# # IPv6 Bird configuration (Salt managed) # {%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %} define AS_OWN = 65132; define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v6') }}; router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }}; # this pseudo-protocol watches all interface up/down events protocol device { scan time 10; }; # This pseudo-protocol performs synchronization between BIRD's routing # tables and the kernel. If your kernel supports multiple routing tables # (as Linux 2.2.x does), you can run multiple instances of the kernel # protocol and synchronize different kernel tables with different BIRD tables. protocol kernel { scan time 20; # Scan kernel routing table every 20 seconds {% if 'vpn' in node_config.get ('roles') %} # Learn host routes set up by VPN server(s) on this machine. # As there are two VPN hosts it's important to learn an redistribute # these internally to maintain full reachability. learn; import filter { if net ~ [ fdca:ffee:ff12:a249::/64+, # OPS fdca:ffee:ff12:a250::/64+, # User-srv fdca:ffee:ff12:a251::/64+, # Infra-srv # Compatibility glue, to be REMOVED, when finally renumbered fdca:ffee:ff12:a254::/64+, # Infra-srv legacy 2a02:450:1::/60+ # Vega Assignment ] then { # Bump perference of learned kernel routes from 10(!) to very high, # so they "win" in routed election and there's no clash with any # backup route via OSPF. preference = 12345; accept; } reject; }; {% else %} import none; {%- endif %} export all; # Force bird to export device routes learned above to freifunk table # This is needed as the routing policy on all nodes will force all # traffic to be routed by this table so we have to make sure even # locally connected networks are reachable from this table. device routes yes; } # # Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff) include "/etc/bird/ff-policy6.conf"; include "/etc/bird/bird6.d/*.conf";