brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: brnet:unet3
Branches Tags
brnet:master brnet:unet2 brnet:unet3
...
pull from: brnet:master
Branches Tags
brnet:master brnet:unet2 brnet:unet3

59 Commits
unet3 ... master

Author SHA1 Message Date
gaoyuheng
0b3d5d7d00 routesync 2026-02-05 00:56:38 +08:00
gaoyuheng
022ef0ae8a q 2026-01-28 12:37:15 +08:00
gaoyuheng
a7252f5066 0 2026-01-26 15:39:33 +08:00
gaoyuheng
c2f483284c uo 2026-01-26 15:39:07 +08:00
gaoyuheng
99e59387c7 update 2026-01-26 15:36:01 +08:00
gaoyuheng
ce7ff04133 fix 2026-01-26 14:52:04 +08:00
gaoyuheng
2891ac911e inet4 2026-01-26 12:28:08 +08:00
gaoyuheng
7602aae2a0 联动 IPrule规则 2026-01-26 12:00:37 +08:00
gaoyuheng
e6ff2f853a a 2026-01-26 11:35:29 +08:00
gaoyuheng
f19dc815cf list update 2026-01-26 11:33:36 +08:00
gaoyuheng
76bf4cf910 更新配置 2026-01-26 11:28:43 +08:00
gaoyuheng
392ed32c2c 1 2026-01-26 11:23:32 +08:00
gaoyuheng
f093da11d4 更新了分库分表配置 2026-01-26 11:20:16 +08:00
gaoyuheng
2d1eb76608 修改介绍 2026-01-11 17:48:01 +08:00
gaoyuheng
a7e2ccec61 DN42临时模板配置,需要审计 2025-12-23 16:57:55 +08:00
gaoyuheng
ddf74a9568 Fix : OSPF import filter change 2025-12-19 19:31:10 +08:00
gaoyuheng
703d2696bf aaa 2025-12-18 20:21:36 +08:00
gaoyuheng
a96c3e8fb9 c 2025-12-18 19:54:54 +08:00
gaoyuheng
98689e0eba oc 2025-12-18 19:53:03 +08:00
gaoyuheng
ce8c74ae7b i 2025-12-18 19:24:19 +08:00
gaoyuheng
e246a62a91 0 2025-12-18 19:22:44 +08:00
gaoyuheng
433ad0f5c5 change 2025-12-18 19:19:30 +08:00
gaoyuheng
3a6b014333 0 2025-12-17 18:13:41 +08:00
gaoyuheng
1bf21683ce Fix : fix Internet ipv4 CIDR in UNET connection 2025-12-16 20:03:17 +08:00
gaoyuheng
b4f2fc4b3a fix 2025-12-16 16:27:51 +08:00
gaoyuheng
d21c8e44aa Fix : mv commind error when in basybox 2025-12-16 15:59:03 +08:00
gaoyuheng
521702243b Fix:add dn42 and change config 2025-12-16 15:56:30 +08:00
daxi20
95a3532da2 de 2025-11-26 21:19:29 +08:00
daxi20
ab6840b60a x 2025-11-26 21:05:54 +08:00
daxi20
0476cf5a25 i 2025-11-26 21:01:54 +08:00
daxi20
046bc9e1cd i 2025-11-26 20:53:12 +08:00
daxi20
1dd25e25ed 更新IXP配置 2025-11-26 20:51:23 +08:00
daxi20
2f982e9892 netlink作为可选政策 2025-11-26 20:35:04 +08:00
daxi20
f0dc592fdb i 2025-11-26 20:31:59 +08:00
daxi20
8ed9e13f2b 更新了缓冲区设置选项,并修复了部分错误 2025-11-26 20:25:23 +08:00
daxi20
ee3d66217a 路由表防卡油 2025-11-18 12:52:29 +08:00
daxi20
0f50f35e34 o 2025-11-13 15:26:55 +08:00
daxi20
f004974d3c 更新readme 2025-11-13 15:26:26 +08:00
daxi20
be25318525 路由表格式修正 2025-11-13 14:51:24 +08:00
daxi20
948bb1f0df 修整迁移 2025-11-13 14:45:27 +08:00
daxi20
f8bf669e83 删东西删干净点 2025-11-13 14:43:27 +08:00
daxi20
ddeecd2c99 史诗更新 2025-11-13 14:41:55 +08:00
daxi20
cde500b4f6 remark 2025-11-08 21:43:43 +08:00
daxi20
7510834a1e 更新INET协议栈格式 2025-11-08 21:38:35 +08:00
daxi20
1bd6e4b59e 细微修整 2025-11-03 16:59:17 +08:00
daxi20
37842ed600 更新外发BGP模板 2025-11-03 16:57:26 +08:00
daxi20
d6c621f38d Add DN42 fitter 2025-11-03 15:51:48 +08:00
daxi20
02cbb8fc61 d 2025-11-02 13:35:36 +08:00
daxi20
46dc40ca76 d 2025-11-02 13:33:06 +08:00
daxi20
8a48e3075f iz 2025-11-02 13:31:21 +08:00
daxi20
b2d136ae8a 删除DN42相关配置 2025-11-02 13:24:07 +08:00
gaoyuheng
dcdfb1d71b o 2025-11-01 21:58:50 +08:00
gaoyuheng
99ae95c860 i 2025-11-01 21:54:25 +08:00
gaoyuheng
42f30a247a i 2025-11-01 21:45:47 +08:00
daxi20
b96a81e2ff i 2025-10-30 13:29:32 +08:00
daxi20
2b86aa4590 fix 2025-10-30 13:19:52 +08:00
daxi20
9c11cb60e6 add dn42 2025-10-30 10:26:18 +08:00
daxi20
947a310e20 add dn42 2025-10-30 10:25:57 +08:00
daxi20
0a2ed5e91f 同步配置 2025-10-30 08:32:36 +08:00
33 changed files with 884 additions and 343 deletions
Expand all files Collapse all files

25
bird/bird.conf
View File

@@ -1,24 +1,10 @@
include "/etc/bird/vars.conf"; include "/etc/bird/vars.conf";
include "/etc/bird/whitelist/*.conf";
include "/etc/bird/function/*.conf"; include "/etc/bird/function/*.conf";
include "/etc/bird/conf/*.conf"; include "/etc/bird/conf/*.conf";
protocol device { protocol device {
scan time 10; scan time 10;
}
protocol kernel {
scan time 20;
ipv6 {
import none;
export filter {
if source = RTS_STATIC then reject;
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
accept;
}
reject;
};
};
}; };
protocol kernel { protocol kernel {
@@ -31,13 +17,14 @@ protocol kernel {
krt_prefsrc = UNET_V4_kernel; krt_prefsrc = UNET_V4_kernel;
accept; accept;
} }
if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V4_kernel;
accept;
}
reject; reject;
}; };
}; };
}; };
include "/etc/bird/net/*.conf"; include "/etc/bird/net/*.conf";
include "/etc/bird/filter/*.conf";
include "/etc/bird/template/*.conf";
include "/etc/bird/peers/inet/*.conf";
include "/etc/bird/peers/dn42/*.conf";
include "/etc/bird/peers/unet/*.conf";

28
bird/conf/dn42.conf Normal file
View File

@@ -0,0 +1,28 @@
protocol static route_dn42_export_v4 {
route 172.20.21.0/26 reject;
ipv4 {
table dn42v4;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
protocol static route_dn42_export_v6 {
route fde8:936e:ee29::/48 reject;
ipv6 {
table dn42v6;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

29
bird/conf/inet.conf Normal file
View File

@@ -0,0 +1,29 @@
protocol static route_int_export_v4 {
route 44.32.191.0/24 reject;
ipv4 {
table inet4;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}
protocol static route_int_export_v6 {
route 2406:840:e602::/48 reject;
route 2406:840:e604::/48 reject;
route 2406:840:e606::/48 reject;
ipv6 {
table inet6;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}

90
bird/conf/mynet.conf
View File

@@ -1,90 +0,0 @@
function is_self_net() {
return net ~ [
44.32.191.0/24
];
}
protocol static route_int_export_v4 {
route 44.32.191.0/24 reject;
ipv4 {
table inet4;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}
function is_self_net_v6() {
return net ~ [
2406:840:e600::/44{44,48},
2a14:7580:9600::/40{40,48}
];
}
protocol static route_int_export_v6 {
route 2406:840:e600::/48 reject;
route 2406:840:e601::/48 reject;
route 2406:840:e608::/46 reject;
route 2a14:7580:9600::/47 reject;
route 2a14:7580:9603::/48 reject;
route 2a14:7580:9604::/48 reject;
ipv6 {
table inet6;
import filter {
bgp_large_community.add((LOCAL_ASN,3,0));
bgp_large_community.add((LOCAL_ASN,1,0));
bgp_large_community.add((LOCAL_ASN,200,0));
accept;
};
export none;
};
}
function unet_is_self_net() {
return net ~ [
10.188.2.0/23+,
10.188.11.0/24,
172.20.21.0/29
];
}
protocol static route_unet_export_v4 {
route 10.188.2.0/23 reject;
route 10.188.11.0/24 reject;
ipv4 {
table unet4;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
function unet_is_self_net_v6() {
return net ~ [
2406:840:e601::/48{48,56}
];
}
protocol static route_unet_export_v6 {
route 2406:840:e601::/48 reject;
ipv6 {
table unet6;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

31
bird/conf/unet.conf Normal file
View File

@@ -0,0 +1,31 @@
protocol static route_unet_export_v4 {
route 10.188.6.0/23 reject;
route 10.188.5.124/30 reject;
route 44.32.191.16/28 reject;
route 44.32.191.7/32 reject;
ipv4 {
table unet4;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
protocol static route_unet_export_v6 {
route 2406:840:e603::/48 reject;
route 2406:840:e60e::/56 reject;
ipv6 {
table unet6;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

15
bird/filter/inet_downstream.conf Normal file
View File

@@ -0,0 +1,15 @@
# 下游-收表控制器
function function_inet6_downstream_import() {
if is_bogon_prefix() || (bgp_path.len > 100) then return false;
bgp_large_community.add((LOCAL_ASN,200,0));
return true;
}
# 下游-发表控制器
function function_inet6_downstream_export() {
# 过滤掉begon和过长的段子太长了下游受不了
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
# BGP发出底线防控
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;
return true;
}

29
bird/filter/inet_filter.conf Normal file
View File

@@ -0,0 +1,29 @@
function function_inet4_bgp_import() {
if is_self_net() then return false;
if is_bogon_prefix() || (bgp_path.len > 100) then return false;
bgp_large_community.add((LOCAL_ASN,200,0));
return true;
}
function function_inet4_bgp_export() {
if !is_self_net() then return false;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;
return true;
}
function function_inet6_bgp_import() {
if is_self_net() then return false;
if is_bogon_prefix() || (bgp_path.len > 100) then return false;
bgp_large_community.add((LOCAL_ASN,200,0));
return true;
}
function function_inet6_bgp_export() {
if !is_self_net() then return false;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;
return true;
}

27
bird/filter/inet_ibgp.conf Normal file
View File

@@ -0,0 +1,27 @@
function function_inet4_ibgp_import() {
if is_self_net() then return false;
if is_bogon_prefix() then return false;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
return true;
}
function function_inet4_ibgp_export() {
if is_self_net() then return false;
if is_bogon_prefix() then return false;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
return true;
}
function function_inet6_ibgp_import() {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
return true;
}
function function_inet6_ibgp_export() {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
return true;
}

22
bird/function/dn42.conf Normal file
View File

@@ -0,0 +1,22 @@
define DN42_PREFIXES_V4 = [
172.20.0.0/14+
];
define DN42_PREFIXES_V6 = [
fd00::/8+
];
function is_dn42_prefix() {
case net.type {
NET_IP4: return net ~ DN42_PREFIXES_V4;
NET_IP6: return net ~ DN42_PREFIXES_V6;
else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}
function is_dn42_self_net() {
case net.type {
NET_IP4: return net ~ IS_SELF_NET_dn42v4;
NET_IP6: return net ~ IS_SELF_NET_dn42v6;
else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}

7
bird/function/inet.conf Normal file
View File

@@ -0,0 +1,7 @@
function is_self_net() {
case net.type {
NET_IP4: return net ~ IS_SELF_NET_inet4;
NET_IP6: return net ~ IS_SELF_NET_inet6;
else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}

28
bird/function/network.conf
View File

@@ -1,28 +0,0 @@
function unet_is_valid_network_v4() {
return net ~ [
10.50.0.0/16+,
10.88.0.0/16+,
10.21.0.0/16+,
10.188.0.0/16+
];
}
function unet_is_valid_network_v4_anynet() {
return net ~ [
172.20.21.0/26+,
44.32.191.0/24+
];
}
function unet_is_valid_network_v4_allnet(){
if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false;
return true;
}
function unet_is_voalid_net_v6(){
return net ~ [
2406:840:e600::/44{44,56},
2a14:7580:9600::/40{40,56}
];
}

57
bird/function/tables.conf
View File

@@ -1,61 +1,8 @@
ipv4 table inet4; ipv4 table inet4;
ipv6 table inet6; ipv6 table inet6;
ipv4 table dn42v4;
ipv6 table dn42v6;
ipv4 table unet4; ipv4 table unet4;
ipv6 table unet6; ipv6 table unet6;
ipv4 table ospf4; ipv4 table ospf4;
ipv6 table ospf6; ipv6 table ospf6;
protocol pipe inet6_sync {
table inet6;
peer table master6;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe inet4_sync {
table inet4;
peer table master4;
import none;
export filter {
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe unet4_sync {
table unet4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe unet6_sync {
table unet6;
peer table master6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe ospf4_sync {
table ospf4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe ospf6_sync {
table ospf6;
peer table master6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}

18
bird/function/unet.conf Normal file
View File

@@ -0,0 +1,18 @@
function unet_is_valid_network_v4() {
return net ~ [
10.0.0.0/8+
];
}
function unet_is_valid_network_v4_allnet(){
if unet_is_valid_network_v4() then return true;
if is_self_net() then return true;
if is_dn42_self_net() then return true;
return false;
}
function unet_is_voalid_net_v6(){
if is_self_net() then return true;
if is_dn42_self_net() then return true;
return false;
}

35
bird/net/dn42.conf Normal file
View File

@@ -0,0 +1,35 @@
protocol kernel kernel_dn42v4_105 {
scan time 20;
kernel table 105;
ipv4 {
table dn42v4;
import none;
export filter {
if source = RTS_STATIC then reject;
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
if is_dn42_prefix() then {
krt_prefsrc = DN42_V4_kernel;
accept;
}
reject;
};
};
};
protocol kernel kernel_dn42v6_105 {
scan time 20;
kernel table 105;
ipv6 {
table dn42v6;
import none;
export filter {
if source = RTS_STATIC then reject;
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
if is_dn42_prefix() then {
krt_prefsrc = DN42_V6_kernel;
accept;
}
reject;
};
};
};

88
bird/net/inet.conf
View File

@@ -1,78 +1,36 @@
template bgp tpl_bgp_up { protocol kernel kernel_inet4_102 {
graceful restart; scan time 20;
local as LOCAL_ASN; kernel table 102;
ipv4 { ipv4 {
table inet4; table inet4;
import filter { import none;
if is_self_net() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
accept;
};
export filter { export filter {
if !is_self_net() then reject; if source = RTS_STATIC then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject; if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
if source != RTS_STATIC then reject; if !is_bogon_prefix() then {
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject; krt_prefsrc = LOCAL_V4_kernel;
bgp_large_community.empty;
accept; accept;
}
reject;
}; };
}; };
ipv6 { };
table inet6;
import filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
accept;
};
export filter {
if !is_self_net_v6() then reject;
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
if source != RTS_STATIC then reject;
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
bgp_large_community.empty;
accept;
};
};
}
template bgp tpl_ibgp {
graceful restart; protocol kernel kernel_inet6_102 {
local as LOCAL_ASN; scan time 20;
med metric; kernel table 102;
direct;
ipv4 {
table inet4;
next hop self;
gateway direct;
import filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter {
if is_self_net() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
};
ipv6 { ipv6 {
table inet6; table inet6;
next hop self; import none;
gateway direct;
import filter {
if is_self_net_v6() then reject;
if is_bogon_prefix() then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
accept;
};
export filter { export filter {
if is_self_net_v6() then reject; if source = RTS_STATIC then reject;
if is_bogon_prefix() then reject; if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject; if !is_bogon_prefix() then {
krt_prefsrc = LOCAL_V6_kernel;
accept; accept;
}
reject;
}; };
}; };
} };
include "/etc/bird/peers/inet/*";

20
bird/net/ospf.conf
View File

@@ -1 +1,21 @@
protocol pipe ospf4_sync {
table ospf4;
peer table unet4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
import none;
}
protocol pipe ospf6_sync {
table ospf6;
peer table unet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
import none;
}
include "/etc/bird/peers/ospf/*.conf"; include "/etc/bird/peers/ospf/*.conf";

130
bird/net/unet.conf
View File

@@ -1,79 +1,63 @@
template bgp unet_bgp_up0 { # 公网处理 => inet4/6
graceful restart; protocol pipe unet4_inet4_sync {
local as UNET_ASN;
ipv4 {
table unet4; table unet4;
import filter { peer table inet4;
if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept;
reject;
};
export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
ipv6 {
table unet6;
import filter {
if unet_is_voalid_net_v6() && !unet_is_self_net_v6() then accept;
reject;
};
export filter { if unet_is_voalid_net_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp unet_bgp_up1 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if unet_is_valid_network_v4() && !unet_is_self_net() then accept;
reject;
};
export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp unet_ibgp {
graceful restart;
local as UNET_ASN;
med metric;
direct;
ipv4 {
table unet4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject; if is_bogon_prefix() then reject;
if unet_is_self_net() then reject; bgp_path.empty;
accept; accept;
}; };
}; import none;
ipv6 {
table unet6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
};
} }
include "/etc/bird/peers/unet/*.conf"; protocol pipe unet6_inet6_sync {
table unet6;
peer table inet6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
# DN42处理 => dn42v4/6
protocol pipe unet4_dn42v4_sync {
table unet4;
peer table dn42v4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
protocol pipe unet6_dn42v6_sync {
table unet6;
peer table dn42v6;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject;
bgp_path.empty;
accept;
};
import none;
}
# 剩下的进入master (只有V4)
protocol pipe unet4_sync {
table unet4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !unet_is_valid_network_v4() then reject;
accept;
};
import none;
}

4
bird/peers/dn42/ibgp.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp ibgp_unet_hk1 from dn42_ibgp {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as DN42_ASN;
}

9
bird/peers/inet/ebgp.conf Normal file
View File

@@ -0,0 +1,9 @@
protocol bgp bgp_int_44324_v4 from tpl_inet4_up {
source address 10.188.6.1;
neighbor 10.188.6.2 as 44324;
}
protocol bgp bgp_int_44324_v6 from tpl_inet6_up {
source address fe80:1::2;
neighbor fe80:1::1%wg_40005 as 44324;
}

11
bird/peers/inet/ibgp.conf
View File

@@ -1,4 +1,9 @@
protocol bgp int_ibgp_hk1 from tpl_ibgp { protocol bgp ibgp_int_zj1_v6 from tpl_inet6_ibgp {
source address fe80:15:3376:3::2:1; source address fe80:1::2;
neighbor fe80:15:3376:3::3:1%pccw1 as LOCAL_ASN; neighbor fe80:1::1%wg_40005 as LOCAL_ASN;
}
protocol bgp ibgp_int_zj1_v4 from tpl_inet4_ibgp {
source address 10.188.1.1;
neighbor 10.188.1.2 as LOCAL_ASN;
} }

5
bird/peers/ospf/ospf_ipv4.conf
View File

@@ -1,7 +1,10 @@
protocol ospf v3 ospf_ipv4 { protocol ospf v3 ospf_ipv4 {
ipv4 { ipv4 {
table ospf4; table ospf4;
import all; import filter {
bgp_large_community.add((UNET_ASN,1,0));
accept;
};
export filter { export filter {
if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject; if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject;
accept; accept;

5
bird/peers/ospf/ospf_ipv6.conf
View File

@@ -1,7 +1,10 @@
protocol ospf v3 ospf_ipv6 { protocol ospf v3 ospf_ipv6 {
ipv6 { ipv6 {
table ospf6; table ospf6;
import all; import filter {
bgp_large_community.add((UNET_ASN,1,0));
accept;
};
export filter { export filter {
if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject; if bgp_large_community !~ [(UNET_ASN, 301,0)] then reject;
accept; accept;

9
bird/peers/unet/ebgp.conf Normal file
View File

@@ -0,0 +1,9 @@
protocol bgp bgp_unet_hk2 from unet_bgp_up0 {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as 4218818801;
}
protocol bgp bgp_unet_hk3 from unet_bgp_up1 {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as 4218818802;
}

2
bird/peers/unet/ibgp.conf
View File

@@ -1,4 +1,4 @@
protocol bgp unet_ibgp_hk1 from unet_ibgp { protocol bgp ibgp_unet_hk1 from unet_ibgp {
source address fe80:15:3376:3::2:2; source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as UNET_ASN; neighbor fe80:15:3376:3::3:2%pccw1 as UNET_ASN;
} }

78
bird/template/dn42.conf Normal file
View File

@@ -0,0 +1,78 @@
template bgp dn42_bgp_up {
graceful restart;
local as DN42_ASN;
ipv4 {
table dn42v4;
import filter {
if !is_dn42_prefix() then reject;
if is_dn42_self_net() then reject;
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !is_dn42_prefix() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(DN42_ASN, 200,0)] then reject;
accept;
};
import limit 9000 action block;
};
ipv6 {
table dn42v6;
import filter {
if !is_dn42_prefix() then reject;
if is_dn42_self_net() then reject;
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export filter {
if !is_dn42_prefix() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(DN42_ASN, 200,0)] then reject;
accept;
};
import limit 9000 action block;
};
}
template bgp dn42_ibgp {
graceful restart;
local as DN42_ASN;
med metric;
direct;
ipv4 {
table dn42v4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if is_dn42_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if is_dn42_self_net() then reject;
accept;
};
};
ipv6 {
table dn42v6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if is_dn42_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !is_dn42_prefix() then reject;
if is_dn42_self_net() then reject;
accept;
};
};
}

83
bird/template/inet.conf Normal file
View File

@@ -0,0 +1,83 @@
template bgp tpl_inet_up {
graceful restart;
local as LOCAL_ASN;
ipv4 {
table inet4;
import filter {if !function_inet4_bgp_import() then reject; accept; };
export filter {if !function_inet4_bgp_export() then reject; accept; };
};
ipv6 {
table inet6;
import filter {if !function_inet6_bgp_import() then reject; accept; };
export filter {if !function_inet6_bgp_export() then reject; accept; };
};
}
template bgp tpl_inet4_up {
graceful restart;
local as LOCAL_ASN;
ipv4 {
table inet4;
import filter {if !function_inet4_bgp_import() then reject; accept; };
export filter {if !function_inet4_bgp_export() then reject; accept; };
};
}
template bgp tpl_inet6_up {
graceful restart;
local as LOCAL_ASN;
ipv6 {
table inet6;
import filter {if !function_inet6_bgp_import() then reject; accept; };
export filter {if !function_inet6_bgp_export() then reject; accept; };
};
}
template bgp tpl_inet_ibgp {
graceful restart;
local as LOCAL_ASN;
med metric;
direct;
ipv4 {
table inet4;
next hop self;
gateway direct;
import filter {if !function_inet4_ibgp_import() then reject; accept; };
export filter {if !function_inet4_ibgp_export() then reject; accept; };
};
ipv6 {
table inet6;
next hop self;
gateway direct;
import filter {if !function_inet6_ibgp_import() then reject; accept; };
export filter {if !function_inet6_ibgp_export() then reject; accept; };
};
}
template bgp tpl_inet4_ibgp {
graceful restart;
local as LOCAL_ASN;
med metric;
direct;
ipv4 {
table inet4;
next hop self;
gateway direct;
import filter {if !function_inet4_ibgp_import() then reject; accept; };
export filter {if !function_inet4_ibgp_export() then reject; accept; };
};
}
template bgp tpl_inet6_ibgp {
graceful restart;
local as LOCAL_ASN;
med metric;
direct;
ipv6 {
table inet6;
next hop self;
gateway direct;
import filter {if !function_inet6_ibgp_import() then reject; accept; };
export filter {if !function_inet6_ibgp_export() then reject; accept; };
};
}

98
bird/template/unet.conf Normal file
View File

@@ -0,0 +1,98 @@
template bgp unet_bgp_up0 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
bgp_large_community.add((UNET_ASN,200,0));
accept;
};
export filter {
if !unet_is_valid_network_v4_allnet() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
accept;
};
import limit 9000 action block;
};
ipv6 {
table unet6;
import filter {
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
bgp_large_community.add((UNET_ASN,200,0));
accept;
};
export filter {
if !unet_is_voalid_net_v6() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
accept;
};
import limit 9000 action block;
};
}
template bgp unet_bgp_up1 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if !unet_is_valid_network_v4() then reject;
if unet_is_self_net() then reject;
bgp_large_community.add((UNET_ASN,200,0));
accept;
};
export filter {
if !unet_is_valid_network_v4() then reject;
if source !~ [RTS_STATIC, RTS_BGP] then reject;
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
accept;
};
import limit 9000 action block;
};
}
template bgp unet_ibgp {
graceful restart;
local as UNET_ASN;
med metric;
direct;
ipv4 {
table unet4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_valid_network_v4_allnet() then reject;
if unet_is_self_net() then reject;
accept;
};
};
ipv6 {
table unet6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject;
if !unet_is_voalid_net_v6() then reject;
if unet_is_self_net_v6() then reject;
accept;
};
};
}

14
bird/vars.conf
View File

@@ -1,8 +1,12 @@
define LOCAL_ASN = 153376; define LOCAL_ASN = 153376;
define LOCAL_V4_kernel = 10.188.2.3; define LOCAL_V4_kernel = 44.32.191.7;
define LOCAL_V6_kernel = 2406:840:e601:1::1; define LOCAL_V6_kernel = 2406:840:e603::1;
define UNET_ASN = 4218818804; define DN42_ASN = 4242423376;
define UNET_V4_kernel = 10.188.2.3; define DN42_V4_kernel = 172.20.21.7;
define DN42_V6_kernel = fde8:936e:ee29:3000::1;
router id 154.37.212.38; define UNET_ASN = 4218818801;
define UNET_V4_kernel = 10.188.6.2;
router id 10.188.6.2;

15
bird/whitelist/ipconfig.conf Normal file
View File

@@ -0,0 +1,15 @@
function unet_is_self_net() {
return net ~ [
10.188.6.0/23+,
10.188.5.124/30,
44.32.191.16/28,
44.32.191.7/32
];
}
function unet_is_self_net_v6() {
return net ~ [
2406:840:e603::/48{48,56},
2406:840:e60e::/56
];
}

85
ip-policy-rules Normal file
View File

@@ -0,0 +1,85 @@
#!/sbin/openrc-run
description="Custom IP Policy Route for Alpine"
depend() {
need net networking
after net-online
trigger on restart networking
}
trigger() {
case "$1" in
restart)
ebegin "Triggered by network restart, reloading IP policy rules"
restart
eend $?
;;
*)
ebegin "Unsupported trigger: $1"
eend 1
;;
esac
}
#空格来分隔不同的前缀
ALL_TUNNEL_SUBNETS="44.32.191.0/24"
BASE_PRIORITY=200
LAN_SUBNET_V4="172.20.0.0/14"
LAN_SUBNET_V6_FD="fd00::/8"
TUNNEL_SUBNET_V6="2000::/3"
add_rules() {
local current_prio=${BASE_PRIORITY}
for subnet in ${ALL_TUNNEL_SUBNETS}; do
ip rule add from ${subnet} lookup 102 priority ${current_prio} 2>/dev/null
ip rule add to ${subnet} lookup 102 priority $((current_prio + 1)) 2>/dev/null
current_prio=$((current_prio + 2))
done
ip rule add from ${LAN_SUBNET_V4} to ${LAN_SUBNET_V4} lookup 105 priority ${current_prio} 2>/dev/null
current_prio=$((current_prio + 10))
ip -6 rule add from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null
ip -6 rule add from ${LAN_SUBNET_V6_FD} to ${LAN_SUBNET_V6_FD} lookup 105 priority $((BASE_PRIORITY + 10)) 2>/dev/null
}
del_rules() {
local current_prio=${BASE_PRIORITY}
for subnet in ${ALL_TUNNEL_SUBNETS}; do
ip rule del from ${subnet} lookup 102 priority ${current_prio} 2>/dev/null
ip rule del to ${subnet} lookup 102 priority $((current_prio + 1)) 2>/dev/null
current_prio=$((current_prio + 2))
done
ip rule del from ${LAN_SUBNET_V4} to ${LAN_SUBNET_V4} lookup 105 priority ${current_prio} 2>/dev/null
current_prio=$((current_prio + 10))
ip -6 rule del from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null
ip -6 rule del from ${LAN_SUBNET_V6_FD} to ${LAN_SUBNET_V6_FD} lookup 105 priority $((BASE_PRIORITY + 10)) 2>/dev/null
}
start() {
ebegin "Loading static IP policy rules (tunnel + downstream)"
add_rules
eend $? "Failed to load IP policy rules"
}
stop() {
ebegin "Removing static IP policy rules (tunnel + downstream)"
del_rules
eend $? "Failed to remove IP policy rules"
}
restart() {
stop
sleep 1
start
}
reload() {
ebegin "Refreshing static IP policy rules"
del_rules
sleep 0.5
add_rules
eend $? "Failed to refresh IP policy rules"
}

24
readme.md Normal file
View File

@@ -0,0 +1,24 @@
# 这里是BRNET配置文件
## 目录格式
-- bird
-- bird/conf/ # 存放需要使用BGP协议宣告的静态规则库 (用户配置)
-- bird/first/ # 定义内部IP范围 (用户配置)
-- bird/function/ # 定义表、网络IP范围等
-- bird/net/ # 定义网络同步规则
-- bird/peers/ # 存放对等体的配置信息 (用户配置)
-- bird/template/ # 定义BGP模板
-- bird/bird.conf # bird核心配置
-- bird/envvars # 环境变量
-- bird/var.conf # 配置节点基本信息 (用户配置)
## BGP社区
最近我们要对BGP社区进行大改请注意相关细节的变更。
我们定义了以下BGP社区请按照规则使用<br>
1.不允许导出到内核:(ASN,3,0) 对公网和UNET均生效<br>
2.不允许传输到IBGP(ASN,1,0) 对公网和UNET均生效<br>
3.允许传输到EBGP(ASN,200,0) 对公网和UNET均生效<br>
3.允许传输到EBGP流经IX(ASN,200,1) (公网生效)<br>
4.允许导出到OSPF(UNET_ASN,301,0) 仅对UNET生效依赖UNET<br>
请注意进入我网和经过我网的路由条目都会《社区消消乐》我会把相关BGP社区全删了。

72
route-sync Normal file
View File

@@ -0,0 +1,72 @@
#!/bin/bash
set -euo pipefail
MAIN_TABLE="main"
RT_TABLES_FILE="/etc/iproute2/rt_tables"
check_root() {
if [ $EUID -ne 0 ]; then
echo "错误操作路由表需要root权限请使用sudo运行脚本"
exit 1
fi
}
get_custom_tables() {
grep -vE '^#|^$' "${RT_TABLES_FILE}" | awk '{print $1}' | \
grep -E '^[0-9]+$' | grep -v "^${MAIN_TABLE}$" | sort -n | uniq | tr '\n' ' ' | sed 's/ $//'
}
sync_ipv4_routes() {
local custom_tables="$1"
local ipv4_routes
ipv4_routes=$(ip -4 route show table "${MAIN_TABLE}" proto kernel scope link)
local ipv4_count=$(echo "${ipv4_routes}" | grep -c .)
if [ ${ipv4_count} -gt 0 ]; then
echo "${ipv4_routes}" | while read -r route; do
[ -z "${route}" ] && continue
for table in ${custom_tables}; do
ip -4 route replace ${route} table ${table} >/dev/null 2>&1
done
#echo "${route} --> ${custom_tables}"
done
echo "IPv4同步完成,共${ipv4_count}条"
else
echo "IPv4无直连路由"
fi
}
sync_ipv6_routes() {
local custom_tables="$1"
local ipv6_routes
ipv6_routes=$(ip -6 route show table "${MAIN_TABLE}" proto kernel metric 256)
local ipv6_count=$(echo "${ipv6_routes}" | grep -c .)
if [ ${ipv6_count} -gt 0 ]; then
echo "${ipv6_routes}" | while read -r route; do
[ -z "${route}" ] && continue
for table in ${custom_tables}; do
ip -6 route replace ${route} table ${table} >/dev/null 2>&1
done
#echo "${route} --> ${custom_tables}"
done
echo "IPv6同步完成,共${ipv6_count}条"
else
echo "IPv6无直连路由可同步"
fi
}
main() {
check_root
local CUSTOM_TABLES=$(get_custom_tables)
if [ -z "${CUSTOM_TABLES}" ]; then
echo "提示:${RT_TABLES_FILE}中无自定义路由表已排除254主表退出执行"
exit 0
fi
echo "获取到路由表:${CUSTOM_TABLES}"
sync_ipv4_routes "${CUSTOM_TABLES}"
sync_ipv6_routes "${CUSTOM_TABLES}"
echo "所有路由同步完成!"
}
main

30
update.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
cd
git clone https://git.nia.ink/brnet/bird_config.git
rm /etc/bird/filter -rf
mv ./bird_config/bird/filter /etc/bird/filter
rm /etc/bird/function -rf
mv ./bird_config/bird/function /etc/bird/function
rm /etc/bird/template -rf
mv ./bird_config/bird/template /etc/bird/template
mv /etc/bird/whitelist/ipconfig.conf /etc/bird/whitelist/ipconfig.conf.bak
rm /etc/bird/whitelist/*.conf -rf
mv /etc/bird/whitelist/ipconfig.conf.bak /etc/bird/whitelist/ipconfig.conf
wget https://noc.zhuantou.com.cn/api/network.php?s=inet6-bird-function -O /etc/bird/whitelist/mynet_ipv6.conf
wget https://noc.zhuantou.com.cn/api/network.php?s=inet4-bird-function -O /etc/bird/whitelist/mynet_ipv4.conf
wget https://noc.zhuantou.com.cn/api/network.php?s=dn42-bird-function -O /etc/bird/whitelist/mynet_dn42.conf
chmod -R 755 /etc/bird
birdc c
cd
rm -rf bird_config
cd
rm update.sh