#
# IPv4 Bird configuration (Salt managed)
#
{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}

define AS_OWN  = 65132;
define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v4') }};

router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};


# this pseudo-protocol watches all interface up/down events
protocol device {
	scan time 10;
};

# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
	scan time 20;           # Scan kernel routing table every 20 seconds

{% if 'vpn' in node_config.get ('roles') %}
	# Learn host routes set up by VPN server(s) on this machine.
	# As there are two VPN hosts it's important to learn an redistribute
	# these internally to maintain full reachability.
	learn;

	import filter {
		if net ~ [
			   10.132.249.0/24+,	# OPS
			   10.132.250.0/24+,	# User-srv
			   10.132.251.0/24+,	# Infra-srv
			   80.70.181.56/29+	# Vega-IPs
			 ] then {

			# Bump perference of learned kernel routes from 10(!) to very high,
			# so they "win" in routed election and there's no clash with any
			# backup route via OSPF.
			preference = 12345;
			accept;
		}

		reject;
	};
{% else %}
	import none;
{%- endif %}
	export all;
}


# Add unreachable routes for RFC1918, RFC 6598, APIPA so we don't route
# anything private into the internet + null route some bogons.
protocol static bogon_unreach {
	route 0.0.0.0/8		unreachable;	# Host-Subnet
	route 10.0.0.0/8	unreachable;	# RFC 1918
	route 100.64.0.0/10 	unreachable;	# RFC 6598
	route 169.254.0.0/16	unreachable;	# APIPA
	route 172.16.0.0/12 	unreachable;	# RFC 1918
	route 192.0.0.0/24	unreachable;	# IANA RESERVED
	route 192.0.2.0/24	unreachable;	# TEST-NET-1
	route 192.168.0.0/16	unreachable;	# RFC 1918
	route 198.18.0.0/15	unreachable;	# BENCHMARK
	route 198.51.100.0/24	unreachable;	# TEST-NET-2
	route 203.0.113.0/24	unreachable;	# TEST-NET-3
	route 224.0.0.0/3	unreachable;	# MCast + Class E
}


#
# Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
include "/etc/bird/ff-policy.conf";
include "/etc/bird/bird.d/*.conf";