ffho-salt-public/bird/VRF_external.conf

################################################################################
#                              Internet table                                  #
################################################################################

{%- set ifaces = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ifaces', {}) %}
{%- set have_vrf_external = [] %}
{%- for iface, iface_config in ifaces.items () %}
  {%- if iface_config.get ('vrf', '') == 'vrf_external' %}
    {%- do have_vrf_external.append (True) %}
    {%- break %}
  {%- endif %}
{%- endfor %}

{%- if True not in have_vrf_external %}
#
# No vrf_external configured on this node. Nothing to do.
#
{%- else %}
table t_external;

protocol kernel k_external {
	scan time 20;

	learn;
	import none;
	export all;

	table t_external;
	kernel table 1023;
}

# Add unreachable routes for RFC1918, RFC 6598, APIPA so we don't route
# anything private into the internet + null route some bogons.
protocol static bogon_unreach_ext {
	table t_external;

  {%- if proto == 'v4' %}
	route 0.0.0.0/8		unreachable;	# Host-Subnet
	route 10.0.0.0/8	unreachable;	# RFC 1918
	route 169.254.0.0/16	unreachable;	# APIPA
	route 172.16.0.0/12	unreachable;	# RFC 1918
	route 192.0.0.0/24	unreachable;	# IANA RESERVED
	route 192.0.2.0/24	unreachable;	# TEST-NET-1
	route 192.168.0.0/16	unreachable;	# RFC 1918
	route 198.18.0.0/15	unreachable;	# BENCHMARK
	route 198.51.100.0/24	unreachable;	# TEST-NET-2
	route 203.0.113.0/24	unreachable;	# TEST-NET-3
	route 224.0.0.0/3	unreachable;	# MCast + Class E
  {%- else %}
	route ::/96         unreachable; # RFC 4291
	route 2001:db8::/32 unreachable; # Documentation
	route fec0::/10     unreachable; # Site Local
	route fc00::/7      unreachable; # ULA
  {%- endif %}
}
{%- endif %} {#- vrf_external exists #}