brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: brnet:master
Branches Tags
brnet:master brnet:single_sub brnet:unet2
..
compare: brnet:single_sub
Branches Tags
brnet:master brnet:single_sub brnet:unet2

1 Commits
master ... single_sub

Author SHA1 Message Date
gaoyuheng
13d19a1b65 remove unet and ospf config files 2026-04-07 16:47:12 +08:00
34 changed files with 140 additions and 928 deletions
Expand all files Collapse all files

59
bird/bird.conf
View File

@@ -1,53 +1,40 @@
include "/etc/bird/vars.conf"; include "/etc/bird/vars.conf";
include "/etc/bird/whitelist/*.conf";
include "/etc/bird/function/*.conf"; include "/etc/bird/function/*.conf";
include "/etc/bird/conf/*.conf"; include "/etc/bird/conf/*.conf";
protocol device { protocol device {
scan time 10; scan time 10;
}; }
protocol kernel kernel_main4 { protocol kernel {
scan time 20; scan time 20;
ipv4 {
import none;
export filter {
if bgp_large_community ~ [(UNET_ASN, 10,4)] then accept;
reject;
};
};
};
protocol kernel kernel_t102v4 {
scan time 20;
kernel table 102;
ipv4 {
table t102v4;
import none;
export filter {
if bgp_large_community ~ [(UNET_ASN, 10,10204)] then accept;
reject;
};
};
};
protocol kernel kernel_t102v6 {
scan time 20;
kernel table 102;
ipv6 { ipv6 {
table t102v6;
import none; import none;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 10,10206)] then accept; if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
accept;
}
reject;
};
};
};
protocol kernel {
scan time 20;
ipv4 {
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject; reject;
}; };
}; };
}; };
include "/etc/bird/net/*.conf";
include "/etc/bird/filter/*.conf";
include "/etc/bird/template/*.conf"; include "/etc/bird/template/*.conf";
include "/etc/bird/peers/inet/*.conf"; include "/etc/bird/peers/*.conf";
include "/etc/bird/peers/unet/*.conf";

6
bird/conf/bfd.conf
View File

@@ -1,6 +0,0 @@
protocol bfd {
interface "wg_%" {
interval 50 ms;
multiplier 3;
};
}

29
bird/conf/inet.conf
View File

@@ -1,29 +0,0 @@
protocol static route_int_export_v4 {
route 44.32.191.0/24 reject;
ipv4 {
table inet4;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}
protocol static route_int_export_v6 {
route 2406:840:e602::/48 reject;
route 2406:840:e604::/48 reject;
route 2406:840:e606::/48 reject;
ipv6 {
table inet6;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}

11
bird/conf/mynet.conf Normal file
View File

@@ -0,0 +1,11 @@
function is_self_net() {
return net ~ [
44.32.191.0/24
];
}
function is_self_net_v6() {
return net ~ [
2406:840:e600::/44{44,48}
];
}

25
bird/conf/static.conf
View File

@@ -1,9 +1,26 @@
protocol static static_inet6 { protocol static route_int_export_v4 {
route 2406:840:e601:1000::/56 via 2406:840:e601:16::18; route 44.32.191.0/24 reject;
ipv6 { ipv4 {
table inet6; table inet4;
import filter { import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0)); bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}
protocol static route_int_export_v6 {
route 2406:840:e600::/48 reject;
ipv6 {
table inet6;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept; accept;
}; };
export none; export none;

31
bird/conf/unet.conf
View File

@@ -1,31 +0,0 @@
protocol static route_unet_export_v4 {
route 10.188.6.0/23 reject;
route 10.188.5.124/30 reject;
route 44.32.191.16/28 reject;
route 44.32.191.7/32 reject;
ipv4 {
table unet4;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
protocol static route_unet_export_v6 {
route 2406:840:e603::/48 reject;
route 2406:840:e60e::/56 reject;
ipv6 {
table unet6;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

17
bird/filter/inet_downstream.conf
View File

@@ -1,17 +0,0 @@
# 下游过滤器
# 政策:发全表,只收下游和关联下游的
# 下游-发表控制器
function function_inet6_downstream_export() {
if is_bogon_prefix() || (bgp_path.len > 20) then return false;
if ! (bgp_large_community ~ [(LOCAL_ASN, 200, 0),(LOCAL_ASN, 10100, 0..9000)]) then return false;
return true;
}
# 下游-收表控制器
# 注意,配置下游时候,一定要注意手打一个 300 0 ,不然发不出去
function function_inet6_downstream_import() {
if is_bogon_prefix() || (bgp_path.len > 20) then return false;
return true;
}

35
bird/filter/inet_ibgp.conf
View File

@@ -1,35 +0,0 @@
function function_inet_ibgp_import() {
bgp_large_community.delete((LOCAL_ASN,3,0));
if is_self_net() then return false;
if is_bogon_prefix() then return false;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then return false;
return true;
}
function function_inet_ibgp_export() {
bgp_large_community.delete((LOCAL_ASN,3,0));
if is_self_net() then return false;
if is_bogon_prefix() then return false;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then return false;
return true;
}
function function_inet4_ibgp_import() {
if !function_inet_ibgp_import() then return false;
return true;
}
function function_inet4_ibgp_export() {
if !function_inet_ibgp_export() then return false;
return true;
}
function function_inet6_ibgp_import() {
if !function_inet_ibgp_import() then return false;
return true;
}
function function_inet6_ibgp_export() {
if !function_inet_ibgp_export() then return false;
return true;
}

10
bird/filter/inet_import.conf
View File

@@ -1,10 +0,0 @@
# 对上游接收过滤器
# 政策:全网照单接受
function function_inet_bgp_import_from_upstream() {
if is_self_net() then return false;
if is_bogon_prefix() || (bgp_path.len > 20) then return false;
# 允许转发给下游
bgp_large_community.add((LOCAL_ASN,1000,0));
return true;
}

34
bird/filter/inet_upstream0.conf
View File

@@ -1,34 +0,0 @@
# 普通上游(发布控制器)
# 政策:只发自己的
function function_inet_bgp_export_to_upstream0() {
if !is_self_net() then return false;
if is_bogon_prefix() then return false;
if source != RTS_STATIC then return false;
# 100禁止性过滤
if bgp_large_community ~ [(LOCAL_ASN, 100, 100)] then return false;
if bgp_large_community ~ [(LOCAL_ASN, 100, 200)] then return false;
if bgp_large_community ~ [(LOCAL_ASN, 200, 201)] then return false;
# 前置过滤:允许自己的段子-所有上游和普通上游
if bgp_large_community ~ [(LOCAL_ASN, 200, 0)] then return true;
if bgp_large_community ~ [(LOCAL_ASN, 200, 1)] then return true;
if bgp_large_community ~ [(LOCAL_ASN, 200, 2)] then return false;
return false;
}
function function_inet_control_bgp_upstream0(int peer_asn){
# 1.禁止带有 201 0 (禁止一切外发)的发出去
if bgp_large_community ~ [(LOCAL_ASN, 201, 0)] then return false;
# 2.禁止带有 201 peer asn (禁止向某一外发)的发出去
if bgp_large_community ~ [(LOCAL_ASN, 201, peer_asn)] then return false;
# 3.不带202,0(允许全体外发)但是带有202,peer asn允许单一外发
if (bgp_large_community !~ [(LOCAL_ASN, 202, 0)]) then {
if bgp_large_community ~ [(LOCAL_ASN, 202, peer_asn)] then return true;
}
# 4.带有202,0允许一切外发
if bgp_large_community ~ [(LOCAL_ASN, 202, 0)] then return true;
return false;
}

46
bird/filter/inet_upstream1.conf
View File

@@ -1,46 +0,0 @@
# 能带下游的上游(发布控制器)
# 政策:发自己的+下游的
function function_inet_bgp_export_to_upstream1() {
if source !~ [RTS_STATIC, RTS_BGP] then return false;
if is_bogon_prefix() then return false;
# 100禁止性过滤
if bgp_large_community ~ [(LOCAL_ASN, 100, 100)] then return false;
if bgp_large_community ~ [(LOCAL_ASN, 100, 200)] then return false;
if bgp_large_community ~ [(LOCAL_ASN, 200, 202)] then return false;
if source =RTS_STATIC then {
# 静态路由,允许 200[0 2]
if bgp_large_community ~ [(LOCAL_ASN, 200, 0)] then return true;
if bgp_large_community ~ [(LOCAL_ASN, 200, 2)] then return true;
if bgp_large_community ~ [(LOCAL_ASN, 200, 1)] then return false;
}
if source = RTS_BGP then {
if bgp_large_community ~ [(LOCAL_ASN, 10100, 4)] then return true;
}
return false;
}
function function_inet_control_bgp_upstream1(int peer_asn){
# 1.禁止带有 201 0 (禁止一切外发) 301 0禁止下游段子转发的发出去
if bgp_large_community ~ [(LOCAL_ASN, 201, 0)] then return false;
if bgp_large_community ~ [(LOCAL_ASN, 301, 0)] then return false;
# 2.禁止带有 201 peer asn (禁止向某一外发) 301 peer asn禁止向某一外发下游的发出去
if bgp_large_community ~ [(LOCAL_ASN, 201, peer_asn)] then return false;
if bgp_large_community ~ [(LOCAL_ASN, 301, peer_asn)] then return false;
# 3.不带202,0(允许全体外发)但是带有202,peer asn 放
if (bgp_large_community !~ [(LOCAL_ASN, 202, 0)]) then {
if bgp_large_community ~ [(LOCAL_ASN, 202, peer_asn)] then return true;
}
# 不带302 0但是有302 peer asn的
if (bgp_large_community !~ [(LOCAL_ASN, 302, 0)]) then {
if bgp_large_community ~ [(LOCAL_ASN, 302, peer_asn)] then return true;
}
# 4.带有202,0允许一切外发和302 0的
if bgp_large_community ~ [(LOCAL_ASN, 202, 0)] then return true;
if bgp_large_community ~ [(LOCAL_ASN, 302, 0)] then return true;
return false;
}

42
bird/filter/unet_filter.conf
View File

@@ -1,42 +0,0 @@
function function_unet_import() {
if !unet_is_valid_network() then return false;
if is_unet_self_net() then return false;
bgp_large_community.add((UNET_ASN,200,0));
return true;
}
function function_unet_export() {
if !unet_is_valid_network() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
accept;
}
function function_unet_only_import() {
if !unet_is_valid_network_v4() then return false;
if is_unet_self_net() then return false;
bgp_large_community.add((UNET_ASN,200,0));
return true;
}
function function_unet_only_export() {
if !unet_is_valid_network_v4() then return false;
if source !~ [RTS_STATIC, RTS_BGP] then return false;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then return false;
return true;
}
function function_unet_ibgp_import() {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then return false;
if !unet_is_valid_network() then return false;
if is_unet_self_net() then return false;
return true;
}
function function_unet_ibgp_export() {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then return false;
if !unet_is_valid_network() then return false;
if is_unet_self_net() then return false;
return true;
}

7
bird/function/inet.conf
View File

@@ -1,7 +0,0 @@
function is_self_net() {
case net.type {
NET_IP4: return net ~ is_inet_self_IPv4;
NET_IP6: return net ~ is_inet_self_IPv6;
else: print "is_inet_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}

26
bird/function/tables.conf
View File

@@ -1,8 +1,22 @@
ipv4 table t102v4;
ipv6 table t102v6;
ipv4 table inet4; ipv4 table inet4;
ipv6 table inet6; ipv6 table inet6;
ipv4 table unet4;
ipv6 table unet6; protocol pipe inet6_sync {
ipv4 table ospf4; table inet6;
ipv6 table ospf6; peer table master6;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe inet4_sync {
table inet4;
peer table master4;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}

32
bird/function/unet.conf
View File

@@ -1,32 +0,0 @@
function unet_is_valid_network_v4() {
return net ~ [
10.0.0.0/8+
];
}
function unet_is_valid_network_v4_allnet(){
if unet_is_valid_network_v4() then return true;
if is_self_net() then return true;
return false;
}
function unet_is_voalid_net_v6(){
if is_self_net() then return true;
return false;
}
function is_unet_self_net() {
case net.type {
NET_IP4: return net ~ is_unet_self_IPv4;
NET_IP6: return net ~ is_unet_self_IPv6;
else: print "is_unet_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}
function unet_is_valid_network() {
case net.type {
NET_IP4: return unet_is_valid_network_v4_allnet();
NET_IP6: return unet_is_voalid_net_v6();
}
}

29
bird/net/inet.conf
View File

@@ -1,29 +0,0 @@
protocol pipe inet4_sync {
table inet4;
peer table t102v4;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10204));
krt_prefsrc = LOCAL_V4_kernel;
accept;
};
import none;
}
protocol pipe inet6_sync {
table inet6;
peer table t102v6;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10206));
krt_prefsrc = LOCAL_V6_kernel;
accept;
};
import none;
}

21
bird/net/ospf.conf
View File

@@ -1,21 +0,0 @@
protocol pipe ospf4_sync {
table ospf4;
peer table unet4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
import none;
}
protocol pipe ospf6_sync {
table ospf6;
peer table unet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
import none;
}
include "/etc/bird/peers/ospf/*.conf";

40
bird/net/unet.conf
View File

@@ -1,40 +0,0 @@
# 公网处理 => inet4/6
protocol pipe unet4_inet4_sync {
table unet4;
peer table inet4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then {
if net!~[10.188.0.0/16+] then reject;
}
accept;
};
import none;
}
protocol pipe unet6_inet6_sync {
table unet6;
peer table inet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
accept;
};
import none;
}
# 剩下的进入master (只有V4)
protocol pipe unet4_sync {
table unet4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !unet_is_valid_network_v4() then reject;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,4));
krt_prefsrc = UNET_V4_kernel;
accept;
};
import none;
}

4
bird/peers/bgp.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp inet_bgp_as153376 from tpl_bgp_up {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as 153376;
}

9
bird/peers/inet/ebgp.conf
View File

@@ -1,9 +0,0 @@
protocol bgp bgp_int_44324_v4 from tpl_inet4_up {
source address 10.188.6.1;
neighbor 10.188.6.2 as 44324;
}
protocol bgp bgp_int_44324_v6 from tpl_inet6_up {
source address fe80:1::2;
neighbor fe80:1::1%wg_40005 as 44324;
}

9
bird/peers/inet/ibgp.conf
View File

@@ -1,9 +0,0 @@
protocol bgp ibgp_int_zj1_v6 from tpl_inet6_ibgp {
source address fe80:1::2;
neighbor fe80:1::1%wg_40005 as LOCAL_ASN;
}
protocol bgp ibgp_int_zj1_v4 from tpl_inet4_ibgp {
source address 10.188.1.1;
neighbor 10.188.1.2 as LOCAL_ASN;
}

35
bird/peers/ospf/ospf_ipv4.conf
View File

@@ -1,35 +0,0 @@
protocol ospf v3 ospf_ipv4 {
ipv4 {
table ospf4;
import filter {
bgp_large_community.add((UNET_ASN,1,0));
accept;
};
export filter {
if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject;
accept;
};
import limit 1000 action block;
};
area 0 {
interface "pccw1" {
cost 5;
password "114514";
};
};
}
protocol static route_ospf_export_v4 {
route 10.188.3.0/24 reject;
ipv4 {
table ospf4;
import filter {
bgp_large_community.add((UNET_ASN,301,0));# 允许导出至OSPF
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
accept;
};
export none;
};
}

36
bird/peers/ospf/ospf_ipv6.conf
View File

@@ -1,36 +0,0 @@
protocol ospf v3 ospf_ipv6 {
ipv6 {
table ospf6;
import filter {
bgp_large_community.add((UNET_ASN,1,0));
accept;
};
export filter {
if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject;
accept;
};
import limit 1000 action block;
};
area 0 {
interface "pccw1" {
cost 5;
};
};
}
protocol static route_ospf_export_v6 {
route 2406:840:e601:1::/64 reject;
route 2406:840:e601:3::/64 reject;
route 2406:840:e601:4::/63 reject;
route 2406:840:e601:2000::/51 reject;
ipv6 {
table ospf6;
import filter {
bgp_large_community.add((UNET_ASN,301,0));# 允许导出至OSPF
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
accept;
};
export none;
};
}

9
bird/peers/unet/ebgp.conf
View File

@@ -1,9 +0,0 @@
protocol bgp bgp_unet_hk2 from unet_bgp_up0 {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as 4218818801;
}
protocol bgp bgp_unet_hk3 from unet_bgp_up1 {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as 4218818802;
}

4
bird/peers/unet/ibgp.conf
View File

@@ -1,4 +0,0 @@
protocol bgp ibgp_unet_hk1 from unet_ibgp {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as UNET_ASN;
}

73
bird/template/inet.conf
View File

@@ -1,34 +1,77 @@
template bgp tpl_inet_up { template bgp tpl_bgp_up {
graceful restart; graceful restart;
local as LOCAL_ASN; local as LOCAL_ASN;
ipv4 { ipv4 {
table inet4; table inet4;
import filter {if !function_inet_bgp_import_from_upstream() then reject; accept; }; import filter {
export filter {if !function_inet_bgp_export_to_upstream0() then reject; accept; }; if is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
accept;
};
export filter {
if !is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
}; };
ipv6 { ipv6 {
table inet6; table inet6;
import filter {if !function_inet_bgp_import_from_upstream() then reject; accept; }; import filter {
export filter {if !function_inet_bgp_export_to_upstream0() then reject; accept; }; if is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
accept;
};
export filter {
if !is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
}; };
} }
template bgp tpl_inet4_up { template bgp tpl_ibgp {
graceful restart; graceful restart;
local as LOCAL_ASN; local as LOCAL_ASN;
med metric;
direct;
ipv4 { ipv4 {
table inet4; table inet4;
import filter {if !function_inet_bgp_import_from_upstream() then reject; accept; }; next hop self;
export filter {if !function_inet_bgp_export_to_upstream0() then reject; accept; }; gateway direct;
import filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
}; };
}
template bgp tpl_inet6_up {
graceful restart;
local as LOCAL_ASN;
ipv6 { ipv6 {
table inet6; table inet6;
import filter {if !function_inet_bgp_import_from_upstream() then reject; accept; }; next hop self;
export filter {if !function_inet_bgp_export_to_upstream0() then reject; accept; }; gateway direct;
import filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
}; };
} }

37
bird/template/inet_ibgp.conf
View File

@@ -1,37 +0,0 @@
template bgp tpl_inet_ibgp {
graceful restart;
local as LOCAL_ASN;
med metric;
direct;
ipv4 {
table inet4;
next hop self;
gateway direct;
import filter {if !function_inet4_ibgp_import() then reject; accept; };
export filter {if !function_inet4_ibgp_export() then reject; accept; };
};
ipv6 {
table inet6;
next hop self;
gateway direct;
import filter {if !function_inet6_ibgp_import() then reject; accept; };
export filter {if !function_inet6_ibgp_export() then reject; accept; };
};
}
template bgp tpl_inet_ibgp_local_mp {
graceful restart;
local as LOCAL_ASN;
med metric;
ipv4 {
table inet4;
import filter { if !function_inet4_ibgp_import() then reject; accept; };
export filter { if !function_inet4_ibgp_export() then reject; accept; };
};
ipv6 {
table inet6;
import filter { if !function_inet6_ibgp_import() then reject; accept; };
export filter { if !function_inet6_ibgp_export() then reject; accept; };
};
}

48
bird/template/unet.conf
View File

@@ -1,48 +0,0 @@
template bgp unet_bgp_up0 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {if !function_unet_import() then reject; accept; };
export filter {if !function_unet_export() then reject; accept; };
import limit 9000 action block;
};
ipv6 {
table unet6;
import filter {if !function_unet_import() then reject; accept; };
export filter {if !function_unet_export() then reject; accept; };
import limit 9000 action block;
};
}
template bgp unet_bgp_up1 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {if !function_unet_only_import() then reject; accept; };
export filter {if !function_unet_only_export() then reject; accept; };
import limit 9000 action block;
};
}
template bgp unet_ibgp {
graceful restart;
local as UNET_ASN;
med metric;
direct;
ipv4 {
table unet4;
next hop self;
gateway direct;
import filter {if !function_unet_ibgp_import() then reject; accept; };
export filter {if !function_unet_ibgp_export() then reject; accept; };
};
ipv6 {
table unet6;
next hop self;
gateway direct;
import filter {if !function_unet_ibgp_import() then reject; accept; };
export filter {if !function_unet_ibgp_export() then reject; accept; };
};
}

12
bird/vars.conf
View File

@@ -1,11 +1,5 @@
define LOCAL_ASN = 153376; define LOCAL_ASN = 153376;
define LOCAL_V4_kernel = 44.32.191.7; define LOCAL_V4_kernel = 10.188.2.3;
define LOCAL_V6_kernel = 2406:840:e603::1; define LOCAL_V6_kernel = 2406:840:e601:1::1;
define DN42_ASN = 4242423376; router id 154.37.212.38;
define DN42_V4_kernel = 172.20.21.7;
define UNET_ASN = 4218818801;
define UNET_V4_kernel = 10.188.6.2;
router id 10.188.6.2;

93
bird/whitelist/downmyip.sh
View File

@@ -1,93 +0,0 @@
#!/bin/bash
# downmyip - 自动从 /etc/bird/vars.conf 读取ASN并下载ROA配置
# 配置文件路径
VARS_CONF="/etc/bird/vars.conf"
BASE_URL="https://ntwkapi.noc.zhuantou.com.cn/brnet/roa/api.php?as="
# 颜色输出
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
get_asn() {
grep "^define $1_ASN" "$VARS_CONF" | awk -F'[=; ]' '{print $5}'
}
# 函数:下载配置
download_roa() {
local asn="$1"
local filename="/etc/bird/whitelist/$2"
if [ -z "$asn" ]; then
echo -e "${YELLOW}⏭️ $filename 未配置ASN跳过下载${NC}"
return
fi
echo -e "${YELLOW}📥 正在下载 $filename (ASN: $asn)${NC}"
if wget -q -O "$filename" "${BASE_URL}${asn}"; then
echo -e "${GREEN}$filename 下载成功${NC}"
else
echo -e "${RED}$filename 下载失败${NC}"
fi
}
# 函数:创建软链接
create_symlink() {
local script_path=$(realpath "$0")
local link_path="/usr/local/bin/downmyip"
if [ -L "$link_path" ] || [ -f "$link_path" ]; then
echo -e "${YELLOW}🔗 软链接已存在${NC}"
return
fi
echo -e "${YELLOW}🔗 创建全局命令downmyip${NC}"
if ln -s "$script_path" "$link_path"; then
echo -e "${GREEN}✅ 软链接创建完成!${NC}"
else
echo -e "${RED}❌ 请用sudo运行脚本以创建软链接${NC}"
fi
}
# ===================== 主逻辑 =====================
clear
echo -e "${YELLOW}===== downmyip - 自动下载ROA配置 =====${NC}"
# 1. 检查vars.conf是否存在
if [ ! -f "$VARS_CONF" ]; then
echo -e "${RED}❌ 配置文件不存在:$VARS_CONF${NC}"
exit 1
fi
# 2. 读取三个ASN
INET_ASN=$(get_asn "LOCAL")
DN42_ASN=$(get_asn "DN42")
UNET_ASN=$(get_asn "UNET")
echo -e "${GREEN}📄 从vars.conf读取ASN${NC}"
[ -n "$INET_ASN" ] && echo "公网ASN$INET_ASN" || echo "公网ASN未配置"
[ -n "$DN42_ASN" ] && echo "DN42 ASN$DN42_ASN" || echo "DN42 ASN未配置"
[ -n "$UNET_ASN" ] && echo "内网ASN$UNET_ASN" || echo "内网ASN未配置"
echo
# 3. 依次下载(不存在则跳过)
download_roa "$INET_ASN" "inet.conf"
download_roa "$DN42_ASN" "dn42.conf"
download_roa "$UNET_ASN" "unet.conf"
echo
# 4. 重载BIRD配置
echo -e "${YELLOW}🔄 执行birdc c${NC}"
if command -v birdc &>/dev/null; then
birdc c
echo -e "${GREEN}✅ BIRD重载完成${NC}"
else
echo -e "${RED}❌ 未找到birdc命令${NC}"
fi
# 5. 创建全局软链接
create_symlink
echo -e "\n${GREEN}===== 全部执行完毕 =====${NC}"

73
ip-policy-rules
View File

@@ -1,73 +0,0 @@
#!/sbin/openrc-run
description="Custom IP Policy Route for Alpine"
depend() {
need net networking
after net-online
trigger on restart networking
}
trigger() {
case "$1" in
restart)
ebegin "Triggered by network restart, reloading IP policy rules"
restart
eend $?
;;
*)
ebegin "Unsupported trigger: $1"
eend 1
;;
esac
}
#空格来分隔不同的前缀
ALL_TUNNEL_SUBNETS="44.32.191.0/24"
BASE_PRIORITY=200
TUNNEL_SUBNET_V6="2000::/3"
add_rules() {
local current_prio=${BASE_PRIORITY}
for subnet in ${ALL_TUNNEL_SUBNETS}; do
ip rule add from ${subnet} lookup 102 priority ${current_prio} 2>/dev/null
ip rule add to ${subnet} lookup 102 priority $((current_prio + 1)) 2>/dev/null
current_prio=$((current_prio + 2))
done
ip -6 rule add from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null
}
del_rules() {
local current_prio=${BASE_PRIORITY}
for subnet in ${ALL_TUNNEL_SUBNETS}; do
ip rule del from ${subnet} lookup 102 priority ${current_prio} 2>/dev/null
ip rule del to ${subnet} lookup 102 priority $((current_prio + 1)) 2>/dev/null
current_prio=$((current_prio + 2))
done
ip -6 rule del from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null
}
start() {
ebegin "Loading static IP policy rules (tunnel + downstream)"
add_rules
eend $? "Failed to load IP policy rules"
}
stop() {
ebegin "Removing static IP policy rules (tunnel + downstream)"
del_rules
eend $? "Failed to remove IP policy rules"
}
restart() {
stop
sleep 1
start
}
reload() {
ebegin "Refreshing static IP policy rules"
del_rules
sleep 0.5
add_rules
eend $? "Failed to refresh IP policy rules"
}

24
readme.md
View File

@@ -1,24 +0,0 @@
# 这里是BRNET配置文件
## 目录格式
-- bird
-- bird/conf/ # 存放需要使用BGP协议宣告的静态规则库 (用户配置)
-- bird/first/ # 定义内部IP范围 (用户配置)
-- bird/function/ # 定义表、网络IP范围等
-- bird/net/ # 定义网络同步规则
-- bird/peers/ # 存放对等体的配置信息 (用户配置)
-- bird/template/ # 定义BGP模板
-- bird/bird.conf # bird核心配置
-- bird/envvars # 环境变量
-- bird/var.conf # 配置节点基本信息 (用户配置)
## BGP社区
最近我们要对BGP社区进行大改请注意相关细节的变更。
我们定义了以下BGP社区请按照规则使用<br>
1.不允许导出到内核:(ASN,3,0) 对公网和UNET均生效<br>
2.不允许传输到IBGP(ASN,1,0) 对公网和UNET均生效<br>
3.允许传输到EBGP(ASN,200,0) 对公网和UNET均生效<br>
3.允许传输到EBGP流经IX(ASN,200,1) (公网生效)<br>
4.允许导出到OSPF(UNET_ASN,301,0) 仅对UNET生效依赖UNET<br>
请注意进入我网和经过我网的路由条目都会《社区消消乐》我会把相关BGP社区全删了。

72
route-sync
View File

@@ -1,72 +0,0 @@
#!/bin/bash
set -euo pipefail
MAIN_TABLE="main"
RT_TABLES_FILE="/etc/iproute2/rt_tables"
check_root() {
if [ $EUID -ne 0 ]; then
echo "错误操作路由表需要root权限请使用sudo运行脚本"
exit 1
fi
}
get_custom_tables() {
grep -vE '^#|^$' "${RT_TABLES_FILE}" | awk '{print $1}' | \
grep -E '^[0-9]+$' | grep -v "^${MAIN_TABLE}$" | sort -n | uniq | tr '\n' ' ' | sed 's/ $//'
}
sync_ipv4_routes() {
local custom_tables="$1"
local ipv4_routes
ipv4_routes=$(ip -4 route show table "${MAIN_TABLE}" proto kernel scope link)
local ipv4_count=$(echo "${ipv4_routes}" | grep -c .)
if [ ${ipv4_count} -gt 0 ]; then
echo "${ipv4_routes}" | while read -r route; do
[ -z "${route}" ] && continue
for table in ${custom_tables}; do
ip -4 route replace ${route} table ${table} >/dev/null 2>&1
done
#echo "${route} --> ${custom_tables}"
done
echo "IPv4同步完成,共${ipv4_count}条"
else
echo "IPv4无直连路由"
fi
}
sync_ipv6_routes() {
local custom_tables="$1"
local ipv6_routes
ipv6_routes=$(ip -6 route show table "${MAIN_TABLE}" proto kernel metric 256)
local ipv6_count=$(echo "${ipv6_routes}" | grep -c .)
if [ ${ipv6_count} -gt 0 ]; then
echo "${ipv6_routes}" | while read -r route; do
[ -z "${route}" ] && continue
for table in ${custom_tables}; do
ip -6 route replace ${route} table ${table} >/dev/null 2>&1
done
#echo "${route} --> ${custom_tables}"
done
echo "IPv6同步完成,共${ipv6_count}条"
else
echo "IPv6无直连路由可同步"
fi
}
main() {
check_root
local CUSTOM_TABLES=$(get_custom_tables)
if [ -z "${CUSTOM_TABLES}" ]; then
echo "提示:${RT_TABLES_FILE}中无自定义路由表已排除254主表退出执行"
exit 0
fi
echo "获取到路由表:${CUSTOM_TABLES}"
sync_ipv4_routes "${CUSTOM_TABLES}"
sync_ipv6_routes "${CUSTOM_TABLES}"
echo "所有路由同步完成!"
}
main

30
update.sh
View File

@@ -1,30 +0,0 @@
#!/bin/bash
cd
git clone https://git.nia.ink/brnet/bird_config.git
rm /etc/bird/bird.conf
mv ./bird_config/bird/bird.conf /etc/bird/
rm /etc/bird/conf/dn42.conf
rm /etc/bird/filter/*.conf
mv ./bird_config/bird/filter/*.conf /etc/bird/filter/
rm /etc/bird/function/*.conf
mv ./bird_config/bird/function/*.conf /etc/bird/function/
rm /etc/bird/net/dn42.conf
rm /etc/bird/net/unet.conf
mv ./bird_config/bird/net/unet.conf /etc/bird/net/
rm /etc/bird/template/*.conf
mv ./bird_config/bird/template/*.conf /etc/bird/template/
birdc c
cd
rm -rf bird_config
cd
rm update.sh