|
@@ -1,10 +1,10 @@
|
|
#
|
|
#
|
|
-# IPv4 Bird configuration (Salt managed)
|
|
|
|
|
|
+# IP{{ proto }} Bird configuration (Salt managed)
|
|
#
|
|
#
|
|
{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
|
|
{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
|
|
|
|
|
|
define AS_OWN = 65132;
|
|
define AS_OWN = 65132;
|
|
-define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], 'v4') }};
|
|
|
|
|
|
+define LO_IP = {{ salt['ffho_net.get_loopback_ip'](node_config, grains['id'], proto) }};
|
|
|
|
|
|
router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};
|
|
router id {{ salt['ffho_net.get_router_id'](node_config, grains['id']) }};
|
|
|
|
|
|
@@ -21,32 +21,7 @@ protocol device {
|
|
protocol kernel {
|
|
protocol kernel {
|
|
scan time 20; # Scan kernel routing table every 20 seconds
|
|
scan time 20; # Scan kernel routing table every 20 seconds
|
|
|
|
|
|
-{% if 'vpn' in node_config.get ('roles') %}
|
|
|
|
- # Learn host routes set up by VPN server(s) on this machine.
|
|
|
|
- # As there are two VPN hosts it's important to learn an redistribute
|
|
|
|
- # these internally to maintain full reachability.
|
|
|
|
- learn;
|
|
|
|
-
|
|
|
|
- import filter {
|
|
|
|
- if net ~ [
|
|
|
|
- 10.132.249.0/24+, # OPS
|
|
|
|
- 10.132.250.0/24+, # User-srv
|
|
|
|
- 10.132.251.0/24+, # Infra-srv
|
|
|
|
- 80.70.181.56/29+ # Vega-IPs
|
|
|
|
- ] then {
|
|
|
|
-
|
|
|
|
- # Bump perference of learned kernel routes from 10(!) to very high,
|
|
|
|
- # so they "win" in routed election and there's no clash with any
|
|
|
|
- # backup route via OSPF.
|
|
|
|
- preference = 12345;
|
|
|
|
- accept;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- reject;
|
|
|
|
- };
|
|
|
|
-{% else %}
|
|
|
|
import none;
|
|
import none;
|
|
-{%- endif %}
|
|
|
|
# Do NOT export local unreachable routes for TE purposes
|
|
# Do NOT export local unreachable routes for TE purposes
|
|
export where proto != "ffho_te";
|
|
export where proto != "ffho_te";
|
|
}
|
|
}
|
|
@@ -54,5 +29,10 @@ protocol kernel {
|
|
|
|
|
|
#
|
|
#
|
|
# Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
|
|
# Load additiional configuration (IGP, FFRL, ICVPN, 'n stuff)
|
|
|
|
+{%- if proto == "v4" %}
|
|
include "/etc/bird/ff-policy.conf";
|
|
include "/etc/bird/ff-policy.conf";
|
|
include "/etc/bird/bird.d/*.conf";
|
|
include "/etc/bird/bird.d/*.conf";
|
|
|
|
+{%- else %}
|
|
|
|
+include "/etc/bird/ff-policy6.conf";
|
|
|
|
+include "/etc/bird/bird6.d/*.conf";
|
|
|
|
+{%- endif %}
|