commit ef49aadf0cf5cbfbf3f13616d1811610913b0450 Author: daxi20 Date: Mon Nov 3 15:49:32 2025 +0800 First commit diff --git a/bird/bird.conf b/bird/bird.conf new file mode 100644 index 0000000..0afa8d8 --- /dev/null +++ b/bird/bird.conf @@ -0,0 +1,42 @@ +include "/etc/bird/vars.conf"; +include "/etc/bird/conf/*.conf"; + +protocol device { + scan time 10; +} + +protocol kernel { + scan time 20; + ipv6 { + import none; + export filter { + if source = RTS_STATIC then reject; + if dn42_is_valid_network_v6() then { + krt_prefsrc = DN42_V6_kernel; + accept; + } + reject; + }; + }; +}; + +protocol kernel { + scan time 20; + ipv4 { + import none; + export filter { + if source = RTS_STATIC then reject; + if dn42_is_valid_network() then { + krt_prefsrc = DN42_V4_kernel; + accept; + } + if unet_is_valid_network_v4() then { + krt_prefsrc = UNET_V4_kernel; + accept; + } + reject; + }; + }; +}; + +include "/etc/bird/net/*.conf"; \ No newline at end of file diff --git a/bird/conf/dn42.conf b/bird/conf/dn42.conf new file mode 100644 index 0000000..74f228a --- /dev/null +++ b/bird/conf/dn42.conf @@ -0,0 +1,74 @@ +ipv4 table dn42v4; +ipv6 table dn42v6; + +function dn42_is_valid_network() { + return net ~ [ + 172.20.0.0/14+ + ]; +} + +function dn42_is_valid_network_v6() { + return net ~ [ + fd00::/8+ + ]; +} + +protocol pipe dn42v4_sync { + table dn42v4; + peer table master4; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} + +protocol pipe dn42v6_sync { + table dn42v6; + peer table master6; + export filter { + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + accept; + }; +} + +function dn42_is_self_net() { + return net ~ [ + 172.20.21.0/26+ + ]; +} + +protocol static route_dn42_export_v4 { + route 172.20.21.0/26 reject; + + ipv4 { + table dn42v4; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} + + +function dn42_is_self_net_v6() { + return net ~ [ + fde8:936e:ee29::/48+ + ]; +} + +protocol static route_dn42_export_v6 { + route fde8:936e:ee29::/48 reject; + ipv6 { + table dn42v6; + import filter { + bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} \ No newline at end of file diff --git a/bird/conf/unet.conf b/bird/conf/unet.conf new file mode 100644 index 0000000..7560802 --- /dev/null +++ b/bird/conf/unet.conf @@ -0,0 +1,43 @@ +ipv4 table unet4; + +function unet_is_valid_network_v4() { + return net ~ [ + 10.50.0.0/16+, + 10.88.0.0/16+, + 10.21.0.0/16+, + 10.188.0.0/16+, + 172.20.0.0/14+ + ]; +} + +protocol pipe unet4_sync { + table unet4; + peer table master4; + export filter { + if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; + accept; + }; +} + +function unet_is_self_net() { + return net ~ [ + 10.188.18.8/29, + 172.20.0.0/14 + ]; +} + +protocol static route_unet_export_v4 { + route 10.188.18.8/29 reject; + route 172.20.0.0/14 reject; + + ipv4 { + table unet4; + import filter { + bgp_large_community.add((UNET_ASN,3,0));# 不允许导出到内核 + bgp_large_community.add((UNET_ASN,1,0));# 不允许传输到ibgp + bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp + accept; + }; + export none; + }; +} \ No newline at end of file diff --git a/bird/envvars b/bird/envvars new file mode 100644 index 0000000..9ca9baa --- /dev/null +++ b/bird/envvars @@ -0,0 +1,3 @@ +BIRD_RUN_USER=bird +BIRD_RUN_GROUP=bird +#BIRD_ARGS= diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf new file mode 100644 index 0000000..4cb00a8 --- /dev/null +++ b/bird/net/dn42.conf @@ -0,0 +1,65 @@ +template bgp dn42_bgp_up { + graceful restart; + local as DN42_ASN; + ipv4 { + table dn42v4; + import filter { + if dn42_is_valid_network() && !dn42_is_self_net() then accept; + reject; + }; + export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; + ipv6 { + table dn42v6; + import filter { + if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept; + reject; + }; + export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; +} + +template bgp dn42_ibgp { + graceful restart; + local as DN42_ASN; + med metric; + direct; + ipv4 { + table dn42v4; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network() then reject; + if dn42_is_self_net() then reject; + accept; + }; + }; + ipv6 { + table dn42v6; + next hop self; + gateway direct; + import filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + export filter { + if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject; + if !dn42_is_valid_network_v6() then reject; + if dn42_is_self_net_v6() then reject; + accept; + }; + }; +} + +include "/etc/bird/peers/dn42/*.conf"; \ No newline at end of file diff --git a/bird/net/unet.conf b/bird/net/unet.conf new file mode 100644 index 0000000..07a9daf --- /dev/null +++ b/bird/net/unet.conf @@ -0,0 +1,15 @@ +template bgp unet_bgp_up2 { + graceful restart; + local as UNET_ASN; + ipv4 { + table unet4; + import filter { + if unet_is_valid_network_v4() && !unet_is_self_net() then accept; + reject; + }; + export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; + import limit 9000 action block; + }; +} + +include "/etc/bird/peers/unet/*.conf"; \ No newline at end of file diff --git a/bird/peers/dn42/bgp_potat0.conf b/bird/peers/dn42/bgp_potat0.conf new file mode 100644 index 0000000..362e674 --- /dev/null +++ b/bird/peers/dn42/bgp_potat0.conf @@ -0,0 +1,4 @@ +protocol bgp int_bgp_Potat0 from dn42_bgp_up { + source address fe80:1::2; + neighbor fe80:1::1%wg_40005 as 42xxxxxxxxx; +} \ No newline at end of file diff --git a/bird/peers/unet/bgp_hk.conf b/bird/peers/unet/bgp_hk.conf new file mode 100644 index 0000000..1c9e689 --- /dev/null +++ b/bird/peers/unet/bgp_hk.conf @@ -0,0 +1,4 @@ +protocol bgp unet_bgp_hk from unet_bgp_up2 { + source address fe80:15:3376:3::2:2; + neighbor fe80:15:3376:3::3:2%pccw1 as 421xxxxxxx; +} \ No newline at end of file diff --git a/bird/vars.conf b/bird/vars.conf new file mode 100644 index 0000000..1a786e1 --- /dev/null +++ b/bird/vars.conf @@ -0,0 +1,8 @@ +define DN42_ASN = 4242423376; +define DN42_V4_kernel = 172.20.21.1; +define DN42_V6_kernel = fde8:936e:ee29::1; + +define UNET_ASN = 4218818842; +define UNET_V4_kernel = 10.188.18.9; + +router id 10.188.18.9; diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..fd63540 --- /dev/null +++ b/readme.md @@ -0,0 +1,13 @@ +# DN42_CONFIG + +与brnet/bird_config不同,这个项目设置的目的是存储DN42网络的配置项。并使用特殊的内部ASN将172.20.0.0/14灌入UNET内部网络。 + +## 快速应用 + + cd + git clone https://git.nia.ink/brnet/dn42_config.git + rm -rf /etc/bird + mv dn42_config/bird /etc/ + +## 注意 +请务必修改下在输入birdc c \ No newline at end of file