9 months ago · 1773f8a158
--- a/bird/bird.conf
+++ b/bird/bird.conf
@@ -35,7 +35,9 @@ protocol kernel {
 
				 
			
 
				 
			
 
				 #
			
 
				-# Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
			
 
				+# Load local config knobs and additiional configuration (IGP, FFRL, 'n stuff)
			
 
				+include "/etc/bird/local.conf";
			
 
				+
			
 
				 {%- if proto == "v4" %}
			
 
				 include "/etc/bird/ff-policy.conf";
			
 
				 include "/etc/bird/bird.d/*.conf";
			
--- a/bird/ff-policy.conf
+++ b/bird/ff-policy.conf
@@ -60,7 +60,6 @@ define ANYCAST_PREFIX = (65132,999);
 
				 define SITE_LEGACY_ONLINE = 1;
			
 
				 define SITE_PADCTY_ONLINE = 1;
			
 
				 define SITE_PADUML_ONLINE = 1;
			
 
				-define DRAINED = 0;
			
 
				 
			
 
				 
			
 
				 {%- if 'batman_gw' in node_roles %}
			
@@ -121,7 +120,7 @@ filter ibgp_out {
 
				 		reject;
			
 
				 
			
 
				 	# Don't redistribute anything IF we are drained
			
 
				-	if 1 = DRAINED then
			
 
				+	if 1 = DRAIN_FULL then
			
 
				 		reject;
			
 
				 
			
 
				 {%- if 'batman_gw' in node_roles %}
			
--- a/bird/ffrl.conf
+++ b/bird/ffrl.conf
@@ -7,6 +7,11 @@
 
				 
			
 
				 
			
 
				 filter ffrl_in {
			
 
				+	if DRAIN_FULL = 1 then
			
 
				+		reject;
			
 
				+	if DRAIN_FFRL = 1 then
			
 
				+		reject;
			
 
				+
			
 
				 	if net ~ [
			
 
				 {%- if proto == 'v4'%}
			
 
				 		0.0.0.0/0
			
@@ -25,12 +30,16 @@ filter ffrl_in {
 
				 
			
 
				 
			
 
				 filter ffrl_out {
			
 
				+	if DRAIN_FULL = 1 then
			
 
				+		reject;
			
 
				+	if DRAIN_FFRL = 1 then
			
 
				+		reject;
			
 
				+
			
 
				 {%- if proto == 'v4'%}
			
 
				 	if proto != "p_nat" then
			
 
				 		reject;
			
 
				 
			
 
				 	if net ~ [
			
 
				-		185.66.194.80/29+,
			
 
				 		185.66.194.84/31+,	# FRA-IPs
			
 
				 		185.66.195.94/31+	# BER-IPs
			
 
				 {%- else %}
			
@@ -68,6 +77,7 @@ define AS_FFRL = 201701;
 
				 template bgp as201701 {
			
 
				 	import filter ffrl_in;
			
 
				 	export filter ffrl_out;
			
 
				+	import keep filtered;
			
 
				 
			
 
				 	local as 65132;
			
 
				 
			
--- a/bird/init.sls
+++ b/bird/init.sls
@@ -36,6 +36,18 @@ bird6-configure:
 
				     - watch: []
			
 
				 
			
 
				 
			
 
				+# Create local config knobs (e.g. drain switches)
			
 
				+/etc/bird/local.conf:
			
 
				+  file.managed:
			
 
				+    - source: salt://bird/local.conf
			
 
				+    - replace: False # Create only, then no touchy!
			
 
				+    - watch_in:
			
 
				+      - cmd: bird-configure
			
 
				+      - cmd: bird6-configure
			
 
				+    - require_in:
			
 
				+      - service: bird
			
 
				+
			
 
				+
			
 
				 /etc/bird:
			
 
				   file.directory:
			
 
				     - mode: 750
			
@@ -59,8 +71,6 @@ bird6-configure:
 
				     - source: salt://bird/bird.conf
			
 
				     - template: jinja
			
 
				       proto: v4
			
 
				-    - require:
			
 
				-      - file: /etc/bird/bird.d
			
 
				     - require_in:
			
 
				       - service: bird
			
 
				     - watch_in:
			
@@ -84,8 +94,6 @@ bird6-configure:
 
				     - source: salt://bird/bird.conf
			
 
				     - template: jinja
			
 
				       proto: v6
			
 
				-    - require:
			
 
				-      - file: /etc/bird/bird6.d
			
 
				     - watch_in:
			
 
				       - cmd: bird6-configure
			
 
				     - mode: 644