jae1911 · February 23, 2022 17:58 · Feb 23, 2022
diff --git a/bird.conf b/bird.conf
@@ -0,0 +1,502 @@
+log syslog all;
+
+router id 193.148.249.118;
+protocol device {
+   # Time between scans of connected devices
+   scan time 10;
+}
+
+roa4 table roa_v4;
+roa6 table roa_v6;
+
+protocol rpki routinator1 {
+  roa4 { table roa_v4; };
+  roa6 { table roa_v6; };
+#  remote "127.0.0.1" port 8282;
+  remote "127.0.0.1" port 3323;
+  retry keep 90;
+  refresh keep 900;
+  expire keep 172800;
+}
+### BOGON
+define bogonAS =
+[
+   0,
+   23456,
+   64496..64511,
+   64512..65534,
+   65535,
+   65536..65551,
+   65552..131071,
+   4200000000..4294967294,
+   4294967295
+];
+
+### Martians
+define martiansv6 =
+[
+    2001:db8::/32+,
+    2001::/33+,
+    2002::/17+,
+    0000::/8+,
+    fe00::/8+,
+    ::/128-,
+    ::/0{0,11},
+    ::/0{64,128},
+    # IXP ranges
+    2001:7f8:f2:e1::/64,
+    2602:fed2:fff:ffff::/64,
+    2001:7f8:33::/48
+];
+
+### MY PREFIXES
+define MY_PFX = [
+        2a0e:8f02:f01f::/48,
+        2001:67c:2724::/48,
+        2a12:4946:9900::/40
+];
+
+define MY_v4 = [
+        89.46.97.0/24
+];
+
+protocol direct {
+    ipv6 {
+        import all;
+    };
+    ipv4 {
+        import all;
+    };
+    interface "dummy*";
+}
+
+protocol kernel {
+    ipv6 {
+        import none;
+        # export all;
+        export filter {
+            krt_prefsrc = 2001:67c:2724:ff00::;
+            accept;
+        };
+    };
+
+    scan time 20;
+    learn;
+    persist;
+    # Merge paths if there's multiple with the same route
+    merge paths;
+}
+
+protocol kernel {
+   ipv4 {
+        import none;
+        export all;
+        #export filter {
+        #        #krt_perfsrc = 89.46.97.0;
+        #        accept;
+        #};
+   };
+
+    scan time 20;
+    learn;
+    persist;
+    # Merge paths if there's multiple with the same route
+    merge paths;
+}
+
+
+# Static route feed
+protocol static {
+    ipv6 {
+        import all;
+    };
+
+    route 2a0e:8f02:f01f::/48 reject;
+    route 2001:67c:2724::/48 reject;
+    route 2a12:4946:9900::/40 reject;
+    # Loopback
+    route 2001:67c:2724:ff00::/64 via "lo";
+    route 2a12:4946:9900:ff00::/64 via "lo";
+}
+
+protocol static {
+        ipv4 {
+                import all;
+        };
+
+        route 89.46.97.0/24 reject;
+        route 89.46.97.0/32 via "lo";
+}
+
+# EvIX template
+template bgp evix_clients {
+    local 2602:fed2:fff:ffff:6::6f as 211696;
+    interface "ens21";
+    hold time 240;
+
+    graceful restart on;
+
+    ipv4 {
+        import keep filtered yes;
+        import filter
+        {
+                if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject;
+                if bgp_path ~ bogonAS then reject;
+                if net ~ MY_v4 then reject;
+
+                bgp_local_pref = 100;
+                accept;
+        };
+
+        export filter
+        {
+                include "communities.conf";
+                if net ~ MY_v4 then accept;
+
+                reject;
+        };
+    };
+
+    ipv6 {
+           import keep filtered yes;
+       import filter
+       {
+          if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject;
+          if bgp_path ~ bogonAS then reject;
+          if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject;
+          bgp_local_pref = 100;
+          accept;
+       };
+       export filter
+       {
+          include "communities.conf";
+          if net.len < 49 && net ~ MY_PFX then accept;
+
+         reject;
+       };
+    };
+}
+
+# LocIX templace
+template bgp locix_clients {
+    local 2001:7f8:f2:e1::21:1696:1 as 211696;
+    interface "ens20";
+    hold time 240;
+
+    graceful restart on;
+
+    ipv4 {
+        import keep filtered yes;
+        import filter
+        {
+                if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject;
+                if bgp_path ~ bogonAS then reject;
+                if net ~ MY_v4 then reject;
+
+                bgp_local_pref = 100;
+                accept;
+        };
+
+        export filter
+        {
+                include "communities.conf";
+                if net ~ MY_v4 then accept;
+
+                reject;
+        };
+    };
+
+
+    ipv6 {
+           import keep filtered yes;
+       import filter
+       {
+          if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject;
+          if bgp_path ~ bogonAS then reject;
+          if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject;
+          bgp_local_pref = 100;
+          accept;
+       };
+       export filter
+       {
+         include "communities.conf";
+        if net.len < 49 && net ~ MY_PFX then accept;
+
+         reject;
+       };
+    };
+}
+
+# KleyReX templace
+template bgp kleyrex_clients {
+    local 2001:7f8:33::a121:1696:1 as 211696;
+
+    interface "ens19";
+    hold time 240;
+
+    graceful restart on;
+
+    ipv4 {
+        import keep filtered yes;
+        import filter
+        {
+                if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject;
+                if bgp_path ~ bogonAS then reject;
+                if net ~ MY_v4 then reject;
+
+                bgp_local_pref = 100;
+                accept;
+        };
+
+        export filter
+        {
+                include "communities.conf";
+                if net ~ MY_v4 then accept;
+
+                reject;
+        };
+    };
+
+
+    ipv6 {
+           import keep filtered yes;
+       import filter
+       {
+          if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject;
+          if bgp_path ~ bogonAS then reject;
+          if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject;
+          bgp_local_pref = 100;
+          accept;
+       };
+       export filter
+       {
+          include "communities.conf";
+          if net.len < 49 && net ~ MY_PFX then accept;
+
+         reject;
+       };
+    };
+}
+
+# Routes
+
+## EvIX
+protocol bgp evix from evix_clients {
+    description "EvIX";
+    neighbor 2602:fed2:fff:ffff::1 as 137933;
+}
+
+protocol bgp evixbak from evix_clients {
+    description "EvIX backup";
+    neighbor 2602:fed2:fff:ffff::253 as 209762;
+}
+
+protocol bgp volffy from evix_clients {
+    description "wolffy peering";
+    neighbor 2602:fed2:fff:ffff:6::70 as 211688;
+}
+
+## LocIX
+protocol bgp locixrt from locix_clients {
+    description "LocIX backup";
+    neighbor 2001:7f8:f2:e1::babe:1 as 202409;
+}
+
+protocol bgp locixrt2 from locix_clients {
+    description "LocIX backup";
+    neighbor 2001:7f8:f2:e1::dead:1 as 202409;
+}
+
+protocol bgp locixrt3 from locix_clients {
+    description "LocIX backup";
+    neighbor 2001:7f8:f2:e1::be5a as 202409;
+}
+
+protocol bgp openfactory from locix_clients {
+    description "openfactory";
+    neighbor 2001:7f8:f2:e1::4:1051:1 as 41051;
+
+    ipv4 {
+        import keep filtered yes;
+        import filter
+        {
+                if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject;
+                if bgp_path ~ bogonAS then reject;
+                if net ~ MY_v4 then reject;
+
+                bgp_local_pref = 100;
+                accept;
+        };
+
+        export filter
+        {
+                include "communities.conf";
+                if net ~ MY_v4 then accept;
+
+                reject;
+        };
+    };
+
+
+    ipv6 {
+           import keep filtered yes;
+       import filter
+       {
+          if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject;
+          if bgp_path ~ bogonAS then reject;
+          if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject;
+          bgp_local_pref = 100;
+          accept;
+       };
+       export filter
+       {
+        bgp_path.prepend(211696);
+        include "communities.conf";
+        if net.len < 49 && net ~ MY_PFX then accept;
+
+         reject;
+       };
+    };
+}
+
+protocol bgp tyrasuki from locix_clients {
+    description "tyrasuki";
+    neighbor 2001:7f8:f2:e1:0:21:2123:1 as 212123;
+
+    ipv4 {
+        import keep filtered yes;
+        import filter
+        {
+                if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject;
+                if bgp_path ~ bogonAS then reject;
+                if net ~ MY_v4 then reject;
+
+                bgp_local_pref = 100;
+                accept;
+        };
+
+        export filter
+        {
+                include "communities.conf";
+                if net ~ MY_v4 then accept;
+
+                reject;
+        };
+    };
+
+
+    ipv6 {
+           import keep filtered yes;
+       import filter
+       {
+          if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject;
+          if bgp_path ~ bogonAS then reject;
+          if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject;
+          bgp_local_pref = 100;
+          accept;
+       };
+       export filter
+       {
+        include "communities.conf";
+        if net.len < 49 && net ~ MY_PFX then accept;
+
+         reject;
+       };
+    };
+}
+
+protocol bgp hurricane from locix_clients {
+    description "hurricane";
+    neighbor 2001:7f8:f2:e1::6939:1 as 6939;
+}
+
+protocol bgp loc_wolffy from locix_clients {
+    description "Wolffy on LocIX";
+    neighbor 2001:7f8:f2:e1:0:21:1688:1 as 211688;
+}
+
+protocol bgp loc_mike_marchal from locix_clients {
+    description "Mike Marchal";
+    neighbor 2001:7f8:f2:e1:0:21:1398:2 as 211398;
+
+}
+
+### KleyReX
+protocol bgp kleyrex from kleyrex_clients {
+    description "rs1";
+    neighbor 2001:7f8:33::a103:1142:1 as 31142;
+}
+
+protocol bgp kleyrexrs2 from kleyrex_clients {
+    description "rs2";
+    neighbor 2001:7f8:33::a103:1142:2 as 31142;
+}
+
+protocol bgp kleyrexrs3 from kleyrex_clients {
+    description "rs2";
+    neighbor 2001:7f8:33::a103:1142:3 as 31142;
+}
+
+protocol bgp hurricanekley from kleyrex_clients {
+    description "Hurricane Electrics KX";
+    neighbor 2001:7f8:33::a100:6939:1 as 6939;
+}
+
+### special ifog direct
+protocol bgp ifog {
+    description "ifog";
+    hold time 240;
+    direct;
+
+    local 2a0c:9a40:1::621 as 211696;
+    neighbor 2a0c:9a40:1::1 as 34927;
+    graceful restart on;
+
+    ipv4 {
+        import keep filtered yes;
+        import filter
+        {
+                if roa_check(roa_v4, net, bgp_path.last) = ROA_INVALID then reject;
+                if bgp_path ~ bogonAS then reject;
+                if net ~ MY_v4 then reject;
+
+                bgp_local_pref = 100;
+                accept;
+        };
+
+        export filter
+        {
+                include "communities.conf";
+                if net ~ MY_v4 then accept;
+
+                reject;
+        };
+    };
+
+
+    ipv6 {
+           import keep filtered yes;
+       import filter
+       {
+          if roa_check(roa_v6, net, bgp_path.last) = ROA_INVALID then reject;
+          if bgp_path ~ bogonAS then reject;
+          if net.len > 48 || net ~ martiansv6 || net ~ MY_PFX then reject;
+          bgp_local_pref = 100;
+          if (34927, 133) ~ bgp_community then { bgp_local_pref = 50; }
+
+          accept;
+       };
+       export filter
+       {
+         include "communities.conf";
+         bgp_path.prepend(211696);
+         bgp_path.prepend(211696);
+
+          bgp_community.add((34927, 9330));
+          if net.len < 49 && net ~ MY_PFX then accept;
+
+         reject;
+       };
+    };
+
+}
No results found