VRF_external.conf 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
  1. ################################################################################
  2. # Internet table #
  3. ################################################################################
  4. {%- set ifaces = salt['pillar.get']('node:ifaces', {}) %}
  5. {%- set have_vrf_external = [] %}
  6. {%- for iface, iface_config in ifaces.items () %}
  7. {%- if iface_config.get ('vrf', '') == 'vrf_external' %}
  8. {%- do have_vrf_external.append (True) %}
  9. {%- break %}
  10. {%- endif %}
  11. {%- endfor %}
  12. {%- if True not in have_vrf_external %}
  13. #
  14. # No vrf_external configured on this node. Nothing to do.
  15. #
  16. {%- else %}
  17. table t_external;
  18. protocol kernel k_external {
  19. scan time 20;
  20. learn;
  21. import none;
  22. export all;
  23. table t_external;
  24. kernel table 1023;
  25. }
  26. # Add unreachable routes for RFC1918, RFC 6598, APIPA so we don't route
  27. # anything private into the internet + null route some bogons.
  28. protocol static bogon_unreach_ext {
  29. table t_external;
  30. {%- if proto == 'v4' %}
  31. route 0.0.0.0/8 unreachable; # Host-Subnet
  32. route 10.0.0.0/8 unreachable; # RFC 1918
  33. route 169.254.0.0/16 unreachable; # APIPA
  34. route 172.16.0.0/12 unreachable; # RFC 1918
  35. route 192.0.0.0/24 unreachable; # IANA RESERVED
  36. route 192.0.2.0/24 unreachable; # TEST-NET-1
  37. route 192.168.0.0/16 unreachable; # RFC 1918
  38. route 198.18.0.0/15 unreachable; # BENCHMARK
  39. route 198.51.100.0/24 unreachable; # TEST-NET-2
  40. route 203.0.113.0/24 unreachable; # TEST-NET-3
  41. route 224.0.0.0/3 unreachable; # MCast + Class E
  42. {%- else %}
  43. route ::/96 unreachable; # RFC 4291
  44. route 2001:db8::/32 unreachable; # Documentation
  45. route fec0::/10 unreachable; # Site Local
  46. route fc00::/7 unreachable; # ULA
  47. {%- endif %}
  48. }
  49. {%- endif %} {#- vrf_external exists #}