - if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false; +function unet_is_voalid_net_v4(){ + if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4_unet() then return false; return true; } -function unet_is_voalid_net_v6(){ +function unet_is_voalid_net_v6_anynet(){ return net ~ [ 2406:840:e600::/44{44,56}, - 2a14:7580:9600::/40{40,56} + 2a14:7580:9600::/40{45,56}, + fde8:936e:ee29::/48{48,56} ]; +} + +function unet_is_voalid_net_v6(){ + if !unet_is_voalid_net_v6_anynet() then return false; + return true; } \ No newline at end of file diff --git a/bird/function/tables.conf b/bird/function/tables.conf index f95a190..35547eb 100644 --- a/bird/function/tables.conf +++ b/bird/function/tables.conf @@ -2,6 +2,8 @@ ipv4 table inet4; ipv6 table inet6; ipv4 table unet4; ipv6 table unet6; +ipv4 table dn42v4; +ipv6 table dn42v6; ipv4 table ospf4; ipv6 table ospf6; @@ -15,15 +17,35 @@ protocol pipe inet6_sync { }; } -#protocol pipe inet4_sync { -# table inet4; -# peer table master4; -# import none; -# export filter { -# if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; -# accept; -# }; -#} +protocol pipe inet4_sync { + table inet4; + peer table master4; + import none; + export filter { + if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; + accept; + }; +} + +protocol pipe dn42v4_sync { + table dn42v4; + peer table master4; + import none; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} + +protocol pipe dn42v6_sync { + table dn42v6; + peer table master6; + import none; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} protocol pipe unet4_sync { table unet4; @@ -42,7 +64,7 @@ protocol pipe unet6_sync { }; } -protocol pipe ospf4_sync { +protocol pipe pipe_ospf4_sync { table ospf4; peer table master4; export filter { diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf new file mode 100644 index 0000000..032e301 --- /dev/null +++ b/bird/net/dn42.conf @@ -0,0 +1,69 @@ +template bgp dn42_peers { + local as DN42_ASN; + path metric 1; + + ipv4 { + table dn42v4; + import filter { + if dn42_is_valid_network() && !dn42_is_self_net() then accept; + reject; + }; + + export filter { + if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; + }; + import limit 9000 action block; + }; + ipv6 { + table dn42v6; + import filter { + if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept; + reject; + }; + export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; +} + + +template bgp dn42_ibgp { + graceful restart; + local as DN42_ASN; + med metric; + direct; + ipv4 { + table dn42v4; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + }; + ipv6 { + table dn42v6; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + }; +} +include "/etc/bird/peers/dn42/*.conf"; \ No newline at end of file diff --git a/bird/net/unet.conf b/bird/net/unet.conf index 231883e..6de5bde 100644 --- a/bird/net/unet.conf +++ b/bird/net/unet.conf @@ -1,13 +1,13 @@ -template bgp unet_bgp_up0 { +template bgp unet_bgp_up { graceful restart; local as UNET_ASN; ipv4 { table unet4; import filter { - if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept; + if unet_is_voalid_net_v4() && !unet_is_self_net() then accept; reject; }; - export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + export filter { if unet_is_voalid_net_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 9000 action block; }; ipv6 { @@ -21,20 +21,6 @@ template bgp unet_bgp_up0 { }; } -template bgp unet_bgp_up1 { - graceful restart; - local as UNET_ASN; - ipv4 { - table unet4; - import filter { - if unet_is_valid_network_v4() && !unet_is_self_net() then accept; - reject; - }; - export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; - import limit 9000 action block; - }; -} - template bgp unet_ibgp { graceful restart; local as UNET_ASN; @@ -46,13 +32,13 @@ template bgp unet_ibgp { gateway direct; import filter { if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; + if !unet_is_voalid_net_v4() then reject; if unet_is_self_net() then reject; accept; }; export filter { if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; + if !unet_is_voalid_net_v4() then reject; if unet_is_self_net() then reject; accept; }; diff --git a/bird/peers/dn42/ibgp.conf b/bird/peers/dn42/ibgp.conf new file mode 100644 index 0000000..5d009ff --- /dev/null +++ b/bird/peers/dn42/ibgp.conf @@ -0,0 +1,4 @@ +protocol bgp dn42_ibgp_hk1 from dn42_ibgp { + source address 172.20.21.6; + neighbor 172.20.21.4 as DN42_ASN; +} \ No newline at end of file diff --git a/bird/peers/inet/bgp_zxix.conf b/bird/peers/inet/bgp_zxix.conf new file mode 100644 index 0000000..b48bb26 --- /dev/null +++ b/bird/peers/inet/bgp_zxix.conf @@ -0,0 +1,8 @@ +protocol bgp int_bgp_zxix_rs1 from tpl_bgp_up { + neighbor 2406:840:1f:1000::1 as 140961; +} + +protocol bgp int_bgp_zxix_140915_v6 from tpl_bgp_up { + source address 2406:840:1f:1000:0:15:3376:1; + neighbor 2406:840:1f:1000:0:14:915:2 as 140915; +} \ No newline at end of file diff --git a/bird/peers/inet/bgpexchange_jp.conf b/bird/peers/inet/bgpexchange_jp.conf new file mode 100644 index 0000000..57dc755 --- /dev/null +++ b/bird/peers/inet/bgpexchange_jp.conf @@ -0,0 +1,4 @@ +protocol bgp int_bgp_exchange_jp1 from tpl_bgp_up { + source address 2a0e:8f01:1000:9::10b; + neighbor 2a0e:8f01:1000:9::1 as 24381; +} \ No newline at end of file diff --git a/bird/vars.conf b/bird/vars.conf index 9d4c024..c9872f4 100644 --- a/bird/vars.conf +++ b/bird/vars.conf @@ -2,6 +2,10 @@ define LOCAL_ASN = 153376; define LOCAL_V4_kernel = 10.188.2.3; define LOCAL_V6_kernel = 2406:840:e601:1::1; +define DN42_ASN = 4242423376; +define DN42_V4_kernel = 172.20.21.6; +define DN42_V6_kernel = fde8:936e:ee29:1000::3; + define UNET_ASN = 4218818804; define UNET_V4_kernel = 10.188.2.3; diff --git a/update.sh b/update.sh index c0f2abb..8a5615e 100644 --- a/update.sh +++ b/update.sh @@ -1,22 +1,11 @@ #!/bin/bash -TABLE_NAME="ipv4_pub" -TABLE_ID=102 -RT_TABLES="/etc/iproute2/rt_tables" - -if ! grep -q "^${TABLE_ID}[[:space:]]\+${TABLE_NAME}" "$RT_TABLES"; then - echo "添加路由表 $TABLE_NAME(编号$TABLE_ID)..." - echo "${TABLE_ID} ${TABLE_NAME}" >> "$RT_TABLES" -else - echo "路由表 $TABLE_NAME 已存在,无需创建" -fi - git clone https://git.nia.ink/brnet/bird_config.git rm /etc/bird/bird.conf rm /etc/bird/function/tables.conf -mv bird_config/bird.conf /etc/bird/bird.conf -mv bird_config/function/tables.conf /etc/bird/function/tables.conf +mv bird_config/bird/bird.conf /etc/bird/bird.conf +mv bird_config/bird/function/tables.conf /etc/bird/function/tables.conf rm -rf bird_config birdc c \ No newline at end of file