vcaixeta/BIRD_RTBH_Example

## BIRD_RTBH_Example
# Configure logging
#log "/var/log/bird-rtbh.log" all;
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };

define local_asn = 65001;

# Override router ID
router id 10.0.0.100;

# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
       learn;                  # Learn all alien routes from the kernel
        persist;                # Don't remove routes on bird shutdown
        scan time 20;           # Scan kernel routing table every 20 seconds
        import none;            # Default is import all
        export none;             # Default is export none
        kernel table 5;         # Kernel table to synchronize with (default: main)
}

table RTBH;
protocol kernel rtbh {
		learn;
        persist;
        scan time 20;
        import all;
        export all;
        table RTBH;
        kernel table 100;         # Kernel table to synchronize with (rtbh: 100)
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
        scan time 10;           # Scan interfaces every 10 seconds
}

# Allow only /32 part of a specific prefix
# This function will only pass if the prefix is a /32 and part of the allowed_prefix list
function check_prefix()
prefix set allowed_prefix;
{
    allowed_prefix = [ 203.0.113.128/25+, 1.1.1.0/24+ ];

    if ! (net ~ allowed_prefix) then return false;
    if net.len != 32 then return false;

    return true;
}

#This Filter will be applied to BGP Export, it will check if check_prefix() is True and then set the Blackhole Community
filter EXPORT_BLACKHOLED_32
{
    if ! (check_prefix()) then
        reject;

    bgp_community = -empty-;
    bgp_community.add((local_asn,666));

    accept;
}

#Peer BGP Settings. We explicity select table RTBH, which makes this BGP Peer sync with the Kernel Table RTBH Only.
protocol bgp EDGE {
	   table RTBH;
       description "Peer with Edge Router to announce /32 Prefixes to be Blackholed";
       local as local_asn;
       neighbor 10.0.0.1 as local_asn;
       import all;
       export filter EXPORT_BLACKHOLED_32;
}
	# Configure logging
	#log "/var/log/bird-rtbh.log" all;
	log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };

	define local_asn = 65001;

	# Override router ID
	router id 10.0.0.100;

	# This pseudo-protocol performs synchronization between BIRD's routing
	# tables and the kernel. If your kernel supports multiple routing tables
	# (as Linux 2.2.x does), you can run multiple instances of the kernel
	# protocol and synchronize different kernel tables with different BIRD tables.
	protocol kernel {
	learn; # Learn all alien routes from the kernel
	persist; # Don't remove routes on bird shutdown
	scan time 20; # Scan kernel routing table every 20 seconds
	import none; # Default is import all
	export none; # Default is export none
	kernel table 5; # Kernel table to synchronize with (default: main)
	}

	table RTBH;
	protocol kernel rtbh {
	learn;
	persist;
	scan time 20;
	import all;
	export all;
	table RTBH;
	kernel table 100; # Kernel table to synchronize with (rtbh: 100)
	}

	# This pseudo-protocol watches all interface up/down events.
	protocol device {
	scan time 10; # Scan interfaces every 10 seconds
	}

	# Allow only /32 part of a specific prefix
	# This function will only pass if the prefix is a /32 and part of the allowed_prefix list
	function check_prefix()
	prefix set allowed_prefix;
	{
	allowed_prefix = [ 203.0.113.128/25+, 1.1.1.0/24+ ];

	if ! (net ~ allowed_prefix) then return false;
	if net.len != 32 then return false;

	return true;
	}

	#This Filter will be applied to BGP Export, it will check if check_prefix() is True and then set the Blackhole Community
	filter EXPORT_BLACKHOLED_32
	{
	if ! (check_prefix()) then
	reject;

	bgp_community = -empty-;
	bgp_community.add((local_asn,666));

	accept;
	}

	#Peer BGP Settings. We explicity select table RTBH, which makes this BGP Peer sync with the Kernel Table RTBH Only.
	protocol bgp EDGE {
	table RTBH;
	description "Peer with Edge Router to announce /32 Prefixes to be Blackholed";
	local as local_asn;
	neighbor 10.0.0.1 as local_asn;
	import all;
	export filter EXPORT_BLACKHOLED_32;
	}