brnet/dn42_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
daxi20
2025-11-03 15:49:32 +08:00
commit ef49aadf0c
10 changed files with 271 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
bird/bird.conf Normal file
View File

@@ -0,0 +1,42 @@
include "/etc/bird/vars.conf";
include "/etc/bird/conf/*.conf";
protocol device {
scan time 10;
}
protocol kernel {
scan time 20;
ipv6 {
import none;
export filter {
if source = RTS_STATIC then reject;
if dn42_is_valid_network_v6() then {
krt_prefsrc = DN42_V6_kernel;
accept;
}
reject;
};
};
};
protocol kernel {
scan time 20;
ipv4 {
import none;
export filter {
if source = RTS_STATIC then reject;
if dn42_is_valid_network() then {
krt_prefsrc = DN42_V4_kernel;
accept;
}
if unet_is_valid_network_v4() then {
krt_prefsrc = UNET_V4_kernel;
accept;
}
reject;
};
};
};
include "/etc/bird/net/*.conf";

74
bird/conf/dn42.conf Normal file
View File

@@ -0,0 +1,74 @@
ipv4 table dn42v4;
ipv6 table dn42v6;
function dn42_is_valid_network() {
return net ~ [
172.20.0.0/14+
];
}
function dn42_is_valid_network_v6() {
return net ~ [
fd00::/8+
];
}
protocol pipe dn42v4_sync {
table dn42v4;
peer table master4;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
protocol pipe dn42v6_sync {
table dn42v6;
peer table master6;
export filter {
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
accept;
};
}
function dn42_is_self_net() {
return net ~ [
172.20.21.0/26+
];
}
protocol static route_dn42_export_v4 {
route 172.20.21.0/26 reject;
ipv4 {
table dn42v4;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}
function dn42_is_self_net_v6() {
return net ~ [
fde8:936e:ee29::/48+
];
}
protocol static route_dn42_export_v6 {
route fde8:936e:ee29::/48 reject;
ipv6 {
table dn42v6;
import filter {
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

43
bird/conf/unet.conf Normal file
View File

@@ -0,0 +1,43 @@
ipv4 table unet4;
function unet_is_valid_network_v4() {
return net ~ [
10.50.0.0/16+,
10.88.0.0/16+,
10.21.0.0/16+,
10.188.0.0/16+,
172.20.0.0/14+
];
}
protocol pipe unet4_sync {
table unet4;
peer table master4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
accept;
};
}
function unet_is_self_net() {
return net ~ [
10.188.18.8/29,
172.20.0.0/14
];
}
protocol static route_unet_export_v4 {
route 10.188.18.8/29 reject;
route 172.20.0.0/14 reject;
ipv4 {
table unet4;
import filter {
bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核
bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
accept;
};
export none;
};
}

3
bird/envvars Normal file
View File

@@ -0,0 +1,3 @@
BIRD_RUN_USER=bird
BIRD_RUN_GROUP=bird
#BIRD_ARGS=

65
bird/net/dn42.conf Normal file
View File

@@ -0,0 +1,65 @@
template bgp dn42_bgp_up {
graceful restart;
local as DN42_ASN;
ipv4 {
table dn42v4;
import filter {
if dn42_is_valid_network() && !dn42_is_self_net() then accept;
reject;
};
export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
ipv6 {
table dn42v6;
import filter {
if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
reject;
};
export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
template bgp dn42_ibgp {
graceful restart;
local as DN42_ASN;
med metric;
direct;
ipv4 {
table dn42v4;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network() then reject;
if dn42_is_self_net() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network() then reject;
if dn42_is_self_net() then reject;
accept;
};
};
ipv6 {
table dn42v6;
next hop self;
gateway direct;
import filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network_v6() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
export filter {
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
if !dn42_is_valid_network_v6() then reject;
if dn42_is_self_net_v6() then reject;
accept;
};
};
}
include "/etc/bird/peers/dn42/*.conf";

15
bird/net/unet.conf Normal file
View File

@@ -0,0 +1,15 @@
template bgp unet_bgp_up2 {
graceful restart;
local as UNET_ASN;
ipv4 {
table unet4;
import filter {
if unet_is_valid_network_v4() && !unet_is_self_net() then accept;
reject;
};
export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 9000 action block;
};
}
include "/etc/bird/peers/unet/*.conf";

4
bird/peers/dn42/bgp_potat0.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp int_bgp_Potat0 from dn42_bgp_up {
source address fe80:1::2;
neighbor fe80:1::1%wg_40005 as 42xxxxxxxxx;
}

4
bird/peers/unet/bgp_hk.conf Normal file
View File

@@ -0,0 +1,4 @@
protocol bgp unet_bgp_hk from unet_bgp_up2 {
source address fe80:15:3376:3::2:2;
neighbor fe80:15:3376:3::3:2%pccw1 as 421xxxxxxx;
}

8
bird/vars.conf Normal file
View File

@@ -0,0 +1,8 @@
define DN42_ASN = 4242423376;
define DN42_V4_kernel = 172.20.21.1;
define DN42_V6_kernel = fde8:936e:ee29::1;
define UNET_ASN = 4218818842;
define UNET_V4_kernel = 10.188.18.9;
router id 10.188.18.9;

13
readme.md Normal file
View File

@@ -0,0 +1,13 @@
# DN42_CONFIG
与brnet/bird_config不同这个项目设置的目的是存储DN42网络的配置项。并使用特殊的内部ASN将172.20.0.0/14灌入UNET内部网络。
## 快速应用
cd
git clone https://git.nia.ink/brnet/dn42_config.git
rm -rf /etc/bird
mv dn42_config/bird /etc/
## 注意
请务必修改下在输入birdc c