pyrox.dev / nix
My Nix Configuration
fork atom
nix / systems / x86_64-linux / prefect / dn42 / bird.conf
at e0bb7fca94b45aa26bc1cd659ed44b9c3c4fd727 9.1 kB view raw
1log stderr all; 2debug protocols all; 3timeformat protocol iso long; 4################################################ 5# Variable header # 6################################################ 7 8define OWNAS = 4242422459; 9define OWNIP = 172.20.43.96; 10define OWNIPv6 = fd21:1500:66b0::1; 11define OWNNET = 172.20.43.96/27; 12define OWNNETv6 = fd21:1500:66b0::/48; 13define OWNNETSET = [172.20.43.96/29+]; 14define OWNNETSETv6 = [fd21:1500:66b0::/48+]; 15define DN42_REGION = 42; 16 17################################################ 18# Header end # 19################################################ 20 21router id OWNIP; 22 23protocol device { 24 scan time 10; 25} 26 27/* 28 * Utility functions 29 */ 30 31function is_self_net() { 32 return net ~ OWNNETSET; 33} 34 35function is_self_net_v6() { 36 return net ~ OWNNETSETv6; 37} 38 39function is_valid_network() { 40 return net ~ [ 41 172.20.0.0/14{21,29}, # dn42 42 172.20.0.0/24{28,32}, # dn42 Anycast 43 172.21.0.0/24{28,32}, # dn42 Anycast 44 172.22.0.0/24{28,32}, # dn42 Anycast 45 172.23.0.0/24{28,32}, # dn42 Anycast 46 172.31.0.0/16+, # ChaosVPN 47 10.100.0.0/14+, # ChaosVPN 48 10.127.0.0/16{16,32}, # neonetwork 49 10.0.0.0/8{15,24} # Freifunk.net 50 ]; 51} 52 53roa4 table dn42_roa; 54roa6 table dn42_roa_v6; 55 56protocol static { 57 roa4 { table dn42_roa; }; 58 include "/etc/bird/roa_dn42.conf"; 59}; 60 61protocol static { 62 roa6 { table dn42_roa_v6; }; 63 include "/etc/bird/roa_dn42_v6.conf"; 64}; 65 66function is_valid_network_v6() { 67 return net ~ [ 68 fd00::/8{44,64} # ULA address space as per RFC 4193 69 ]; 70} 71 72protocol kernel { 73 scan time 20; 74 75 ipv6 { 76 import none; 77 export filter { 78 if source = RTS_STATIC then reject; 79 krt_prefsrc = OWNIPv6; 80 accept; 81 }; 82 }; 83}; 84 85protocol kernel { 86 scan time 20; 87 ipv4 { 88 import none; 89 export filter { 90 if source = RTS_STATIC then reject; 91 krt_prefsrc = OWNIP; 92 accept; 93 }; 94 }; 95} 96 97protocol static { 98 route OWNNET reject; 99 100 ipv4 { 101 import all; 102 export none; 103 }; 104} 105 106protocol static { 107 route OWNNETv6 reject; 108 109 ipv6 { 110 import all; 111 export none; 112 }; 113} 114 115template bgp dnpeers { 116 local as OWNAS; 117 path metric 1; 118} 119 120protocol ospf v3 { 121 ipv4 { 122 export filter { 123 if source = RTS_STATIC || source = RTS_BGP then reject; 124 accept; 125 }; 126 }; 127 128 area 0 { 129 interface "lo" { 130 stub; 131 }; 132 133 interface "ospf_*"{ 134 type pointopoint; 135 }; 136 }; 137} 138 139protocol ospf v3 { 140 ipv6 { 141 export filter { 142 if source = RTS_STATIC || source = RTS_BGP then reject; 143 accept; 144 }; 145 }; 146 147 area 0 { 148 interface "lo" { 149 stub; 150 }; 151 152 interface "ospf_*" { 153 type pointopoint; 154 }; 155 156 }; 157} 158 159 160function update_latency(int link_latency) { 161 bgp_community.add((64511, link_latency)); 162 if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; } 163 else if (64511, 8) ~ bgp_community then { bgp_community.delete([(64511, 1..7)]); return 8; } 164 else if (64511, 7) ~ bgp_community then { bgp_community.delete([(64511, 1..6)]); return 7; } 165 else if (64511, 6) ~ bgp_community then { bgp_community.delete([(64511, 1..5)]); return 6; } 166 else if (64511, 5) ~ bgp_community then { bgp_community.delete([(64511, 1..4)]); return 5; } 167 else if (64511, 4) ~ bgp_community then { bgp_community.delete([(64511, 1..3)]); return 4; } 168 else if (64511, 3) ~ bgp_community then { bgp_community.delete([(64511, 1..2)]); return 3; } 169 else if (64511, 2) ~ bgp_community then { bgp_community.delete([(64511, 1..1)]); return 2; } 170 else return 1; 171} 172 173function update_bandwidth(int link_bandwidth) { 174 bgp_community.add((64511, link_bandwidth)); 175 if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; } 176 else if (64511, 22) ~ bgp_community then { bgp_community.delete([(64511, 23..29)]); return 22; } 177 else if (64511, 23) ~ bgp_community then { bgp_community.delete([(64511, 24..29)]); return 23; } 178 else if (64511, 24) ~ bgp_community then { bgp_community.delete([(64511, 25..29)]); return 24; } 179 else if (64511, 25) ~ bgp_community then { bgp_community.delete([(64511, 26..29)]); return 25; } 180 else if (64511, 26) ~ bgp_community then { bgp_community.delete([(64511, 27..29)]); return 26; } 181 else if (64511, 27) ~ bgp_community then { bgp_community.delete([(64511, 28..29)]); return 27; } 182 else if (64511, 28) ~ bgp_community then { bgp_community.delete([(64511, 29..29)]); return 28; } 183 else return 29; 184} 185 186function update_crypto(int link_crypto) { 187 bgp_community.add((64511, link_crypto)); 188 if (64511, 31) ~ bgp_community then { bgp_community.delete([(64511, 32..34)]); return 31; } 189 else if (64511, 32) ~ bgp_community then { bgp_community.delete([(64511, 33..34)]); return 32; } 190 else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; } 191 else return 34; 192} 193 194function get_region() { 195if (64511, 41) ~ bgp_community then { return 41; } 196else if (64511, 42) ~ bgp_community then { return 42; } 197else if (64511, 43) ~ bgp_community then { return 43; } 198else if (64511, 44) ~ bgp_community then { return 44; } 199else if (64511, 45) ~ bgp_community then { return 45; } 200else if (64511, 46) ~ bgp_community then { return 46; } 201else if (64511, 47) ~ bgp_community then { return 47; } 202else if (64511, 48) ~ bgp_community then { return 48; } 203else if (64511, 49) ~ bgp_community then { return 49; } 204else if (64511, 50) ~ bgp_community then { return 50; } 205else if (64511, 51) ~ bgp_community then { return 51; } 206else if (64511, 52) ~ bgp_community then { return 52; } 207else if (64511, 53) ~ bgp_community then { return 53; } 208else return DN42_REGION; 209} 210 211 212function calculate_local_pref(int dn42_latency) 213int pref; 214{ 215 pref = 100; 216 if (is_self_net() || is_self_net_v6()) then { 217 pref = 2000; 218 } 219 else if (bgp_path.len = 1) then { 220 pref = 1000; 221 } 222 else if (DN42_REGION = get_region()) then { 223 pref= 500; 224 } 225 else { 226 if (DN42_REGION > get_region()) then { 227 pref = 500 - ((DN42_REGION - get_region()) * 10); 228 } 229 else { 230 pref = 500 - ((get_region() - DN42_REGION) * 10); 231 } 232 } 233 pref = pref - 10*dn42_latency - 10* bgp_path.len; 234 if pref > 2000 then { 235 pref = 10; 236 } 237 return pref; 238} 239 240function update_flags(int link_latency; int link_bandwidth; int link_crypto) 241int dn42_latency; 242int dn42_bandwidth; 243int dn42_crypto; 244{ 245 dn42_latency = update_latency(link_latency); 246 dn42_bandwidth = update_bandwidth(link_bandwidth) - 20; 247 dn42_crypto = update_crypto(link_crypto) - 30; 248 if dn42_bandwidth > 5 then dn42_bandwidth = 5; 249 bgp_local_pref = calculate_local_pref(dn42_latency); 250 return true; 251} 252 253 254function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) { 255 if (is_valid_network() && !is_self_net()) || (is_valid_network_v6() && !is_self_net_v6()) then { 256 if roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID && roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID then { 257 print "[dn42] Import : ROA check failed for ", net, " ASN ", bgp_path.last, " on ", proto; 258 reject; 259 } 260 update_flags(link_latency, link_bandwidth, link_crypto); 261 if (65535, 666) ~ bgp_community then dest = RTD_BLACKHOLE; 262 accept; 263 } 264 print "[dn42] Import : Invalid Network for ", net, " ASN ", bgp_path.last, " on ", proto; 265 reject; 266} 267 268function dn42_export_filter(int link_latency; int link_bandwith; int link_crypto) { 269 if is_valid_network() || is_valid_network_v6() then { 270# if roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID && roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID then { 271# print "[dn42] Export : ROA check failed for ", net, " ASN ", bgp_path.last, " on ", proto; 272# reject; 273# } 274 if source = RTS_STATIC then bgp_community.add((64511, DN42_REGION)); 275 update_flags(link_latency, link_bandwith, link_crypto); 276 accept; 277 } 278 reject; 279} 280 281protocol bgp route_collector from dnpeers { 282 neighbor fd42:4242:2601:ac12::1 as 4242422602; 283 multihop; 284 ipv4 { 285 # export all available paths to the collector 286 add paths tx; 287 288 # import/export filters 289 import none; 290 export filter { 291 # export all valid routes 292 if ( is_valid_network() && source ~ [ RTS_STATIC, RTS_BGP ] ) 293 then { 294 accept; 295 } 296 reject; 297 }; 298 }; 299 300 ipv6 { 301 # export all available paths to the collector 302 add paths tx; 303 304 # import/export filters 305 import none; 306 export filter { 307 # export all valid routes 308 if ( is_valid_network_v6() && source ~ [ RTS_STATIC, RTS_BGP ] ) 309 then { 310 accept; 311 } 312 reject; 313 }; 314 }; 315}