From dd23abe2331977fe278be81ab8ec07133f5c3401 Mon Sep 17 00:00:00 2001 From: daxi20 Date: Mon, 13 Oct 2025 01:25:42 +0800 Subject: [PATCH 1/3] gongxinjiaoben --- update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index c0f2abb..b933f54 100644 --- a/update.sh +++ b/update.sh @@ -15,8 +15,8 @@ git clone https://git.nia.ink/brnet/bird_config.git rm /etc/bird/bird.conf rm /etc/bird/function/tables.conf -mv bird_config/bird.conf /etc/bird/bird.conf -mv bird_config/function/tables.conf /etc/bird/function/tables.conf +mv bird_config/bird/bird.conf /etc/bird/bird.conf +mv bird_config/bird/function/tables.conf /etc/bird/function/tables.conf rm -rf bird_config birdc c \ No newline at end of file -- 2.49.1 From 048b2567bfaab2a734e3751d36a1a0687ed3cf62 Mon Sep 17 00:00:00 2001 From: daxi20 Date: Mon, 13 Oct 2025 02:39:09 +0800 Subject: [PATCH 2/3] =?UTF-8?q?Revert=20"=E5=AF=B9=E7=9B=B8=E5=85=B3?= =?UTF-8?q?=E7=9A=84=E9=85=8D=E7=BD=AE=E8=BF=9B=E8=A1=8C=E4=BF=AE=E6=95=B4?= =?UTF-8?q?=EF=BC=9B"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 1660565696b0ccc40e8cad36a72c1a855225bd83. --- bird/bird.conf | 13 +++++- bird/conf/mynet.conf | 45 ++++++++++++++++++- bird/function/network.conf | 32 ++++++++++--- bird/function/tables.conf | 24 +++++++++- bird/net/dn42.conf | 69 +++++++++++++++++++++++++++++ bird/net/unet.conf | 24 +++------- bird/peers/dn42/ibgp.conf | 4 ++ bird/peers/inet/bgp_zxix.conf | 8 ++++ bird/peers/inet/bgpexchange_jp.conf | 4 ++ bird/vars.conf | 4 ++ update.sh | 11 ----- 11 files changed, 199 insertions(+), 39 deletions(-) create mode 100644 bird/net/dn42.conf create mode 100644 bird/peers/dn42/ibgp.conf create mode 100644 bird/peers/inet/bgp_zxix.conf create mode 100644 bird/peers/inet/bgpexchange_jp.conf diff --git a/bird/bird.conf b/bird/bird.conf index 1df7f8e..5ebd2b6 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -12,6 +12,10 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; + if dn42_is_valid_network_v6() then { + krt_prefsrc = DN42_V6_kernel; + accept; + } if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V6_kernel; accept; @@ -27,10 +31,11 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; - if unet_is_valid_network_v4() then { + if unet_is_valid_network_v4_unet() then { krt_prefsrc = UNET_V4_kernel; accept; } +<<<<<<< HEAD reject; }; }; @@ -45,6 +50,12 @@ protocol kernel { import none; export filter { if source = RTS_STATIC then reject; +======= + if dn42_is_valid_network() then { + krt_prefsrc = DN42_V4_kernel; + accept; + } +>>>>>>> parent of 1660565 (对相关的配置进行修整;) if !is_bogon_prefix() then { if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; krt_prefsrc = LOCAL_V4_kernel; diff --git a/bird/conf/mynet.conf b/bird/conf/mynet.conf index 4c9f064..a115890 100644 --- a/bird/conf/mynet.conf +++ b/bird/conf/mynet.conf @@ -45,6 +45,46 @@ protocol static route_int_export_v6 { } +function dn42_is_self_net() { + return net ~ [ + 172.20.21.0/26+ + ]; +} + +protocol static route_dn42_export_v4 { + route 172.20.21.0/26 reject; + ipv4 { + table dn42v4; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} + +function dn42_is_self_net_v6() { + return net ~ [ + fde8:936e:ee29::/48+ + ]; +} + +protocol static route_dn42_export_v6 { + route fde8:936e:ee29::/48 reject; + ipv6 { + table dn42v6; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} + function unet_is_self_net() { return net ~ [ 10.188.2.0/23+, @@ -56,6 +96,7 @@ function unet_is_self_net() { protocol static route_unet_export_v4 { route 10.188.2.0/23 reject; route 10.188.11.0/24 reject; + route 172.20.21.0/29 reject; ipv4 { table unet4; import filter { @@ -71,12 +112,14 @@ protocol static route_unet_export_v4 { function unet_is_self_net_v6() { return net ~ [ - 2406:840:e601::/48{48,56} + 2406:840:e601::/48{48,56}, + fde8:936e:ee29:1000::/56 ]; } protocol static route_unet_export_v6 { route 2406:840:e601::/48 reject; + route fde8:936e:ee29:1000::/56 reject; ipv6 { table unet6; import filter { diff --git a/bird/function/network.conf b/bird/function/network.conf index 7a6cd55..5b3d9a3 100644 --- a/bird/function/network.conf +++ b/bird/function/network.conf @@ -1,7 +1,21 @@ -function unet_is_valid_network_v4() { +function dn42_is_valid_network() { + return net ~ [ + 172.20.0.0/14+, + 10.100.0.0/14+, + 172.31.0.0/16+, + 10.127.0.0/16+ + ]; +} + +function dn42_is_valid_network_v6() { + return net ~ [ + fd00::/8{32,64} + ]; +} + +function unet_is_valid_network_v4_unet() { return net ~ [ 10.50.0.0/16+, - 10.88.0.0/16+, 10.21.0.0/16+, 10.188.0.0/16+ ]; @@ -14,15 +28,21 @@ function unet_is_valid_network_v4_anynet() { ]; } -function unet_is_valid_network_v4_allnet(){ - if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4() then return false; +function unet_is_voalid_net_v4(){ + if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4_unet() then return false; return true; } -function unet_is_voalid_net_v6(){ +function unet_is_voalid_net_v6_anynet(){ return net ~ [ 2406:840:e600::/44{44,56}, - 2a14:7580:9600::/40{40,56} + 2a14:7580:9600::/40{45,56}, + fde8:936e:ee29::/48{48,56} ]; +} + +function unet_is_voalid_net_v6(){ + if !unet_is_voalid_net_v6_anynet() then return false; + return true; } \ No newline at end of file diff --git a/bird/function/tables.conf b/bird/function/tables.conf index f95a190..a7757c9 100644 --- a/bird/function/tables.conf +++ b/bird/function/tables.conf @@ -2,6 +2,8 @@ ipv4 table inet4; ipv6 table inet6; ipv4 table unet4; ipv6 table unet6; +ipv4 table dn42v4; +ipv6 table dn42v6; ipv4 table ospf4; ipv6 table ospf6; @@ -25,6 +27,26 @@ protocol pipe inet6_sync { # }; #} +protocol pipe dn42v4_sync { + table dn42v4; + peer table master4; + import none; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} + +protocol pipe dn42v6_sync { + table dn42v6; + peer table master6; + import none; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} + protocol pipe unet4_sync { table unet4; peer table master4; @@ -42,7 +64,7 @@ protocol pipe unet6_sync { }; } -protocol pipe ospf4_sync { +protocol pipe pipe_ospf4_sync { table ospf4; peer table master4; export filter { diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf new file mode 100644 index 0000000..032e301 --- /dev/null +++ b/bird/net/dn42.conf @@ -0,0 +1,69 @@ +template bgp dn42_peers { + local as DN42_ASN; + path metric 1; + + ipv4 { + table dn42v4; + import filter { + if dn42_is_valid_network() && !dn42_is_self_net() then accept; + reject; + }; + + export filter { + if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; + }; + import limit 9000 action block; + }; + ipv6 { + table dn42v6; + import filter { + if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept; + reject; + }; + export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; +} + + +template bgp dn42_ibgp { + graceful restart; + local as DN42_ASN; + med metric; + direct; + ipv4 { + table dn42v4; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + }; + ipv6 { + table dn42v6; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + }; +} +include "/etc/bird/peers/dn42/*.conf"; \ No newline at end of file diff --git a/bird/net/unet.conf b/bird/net/unet.conf index 231883e..6de5bde 100644 --- a/bird/net/unet.conf +++ b/bird/net/unet.conf @@ -1,13 +1,13 @@ -template bgp unet_bgp_up0 { +template bgp unet_bgp_up { graceful restart; local as UNET_ASN; ipv4 { table unet4; import filter { - if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept; + if unet_is_voalid_net_v4() && !unet_is_self_net() then accept; reject; }; - export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + export filter { if unet_is_voalid_net_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 9000 action block; }; ipv6 { @@ -21,20 +21,6 @@ template bgp unet_bgp_up0 { }; } -template bgp unet_bgp_up1 { - graceful restart; - local as UNET_ASN; - ipv4 { - table unet4; - import filter { - if unet_is_valid_network_v4() && !unet_is_self_net() then accept; - reject; - }; - export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; - import limit 9000 action block; - }; -} - template bgp unet_ibgp { graceful restart; local as UNET_ASN; @@ -46,13 +32,13 @@ template bgp unet_ibgp { gateway direct; import filter { if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; + if !unet_is_voalid_net_v4() then reject; if unet_is_self_net() then reject; accept; }; export filter { if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; + if !unet_is_voalid_net_v4() then reject; if unet_is_self_net() then reject; accept; }; diff --git a/bird/peers/dn42/ibgp.conf b/bird/peers/dn42/ibgp.conf new file mode 100644 index 0000000..5d009ff --- /dev/null +++ b/bird/peers/dn42/ibgp.conf @@ -0,0 +1,4 @@ +protocol bgp dn42_ibgp_hk1 from dn42_ibgp { + source address 172.20.21.6; + neighbor 172.20.21.4 as DN42_ASN; +} \ No newline at end of file diff --git a/bird/peers/inet/bgp_zxix.conf b/bird/peers/inet/bgp_zxix.conf new file mode 100644 index 0000000..b48bb26 --- /dev/null +++ b/bird/peers/inet/bgp_zxix.conf @@ -0,0 +1,8 @@ +protocol bgp int_bgp_zxix_rs1 from tpl_bgp_up { + neighbor 2406:840:1f:1000::1 as 140961; +} + +protocol bgp int_bgp_zxix_140915_v6 from tpl_bgp_up { + source address 2406:840:1f:1000:0:15:3376:1; + neighbor 2406:840:1f:1000:0:14:915:2 as 140915; +} \ No newline at end of file diff --git a/bird/peers/inet/bgpexchange_jp.conf b/bird/peers/inet/bgpexchange_jp.conf new file mode 100644 index 0000000..57dc755 --- /dev/null +++ b/bird/peers/inet/bgpexchange_jp.conf @@ -0,0 +1,4 @@ +protocol bgp int_bgp_exchange_jp1 from tpl_bgp_up { + source address 2a0e:8f01:1000:9::10b; + neighbor 2a0e:8f01:1000:9::1 as 24381; +} \ No newline at end of file diff --git a/bird/vars.conf b/bird/vars.conf index 9d4c024..c9872f4 100644 --- a/bird/vars.conf +++ b/bird/vars.conf @@ -2,6 +2,10 @@ define LOCAL_ASN = 153376; define LOCAL_V4_kernel = 10.188.2.3; define LOCAL_V6_kernel = 2406:840:e601:1::1; +define DN42_ASN = 4242423376; +define DN42_V4_kernel = 172.20.21.6; +define DN42_V6_kernel = fde8:936e:ee29:1000::3; + define UNET_ASN = 4218818804; define UNET_V4_kernel = 10.188.2.3; diff --git a/update.sh b/update.sh index b933f54..8a5615e 100644 --- a/update.sh +++ b/update.sh @@ -1,16 +1,5 @@ #!/bin/bash -TABLE_NAME="ipv4_pub" -TABLE_ID=102 -RT_TABLES="/etc/iproute2/rt_tables" - -if ! grep -q "^${TABLE_ID}[[:space:]]\+${TABLE_NAME}" "$RT_TABLES"; then - echo "添加路由表 $TABLE_NAME(编号$TABLE_ID)..." - echo "${TABLE_ID} ${TABLE_NAME}" >> "$RT_TABLES" -else - echo "路由表 $TABLE_NAME 已存在,无需创建" -fi - git clone https://git.nia.ink/brnet/bird_config.git rm /etc/bird/bird.conf rm /etc/bird/function/tables.conf -- 2.49.1 From 8ac68591caa2ba4d3370b4d526bb6b8d7695af7b Mon Sep 17 00:00:00 2001 From: daxi20 Date: Mon, 13 Oct 2025 02:40:32 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E5=9B=9E=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bird/bird.conf | 17 ----------------- bird/function/tables.conf | 18 +++++++++--------- 2 files changed, 9 insertions(+), 26 deletions(-) diff --git a/bird/bird.conf b/bird/bird.conf index 5ebd2b6..8c98ec6 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -35,27 +35,10 @@ protocol kernel { krt_prefsrc = UNET_V4_kernel; accept; } -<<<<<<< HEAD - reject; - }; - }; -}; - -# echo "102 ipv4_pub" >> /etc/iproute2/rt_tables -protocol kernel { - scan time 20; - kernel table 102; - ipv4 { - table inet4; - import none; - export filter { - if source = RTS_STATIC then reject; -======= if dn42_is_valid_network() then { krt_prefsrc = DN42_V4_kernel; accept; } ->>>>>>> parent of 1660565 (对相关的配置进行修整;) if !is_bogon_prefix() then { if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; krt_prefsrc = LOCAL_V4_kernel; diff --git a/bird/function/tables.conf b/bird/function/tables.conf index a7757c9..35547eb 100644 --- a/bird/function/tables.conf +++ b/bird/function/tables.conf @@ -17,15 +17,15 @@ protocol pipe inet6_sync { }; } -#protocol pipe inet4_sync { -# table inet4; -# peer table master4; -# import none; -# export filter { -# if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; -# accept; -# }; -#} +protocol pipe inet4_sync { + table inet4; + peer table master4; + import none; + export filter { + if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; + accept; + }; +} protocol pipe dn42v4_sync { table dn42v4; -- 2.49.1