Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Tree: b5ee6346a9
Branches Tags
ffho-salt-pu...
/
bird
/
bird.conf

bird.conf 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. #
    2. 

  2. # IPv4 Bird configuration (Salt managed)
    3. 

  3. #
    4. 

  4. {%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
    5. 

  5. 

  6. define AS_OWN  = 65132;
    7. 

  7. define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v4') }};
    8. 

  8. 

  9. router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};
    10. 

  10. 

  11. 

  12. # this pseudo-protocol watches all interface up/down events
    13. 

  13. protocol device {
    14. 

  14. 	scan time 10;
    15. 

  15. };
    16. 

  16. 

  17. # This pseudo-protocol performs synchronization between BIRD's routing
    18. 

  18. # tables and the kernel. If your kernel supports multiple routing tables
    19. 

  19. # (as Linux 2.2.x does), you can run multiple instances of the kernel
    20. 

  20. # protocol and synchronize different kernel tables with different BIRD tables.
    21. 

  21. protocol kernel {
    22. 

  22. 	scan time 20;           # Scan kernel routing table every 20 seconds
    23. 

  23. 

  24. {% if 'vpn' in node_config.get ('roles') %}
    25. 

  25. 	# Learn host routes set up by VPN server(s) on this machine.
    26. 

  26. 	# As there are two VPN hosts it's important to learn an redistribute
    27. 

  27. 	# these internally to maintain full reachability.
    28. 

  28. 	learn;
    29. 

  29. 

  30. 	import filter {
    31. 

  31. 		if net ~ [
    32. 

  32. 			   10.132.249.0/24+,	# OPS
    33. 

  33. 			   10.132.250.0/24+,	# User-srv
    34. 

  34. 			   10.132.251.0/24+,	# Infra-srv
    35. 

  35. 			   80.70.181.56/29+	# Vega-IPs
    36. 

  36. 			 ] then {
    37. 

  37. 

  38. 			# Bump perference of learned kernel routes from 10(!) to very high,
    39. 

  39. 			# so they "win" in routed election and there's no clash with any
    40. 

  40. 			# backup route via OSPF.
    41. 

  41. 			preference = 12345;
    42. 

  42. 			accept;
    43. 

  43. 		}
    44. 

  44. 

  45. 		reject;
    46. 

  46. 	};
    47. 

  47. {% else %}
    48. 

  48. 	import none;
    49. 

  49. {%- endif %}
    50. 

  50. 	export all;
    51. 

  51. }
    52. 

  52. 

  53. 

  54. # Add unreachable routes for RFC1918, RFC 6598, APIPA so we don't route
    55. 

  55. # anything private into the internet + null route some bogons.
    56. 

  56. protocol static bogon_unreach {
    57. 

  57. 	route 0.0.0.0/8		unreachable;	# Host-Subnet
    58. 

  58. 	route 10.0.0.0/8	unreachable;	# RFC 1918
    59. 

  59. 	route 100.64.0.0/10 	unreachable;	# RFC 6598
    60. 

  60. 	route 169.254.0.0/16	unreachable;	# APIPA
    61. 

  61. 	route 172.16.0.0/12 	unreachable;	# RFC 1918
    62. 

  62. 	route 192.0.0.0/24	unreachable;	# IANA RESERVED
    63. 

  63. 	route 192.0.2.0/24	unreachable;	# TEST-NET-1
    64. 

  64. 	route 192.168.0.0/16	unreachable;	# RFC 1918
    65. 

  65. 	route 198.18.0.0/15	unreachable;	# BENCHMARK
    66. 

  66. 	route 198.51.100.0/24	unreachable;	# TEST-NET-2
    67. 

  67. 	route 203.0.113.0/24	unreachable;	# TEST-NET-3
    68. 

  68. 	route 224.0.0.0/3	unreachable;	# MCast + Class E
    69. 

  69. }
    70. 

  70. 

  71. 

  72. #
    73. 

  73. # Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
    74. 

  74. include "/etc/bird/ff-policy.conf";
    75. 

  75. include "/etc/bird/bird.d/*.conf";
    76.