ffrl.conf 1.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. #
  2. # FFRL upstream (Salt managed)
  3. #
  4. {%- set ifaces = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ifaces', {}) %}
  5. {%- set sessions = salt['ffho_net.get_ffrl_bgp_config'](ifaces, proto) %}
  6. {%- set te_community_map_ffrl = salt['pillar.get']('te:community_map:' ~ grains['id'] ~ ':ffrl', [])|sort %}
  7. filter ffrl_in {
  8. if DRAIN_FULL = 1 then
  9. reject;
  10. if DRAIN_FFRL = 1 then
  11. reject;
  12. if net ~ [
  13. {%- if proto == 'v4'%}
  14. 0.0.0.0/0
  15. {%- else %}
  16. ::/0
  17. {%- endif %}
  18. ] then {
  19. # Rewrite BGP next hop to loopback IP so we don't have to
  20. # include transfer networks to AS201701 in IGP.
  21. bgp_next_hop = LO_IP;
  22. accept;
  23. }
  24. reject;
  25. };
  26. filter ffrl_out {
  27. if DRAIN_FULL = 1 then
  28. reject;
  29. if DRAIN_FFRL = 1 then
  30. reject;
  31. {%- if proto == 'v4'%}
  32. if proto != "p_nat" then
  33. reject;
  34. if net ~ [
  35. 185.66.194.84/31+, # FRA-IPs
  36. 185.66.195.94/31+ # BER-IPs
  37. {%- else %}
  38. if net ~ [
  39. 2a03:2260:2342::/48{48,56}
  40. {%- endif %}
  41. ] then {
  42. # Is there an export restriction for this route?
  43. if (EXPORT_RESTRICT ~ bgp_community) then {
  44. {%- for community in te_community_map_ffrl %}
  45. if ({{ community }} ~ bgp_community) then
  46. accept;
  47. {%- endfor %}
  48. }
  49. # No export restriction, go ahead
  50. else {
  51. accept;
  52. }
  53. }
  54. reject;
  55. };
  56. {%- if proto == 'v4' %}
  57. protocol direct p_nat {
  58. interface "nat";
  59. }
  60. {%- endif %}
  61. define AS_FFRL = 201701;
  62. template bgp as201701 {
  63. import filter ffrl_in;
  64. export filter ffrl_out;
  65. import keep filtered;
  66. local as 65132;
  67. preference 200;
  68. }
  69. {% for session in sessions|sort %}
  70. {%- set session_config = sessions.get (session) %}
  71. {%- set bgp_local_pref = session_config.get ('bgp_local_pref') %}
  72. protocol bgp {{ session }} from as201701 {
  73. source address {{ session_config.get ('local') }};
  74. neighbor {{ session_config.get ('neighbor') }} as AS_FFRL;
  75. {%- if bgp_local_pref %}
  76. default bgp_local_pref {{ bgp_local_pref }};
  77. {%- endif %}
  78. }
  79. {% endfor %}