Created
February 23, 2022 17:58
-
-
Save jae1911/7daa785ec6d4ea44e6e2e87b559c0f75 to your computer and use it in GitHub Desktop.
Bird configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log syslog all; | |
| router id 193.148.249.118; | |
| protocol device { | |
| # Time between scans of connected devices | |
| scan time 10; | |
| } | |
| roa4 table roa_v4; | |
| roa6 table roa_v6; | |
| protocol rpki routinator1 { | |
| roa4 { table roa_v4; }; | |
| roa6 { table roa_v6; }; | |
| # remote "127.0.0.1" port 8282; | |
| remote "127.0.0.1" port 3323; | |
| retry keep 90; | |
| refresh keep 900; | |
| expire keep 172800; | |
| } | |
| ### BOGON | |
| define bogonAS = | |
| [ | |
| 0, | |
| 23456, | |
| 64496..64511, | |
| 64512..65534, | |
| 65535, | |
| 65536..65551, | |
| 65552..131071, | |
| 4200000000..4294967294, | |
| 4294967295 | |
| ]; | |
| ### Martians | |
| define martiansv6 = | |
| [ | |
| 2001:db8::/32+, | |
| 2001::/33+, | |
| 2002::/17+, | |
| 0000::/8+, | |
| fe00::/8+, | |
| ::/128-, | |
| ::/0{0,11}, | |
| ::/0{64,128}, | |
| # IXP ranges | |
| 2001:7f8:f2:e1::/64, | |
| 2602:fed2:fff:ffff::/64, | |
| 2001:7f8:33::/48 | |
| ]; | |
| ### MY PREFIXES | |
| define MY_PFX = [ | |
| 2a0e:8f02:f01f::/48, | |
| 2001:67c:2724::/48, | |
| 2a12:4946:9900::/40 | |
| ]; | |
| define MY_v4 = [ | |
| 89.46.97.0/24 | |
| ]; | |
| protocol direct { | |
| ipv6 { | |
| import all; | |
| }; | |
| ipv4 { | |
| import all; | |
| }; | |
| interface "dummy*"; | |
| } | |
| protocol kernel { | |
| ipv6 { | |
| import none; | |
| # export all; | |
| export filter { | |
| krt_prefsrc = 2001:67c:2724:ff00::; | |
| accept; | |
| }; | |
| }; | |
| scan time 20; | |
| learn; | |
| persist; | |
| # Merge paths if there's multiple with the same route | |
| merge paths; | |
| } | |
| protocol kernel { | |
| ipv4 { | |
| import none; | |
| export all; | |
| #export filter { | |
| # #krt_perfsrc = 89.46.97.0; | |
| # accept; | |
| #}; | |
| }; | |
| scan time 20; | |
| learn; | |
| persist; | |
| # Merge paths if there's multiple with the same route | |
| merge paths; | |
| } | |
| # Static route feed | |
| protocol static { | |
| ipv6 { | |
| import all; | |
| }; | |
| route 2a0e:8f02:f01f::/48 reject; | |
| route 2001:67c:2724::/48 reject; | |
| route 2a12:4946:9900::/40 reject; | |
| # Loopback | |
| route 2001:67c:2724:ff00::/64 via "lo"; | |
| route 2a12:4946:9900:ff00::/64 via "lo"; | |
| } | |
| protocol static { | |
| ipv4 { | |
| import all; | |
| }; | |
| route 89.46.97.0/24 reject; | |
| route 89.46.97.0/32 via "lo"; | |
| } | |
| # EvIX template | |
| template bgp evix_clients { | |
| local 2602:fed2:fff:ffff:6::6f as 211696; | |
| interface "ens21"; | |
| hold time 240; | |
| graceful restart on; | |
| ipv4 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net ~ MY_v4 then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net ~ MY_v4 then accept; | |
| reject; | |
| }; | |
| }; | |
| ipv6 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net.len < 49 && net ~ MY_PFX then accept; | |
| reject; | |
| }; | |
| }; | |
| } | |
| # LocIX templace | |
| template bgp locix_clients { | |
| local 2001:7f8:f2:e1::21:1696:1 as 211696; | |
| interface "ens20"; | |
| hold time 240; | |
| graceful restart on; | |
| ipv4 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net ~ MY_v4 then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net ~ MY_v4 then accept; | |
| reject; | |
| }; | |
| }; | |
| ipv6 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net.len < 49 && net ~ MY_PFX then accept; | |
| reject; | |
| }; | |
| }; | |
| } | |
| # KleyReX templace | |
| template bgp kleyrex_clients { | |
| local 2001:7f8:33::a121:1696:1 as 211696; | |
| interface "ens19"; | |
| hold time 240; | |
| graceful restart on; | |
| ipv4 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net ~ MY_v4 then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net ~ MY_v4 then accept; | |
| reject; | |
| }; | |
| }; | |
| ipv6 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net.len < 49 && net ~ MY_PFX then accept; | |
| reject; | |
| }; | |
| }; | |
| } | |
| # Routes | |
| ## EvIX | |
| protocol bgp evix from evix_clients { | |
| description "EvIX"; | |
| neighbor 2602:fed2:fff:ffff::1 as 137933; | |
| } | |
| protocol bgp evixbak from evix_clients { | |
| description "EvIX backup"; | |
| neighbor 2602:fed2:fff:ffff::253 as 209762; | |
| } | |
| protocol bgp volffy from evix_clients { | |
| description "wolffy peering"; | |
| neighbor 2602:fed2:fff:ffff:6::70 as 211688; | |
| } | |
| ## LocIX | |
| protocol bgp locixrt from locix_clients { | |
| description "LocIX backup"; | |
| neighbor 2001:7f8:f2:e1::babe:1 as 202409; | |
| } | |
| protocol bgp locixrt2 from locix_clients { | |
| description "LocIX backup"; | |
| neighbor 2001:7f8:f2:e1::dead:1 as 202409; | |
| } | |
| protocol bgp locixrt3 from locix_clients { | |
| description "LocIX backup"; | |
| neighbor 2001:7f8:f2:e1::be5a as 202409; | |
| } | |
| protocol bgp openfactory from locix_clients { | |
| description "openfactory"; | |
| neighbor 2001:7f8:f2:e1::4:1051:1 as 41051; | |
| ipv4 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net ~ MY_v4 then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net ~ MY_v4 then accept; | |
| reject; | |
| }; | |
| }; | |
| ipv6 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| bgp_path.prepend(211696); | |
| include "communities.conf"; | |
| if net.len < 49 && net ~ MY_PFX then accept; | |
| reject; | |
| }; | |
| }; | |
| } | |
| protocol bgp tyrasuki from locix_clients { | |
| description "tyrasuki"; | |
| neighbor 2001:7f8:f2:e1:0:21:2123:1 as 212123; | |
| ipv4 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net ~ MY_v4 then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net ~ MY_v4 then accept; | |
| reject; | |
| }; | |
| }; | |
| ipv6 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net.len < 49 && net ~ MY_PFX then accept; | |
| reject; | |
| }; | |
| }; | |
| } | |
| protocol bgp hurricane from locix_clients { | |
| description "hurricane"; | |
| neighbor 2001:7f8:f2:e1::6939:1 as 6939; | |
| } | |
| protocol bgp loc_wolffy from locix_clients { | |
| description "Wolffy on LocIX"; | |
| neighbor 2001:7f8:f2:e1:0:21:1688:1 as 211688; | |
| } | |
| protocol bgp loc_mike_marchal from locix_clients { | |
| description "Mike Marchal"; | |
| neighbor 2001:7f8:f2:e1:0:21:1398:2 as 211398; | |
| } | |
| ### KleyReX | |
| protocol bgp kleyrex from kleyrex_clients { | |
| description "rs1"; | |
| neighbor 2001:7f8:33::a103:1142:1 as 31142; | |
| } | |
| protocol bgp kleyrexrs2 from kleyrex_clients { | |
| description "rs2"; | |
| neighbor 2001:7f8:33::a103:1142:2 as 31142; | |
| } | |
| protocol bgp kleyrexrs3 from kleyrex_clients { | |
| description "rs2"; | |
| neighbor 2001:7f8:33::a103:1142:3 as 31142; | |
| } | |
| protocol bgp hurricanekley from kleyrex_clients { | |
| description "Hurricane Electrics KX"; | |
| neighbor 2001:7f8:33::a100:6939:1 as 6939; | |
| } | |
| ### special ifog direct | |
| protocol bgp ifog { | |
| description "ifog"; | |
| hold time 240; | |
| direct; | |
| local 2a0c:9a40:1::621 as 211696; | |
| neighbor 2a0c:9a40:1::1 as 34927; | |
| graceful restart on; | |
| ipv4 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net ~ MY_v4 then reject; | |
| bgp_local_pref = 100; | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| if net ~ MY_v4 then accept; | |
| reject; | |
| }; | |
| }; | |
| ipv6 { | |
| import keep filtered yes; | |
| import filter | |
| { | |
| if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject; | |
| if bgp_path ~ bogonAS then reject; | |
| if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject; | |
| bgp_local_pref = 100; | |
| if (34927, 133) ~ bgp_community then { bgp_local_pref = 50; } | |
| accept; | |
| }; | |
| export filter | |
| { | |
| include "communities.conf"; | |
| bgp_path.prepend(211696); | |
| bgp_path.prepend(211696); | |
| bgp_community.add((34927, 9330)); | |
| if net.len < 49 && net ~ MY_PFX then accept; | |
| reject; | |
| }; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment