|
|
@@ -1,66 +0,0 @@
|
|
|
-#
|
|
|
-# IPv6 Bird configuration (Salt managed)
|
|
|
-#
|
|
|
-{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
|
|
|
-
|
|
|
-define AS_OWN = 65132;
|
|
|
-define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v6') }};
|
|
|
-
|
|
|
-router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};
|
|
|
-
|
|
|
-
|
|
|
-# this pseudo-protocol watches all interface up/down events
|
|
|
-protocol device {
|
|
|
- scan time 10;
|
|
|
-};
|
|
|
-
|
|
|
-# This pseudo-protocol performs synchronization between BIRD's routing
|
|
|
-# tables and the kernel. If your kernel supports multiple routing tables
|
|
|
-# (as Linux 2.2.x does), you can run multiple instances of the kernel
|
|
|
-# protocol and synchronize different kernel tables with different BIRD tables.
|
|
|
-protocol kernel {
|
|
|
- scan time 20; # Scan kernel routing table every 20 seconds
|
|
|
-
|
|
|
-{% if 'vpn' in node_config.get ('roles') %}
|
|
|
- # Learn host routes set up by VPN server(s) on this machine.
|
|
|
- # As there are two VPN hosts it's important to learn an redistribute
|
|
|
- # these internally to maintain full reachability.
|
|
|
- learn;
|
|
|
-
|
|
|
- import filter {
|
|
|
- if net ~ [
|
|
|
- fdca:ffee:ff12:a249::/64+, # OPS
|
|
|
- fdca:ffee:ff12:a250::/64+, # User-srv
|
|
|
- fdca:ffee:ff12:a251::/64+, # Infra-srv
|
|
|
- # Compatibility glue, to be REMOVED, when finally renumbered
|
|
|
- fdca:ffee:ff12:a254::/64+, # Infra-srv legacy
|
|
|
- 2a02:450:1::/60+ # Vega Assignment
|
|
|
- ] then {
|
|
|
-
|
|
|
- # Bump perference of learned kernel routes from 10(!) to very high,
|
|
|
- # so they "win" in routed election and there's no clash with any
|
|
|
- # backup route via OSPF.
|
|
|
- preference = 12345;
|
|
|
- accept;
|
|
|
- }
|
|
|
-
|
|
|
- reject;
|
|
|
- };
|
|
|
-{% else %}
|
|
|
- import none;
|
|
|
-{%- endif %}
|
|
|
- # Do NOT export local unreachable routes for TE purposes
|
|
|
- export where proto != "ffho_te";
|
|
|
-
|
|
|
- # Force bird to export device routes learned above to freifunk table
|
|
|
- # This is needed as the routing policy on all nodes will force all
|
|
|
- # traffic to be routed by this table so we have to make sure even
|
|
|
- # locally connected networks are reachable from this table.
|
|
|
- device routes yes;
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-#
|
|
|
-# Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
|
|
|
-include "/etc/bird/ff-policy6.conf";
|
|
|
-include "/etc/bird/bird6.d/*.conf";
|
Maximilian Wilhelm