Головна сторінка Огляд Довідка
Реєстрація Увійти
FreifunkHochstift
/
ffho-salt-public
2
0
Відгалуження 2
Файли Проблеми 0 Запити на злиття 0
Дерево: efae79efff
Гілки Теги
ffho-salt-pu...
/
bird
/
bird6.conf

bird6.conf 2.3 KB
Історія Запис

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. #
    2. 

  2. # IPv6 Bird configuration (Salt managed)
    3. 

  3. #
    4. 

  4. {%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
    5. 

  5. 

  6. define AS_OWN  = 65132;
    7. 

  7. define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v6') }};
    8. 

  8. 

  9. router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};
    10. 

  10. 

  11. 

  12. # this pseudo-protocol watches all interface up/down events
    13. 

  13. protocol device {
    14. 

  14. 	scan time 10;
    15. 

  15. };
    16. 

  16. 

  17. # This pseudo-protocol performs synchronization between BIRD's routing
    18. 

  18. # tables and the kernel. If your kernel supports multiple routing tables
    19. 

  19. # (as Linux 2.2.x does), you can run multiple instances of the kernel
    20. 

  20. # protocol and synchronize different kernel tables with different BIRD tables.
    21. 

  21. protocol kernel {
    22. 

  22. 	scan time 20;           # Scan kernel routing table every 20 seconds
    23. 

  23. 

  24. {% if 'vpn' in node_config.get ('roles') %}
    25. 

  25. 	# Learn host routes set up by VPN server(s) on this machine.
    26. 

  26. 	# As there are two VPN hosts it's important to learn an redistribute
    27. 

  27. 	# these internally to maintain full reachability.
    28. 

  28. 	learn;
    29. 

  29. 

  30. 	import filter {
    31. 

  31. 		if net ~ [
    32. 

  32. 			  fdca:ffee:ff12:a249::/64+,	# OPS
    33. 

  33. 			  fdca:ffee:ff12:a250::/64+,	# User-srv
    34. 

  34. 			  fdca:ffee:ff12:a251::/64+,	# Infra-srv
    35. 

  35. 			  # Compatibility glue, to be REMOVED, when finally renumbered
    36. 

  36. 			  fdca:ffee:ff12:a254::/64+,	# Infra-srv legacy
    37. 

  37. 			  2a02:450:1::/60+		# Vega Assignment
    38. 

  38. 			 ] then {
    39. 

  39. 

  40. 			# Bump perference of learned kernel routes from 10(!) to very high,
    41. 

  41. 			# so they "win" in routed election and there's no clash with any
    42. 

  42. 			# backup route via OSPF.
    43. 

  43. 			preference = 12345;
    44. 

  44. 			accept;
    45. 

  45. 		}
    46. 

  46. 

  47. 		reject;
    48. 

  48. 	};
    49. 

  49. {% else %}
    50. 

  50. 	import none;
    51. 

  51. {%- endif %}
    52. 

  52. 	export all;
    53. 

  53. 

  54. 	# Force bird to export device routes learned above to freifunk table
    55. 

  55. 	# This is needed as the routing policy on all nodes will force all
    56. 

  56. 	# traffic to be routed by this table so we have to make sure even
    57. 

  57. 	# locally connected networks are reachable from this table.
    58. 

  58. 	device routes yes;
    59. 

  59. }
    60. 

  60. 

  61. # Add unreachable routes for any prefix we don't want to route to
    62. 

  62. # the internet.
    63. 

  63. protocol static bogon_unreach {
    64. 

  64. 	route ::/96         unreachable; # RFC 4291
    65. 

  65. 	route 2001:db8::/32 unreachable; # Documentation
    66. 

  66. 	route fec0::/10     unreachable; # Site Local
    67. 

  67. 	route fc00::/7      unreachable; # ULA
    68. 

  68. }
    69. 

  69. 

  70. 

  71. #
    72. 

  72. # Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
    73. 

  73. include "/etc/bird/ff-policy6.conf";
    74. 

  74. include "/etc/bird/bird6.d/*.conf";
    75.