ffho-salt-public/bird/bird.conf

#
# IPv4 Bird configuration (Salt managed)
#
{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}

define AS_OWN  = 65132;
define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v4') }};

router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};


# this pseudo-protocol watches all interface up/down events
protocol device {
	scan time 10;
};

# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
	scan time 20;           # Scan kernel routing table every 20 seconds

{% if 'vpn' in node_config.get ('roles') %}
	# Learn host routes set up by VPN server(s) on this machine.
	# As there are two VPN hosts it's important to learn an redistribute
	# these internally to maintain full reachability.
	learn;

	import filter {
		if net ~ [
			   10.132.249.0/24+,	# OPS
			   10.132.250.0/24+,	# User-srv
			   10.132.251.0/24+,	# Infra-srv
			   80.70.181.56/29+	# Vega-IPs
			 ] then {

			# Bump perference of learned kernel routes from 10(!) to very high,
			# so they "win" in routed election and there's no clash with any
			# backup route via OSPF.
			preference = 12345;
			accept;
		}

		reject;
	};
{% else %}
	import none;
{%- endif %}
	# Do NOT export local unreachable routes for TE purposes
	export where proto != "ffho_te";
}


#
# Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
include "/etc/bird/ff-policy.conf";
include "/etc/bird/bird.d/*.conf";