310 lines
7.4 KiB
Plaintext
310 lines
7.4 KiB
Plaintext
router id 45.61.173.144;
|
|
|
|
log syslog all;
|
|
log "/var/log/bird/bird.log" { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
|
|
|
protocol kernel {
|
|
ipv6;
|
|
scan time 15;
|
|
# learn;
|
|
}
|
|
|
|
protocol kernel {
|
|
ipv4;
|
|
scan time 15;
|
|
# learn;
|
|
}
|
|
|
|
protocol device {
|
|
scan time 10;
|
|
}
|
|
|
|
protocol static announcev6 {
|
|
ipv6;
|
|
description "Static v6 Routes";
|
|
route 2a12:bec0:210::/44 blackhole; #default Blackhole for subnet
|
|
|
|
route 2a12:bec0:210:4::/64 via 2a12:bec0:210:4::1; #Pete-tunnel
|
|
route 2a12:bec0:218::/48 via 2a12:bec0:210:4::2; #Pete-range
|
|
|
|
route 2a12:bec0:210:2::/64 via 2a12:bec0:210:2::1; #TGJ-tunnel
|
|
route 2a12:bec0:214::/48 via 2a12:bec0:210:2::2; #TGJ-range
|
|
|
|
route 2a12:bec0:210:5::/64 via 2a12:bec0:210:5::1; #Hugo-tunnel
|
|
route 2a12:bec0:21d::/48 via 2a12:bec0:210:5::2; #Hugo-range
|
|
|
|
route 2a12:bec0:210:3::/64 via 2a12:bec0:210:3::1; #Boris-tunnel
|
|
route 2a12:bec0:219::/48 via 2a12:bec0:210:3::2; #Boris-Range
|
|
|
|
route 2a12:bec0:210:6::/64 via 2a12:bec0:210:6::1; #Khem
|
|
route 2a12:bec0:213::/48 via 2a12:bec0:210:6::2; #Khem-Range
|
|
|
|
route 2a12:bec0:210:8::/64 via 2a12:bec0:210:8::1; #Jake
|
|
route 2a12:bec0:215::/48 via 2a12:bec0:210:8::2; #Jake-Range
|
|
|
|
# route 2a12:bec0:210:7::/64 via 2a12:bec0:210:7::1; #Khempi
|
|
# route 2a12:bec0:212::/48 via 2a12:bec0:210:7::2; #Khempi-Range
|
|
}
|
|
|
|
protocol static announcev4 {
|
|
ipv4;
|
|
description "Static v4 Routes";
|
|
# route 2a12:bec0:215::/48 blackhole; #default Blackhole for subnet
|
|
}
|
|
|
|
protocol static {
|
|
ipv6;
|
|
}
|
|
|
|
protocol static {
|
|
ipv4;
|
|
}
|
|
|
|
define BOGON_ASNS = [
|
|
0, # RFC 7607
|
|
23456, # RFC 4893 AS_TRANS
|
|
64496..64511, # RFC 5398 and documentation/example ASNs
|
|
64512..65534, # RFC 6996 Private ASNs
|
|
65535, # RFC 7300 Last 16 bit ASN
|
|
65536..65551, # RFC 5398 and documentation/example ASNs
|
|
65552..131071, # RFC IANA reserved ASNs
|
|
4200000000..4294967294, # RFC 6996 Private ASNs
|
|
4294967295 # RFC 7300 Last 32 bit ASN
|
|
];
|
|
|
|
define V6_BOGON_PREFIXES = [
|
|
#v6 bogon
|
|
::/8+, # RFC 4291 IPv4-compatible, loopback, et al
|
|
0100::/64+, # RFC 6666 Discard-Only
|
|
2001:2::/48+, # RFC 5180 BMWG
|
|
2001:10::/28+, # RFC 4843 ORCHID
|
|
2001:db8::/32+, # RFC 3849 documentation
|
|
2002::/16+, # RFC 7526 6to4 anycast relay
|
|
3ffe::/16+, # RFC 3701 old 6bone
|
|
fc00::/7+, # RFC 4193 unique local unicast
|
|
fe80::/10+, # RFC 4291 link local unicast
|
|
fec0::/10+, # RFC 3879 old site local unicast
|
|
ff00::/8+ # RFC 4291 multicast
|
|
];
|
|
|
|
define V4_BOGON_PREFIXES = [
|
|
#v4 bogon
|
|
0.0.0.0/8+, # RFC 1122 'this' network
|
|
10.0.0.0/8+, # RFC 1918 private space
|
|
100.64.0.0/10+, # RFC 6598 Carrier grade nat space
|
|
127.0.0.0/8+, # RFC 1122 localhost
|
|
169.254.0.0/16+, # RFC 3927 link local
|
|
172.16.0.0/12+, # RFC 1918 private space
|
|
192.0.2.0/24+, # RFC 5737 TEST-NET-1
|
|
192.88.99.0/24+, # RFC 7526 6to4 anycast relay
|
|
192.168.0.0/16+, # RFC 1918 private space
|
|
198.18.0.0/15+, # RFC 2544 benchmarking
|
|
198.51.100.0/24+, # RFC 5737 TEST-NET-2
|
|
203.0.113.0/24+, # RFC 5737 TEST-NET-3
|
|
224.0.0.0/4+, # multicast
|
|
240.0.0.0/4+ # reserved
|
|
];
|
|
|
|
function reject_bogon_asns() {
|
|
|
|
if (bgp_path ~ BOGON_ASNS) then
|
|
{
|
|
print "Reject: bogon AS_PATH: ", net, " ", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
function reject_v4_bogon_prefixes() {
|
|
if (net ~ V4_BOGON_PREFIXES) then
|
|
{
|
|
print "Reject: Bogon prefix: ", net, " ", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
function reject_v6_bogon_prefixes() {
|
|
if (net ~ V6_BOGON_PREFIXES) then
|
|
{
|
|
print "Reject: Bogon prefix: ", net, " ", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
function reject_smallv6_prefixes() {
|
|
if (net.len > 64) then
|
|
{
|
|
print "Reject: Too small prefix: ", net, " ", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
function reject_smallv4_prefixes() {
|
|
if (net.len > 24) then
|
|
{
|
|
print "Reject: Too small prefix: ", net, " ", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
function reject_long_aspaths() {
|
|
if (bgp_path.len > 100) then
|
|
{
|
|
print "Reject: Too long AS path: ", net, " ", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
|
|
filter rt_import {
|
|
reject_bogon_asns();
|
|
reject_v4_bogon_prefixes();
|
|
reject_v6_bogon_prefixes();
|
|
reject_smallv6_prefixes();
|
|
reject_smallv4_prefixes();
|
|
reject_long_aspaths();
|
|
accept;
|
|
}
|
|
|
|
filter rt_export {
|
|
if (proto = "announcev4") then
|
|
accept;
|
|
if (proto = "announcev6") then
|
|
accept;
|
|
reject;
|
|
}
|
|
|
|
#EBGP upstream sessions
|
|
protocol bgp scaleblade {
|
|
local 2a12:bec0:7000:1:149:18:80:30 as 199519;
|
|
# local 2a12:bec1:b00b:b00b:b00b:b00b:b00b:b00b as 199519;
|
|
neighbor 2a12:bec0:7000::1 as 52041;
|
|
multihop 255;
|
|
ipv6 {
|
|
export limit 20;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
graceful restart on;
|
|
};
|
|
}
|
|
|
|
#protocol bgp R64 {
|
|
# local 2a0f:5707:abf8:134::2 as 199519;
|
|
# neighbor 2a0f:5707:abf8:134::1 as 212895;
|
|
# ipv6 {
|
|
# import none;
|
|
# export filter rt_export;
|
|
# };
|
|
#}
|
|
|
|
#IBGP sessions
|
|
protocol bgp TGJHOME {
|
|
local 2a12:bec0:210:2::1 as 199519;
|
|
neighbor 2a12:bec0:210:2::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 20;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
protocol bgp hugo {
|
|
local 2a12:bec0:210:5::1 as 199519;
|
|
neighbor 2a12:bec0:210:5::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 10;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
protocol bgp pete {
|
|
local 2a12:bec0:210:4::1 as 199519;
|
|
neighbor 2a12:bec0:210:4::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 10;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
protocol bgp boris {
|
|
local 2a12:bec0:210:3::1 as 199519;
|
|
neighbor 2a12:bec0:210:3::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 10;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
protocol bgp khem {
|
|
local 2a12:bec0:210:6::1 as 199519;
|
|
neighbor 2a12:bec0:210:6::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 20;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
protocol bgp luke {
|
|
local 2a12:bec0:210:7::1 as 199519;
|
|
neighbor 2a12:bec0:210:7::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 20;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
#iBGP Customers
|
|
|
|
#protocol bgp mrcool {
|
|
# local 2a12:bec0:210:10::1 as 199519;
|
|
# neighbor 2a12:bec0:210:10::2 as 199187;
|
|
# multihop 255;
|
|
# ipv6 {
|
|
# import limit 10;
|
|
# import filter rt_import;
|
|
# export filter rt_export;
|
|
# };
|
|
#}
|
|
|
|
protocol bgp jake {
|
|
local 2a12:bec0:210:8::1 as 199519;
|
|
neighbor 2a12:bec0:210:8::2 as 199519;
|
|
multihop 255;
|
|
ipv6 {
|
|
import limit 10;
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
#Monitoring
|
|
protocol bgp QRT {
|
|
local 45.61.173.144 as 199519;
|
|
neighbor 178.248.237.29 as 197068;
|
|
multihop 255;
|
|
ipv6 {
|
|
import filter rt_import;
|
|
export filter rt_export;
|
|
};
|
|
}
|
|
|
|
# off till full table
|
|
#protocol bgp bgptools {
|
|
# local 2a12:bec0:7000:1:149:18:80:30 as 199519;
|
|
# neighbor 2a0c:2f07:9459::b6 as 212232;
|
|
# multihop 255;
|
|
# ipv6 {
|
|
# import all;
|
|
# export all;
|
|
# };
|
|
#} |