Bird config

.gitignore

@@ -0,0 +1,4 @@
+*/config/bird/bird/peers/*.conf
+*/config/bird/bird/igp/peers/*.conf
+*/config/bird/bird/igp/ospf/*.conf
+

thilo-alpine/config/bird/bird.conf

@@ -14,7 +14,7 @@ include "/etc/bird/config/functions.conf";
 log "/tmp/bird.log" all;
 
 roa4 table dn42_roa;
-roa6 table dn42_roa_v6;
+roa6 table dn42_roa6;
 
 protocol device {
     scan time 10;
@@ -53,7 +53,7 @@ protocol static {
 
 protocol static {
     roa6 { 
-        table dn42_roa_v6; 
+        table dn42_roa6; 
     };
     include "/etc/bird/roa/dn42_roa_bird2_6.conf";
 };
@@ -74,6 +74,7 @@ protocol static {
     };
 }
 
+include "/etc/bird/config/custom_filters.conf";
 include "/etc/bird/config/community_filters.conf";
 
 template bgp dn42_peer {
@@ -81,6 +82,7 @@ template bgp dn42_peer {
     prefer older on;
     enforce first as on;
     advertise hostname on;
+    allow bgp_local_pref;
 };
 
 template bgp dn42_igp {

thilo-alpine/config/bird/bird/config/community_filters.conf

@@ -58,7 +58,7 @@ function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypt
             reject;
         }
     } else if net.type = NET_IP6 && is_valid_network_v6() && !is_self_net_v6() then {
-        if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
+        if (roa_check(dn42_roa6, net, bgp_path.last) != ROA_VALID) then {
             print "[dn42] ROA check failed for ", net, " - AS ", bgp_path.last;
             reject;
         }
@@ -66,6 +66,7 @@ function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypt
         reject;
     }
     update_flags(link_latency, link_bandwidth, link_crypto);
+    bgp_import_filter();
 
     accept;
 }
@@ -73,21 +74,13 @@ function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypt
 function dn42_export_filter(int link_latency; int link_bandwidth; int link_crypto) {
     if (is_valid_network() || is_valid_network_v6()) then {
         if source = RTS_STATIC || source = RTS_DEVICE then {
-            bgp_community.add((64511, DN42_REGION));
+            bgp_community.add((64511, DN42_REGION));            
         }
-        # Only export aggregated prefixes to peers
-        # TODO: implement
-        #if (is_self_net() && !is_self_net_aggr()) then {
-        #    reject;
-        #}
-        # TODO: implement
-        #if (is_self_net_v6() && !is_self_net_aggr_v6()) then {
-        #    reject;
-        #}
         update_flags(link_latency, link_bandwidth, link_crypto);
 
         accept;
     }
+
     reject;
 }
 

thilo-alpine/config/bird/bird/config/custom_filters.conf

@@ -0,0 +1,97 @@
+# Based on jlu5's custom filters
+# https://github.com/jlu5/ansible-dn42
+# Adapted for AS4242421411 - C4TG1RL5
+
+function lower_pref(int x) {
+    if (bgp_local_pref > x) then {
+        bgp_local_pref = bgp_local_pref - x;
+    } else {
+        bgp_local_pref = 0;
+    }
+}
+
+function get_region_tag(int region_tag) {
+    if (region_tag = 44) then {
+        return 1;  # North America - West
+    } else if (region_tag ~ [42..43]) then {
+        return 2;  # North America - Central/East
+    } else if (region_tag = 41) then {
+        return 3;  # Europe
+    } else if (region_tag ~ [51..53]) then {
+        return 4;  # Asia E/SE + Oceania
+    }
+    return 0;
+}
+
+function prefer_same_region_origin(int base_weight) 
+    int region_tag;
+    int incoming_tag;
+{
+    region_tag = get_region_tag(DN42_REGION);
+    incoming_tag = 0;
+
+    if ((64511, 41) ~ bgp_community) then {
+        incoming_tag = get_region_tag(41);
+    }
+    else if ((64511, 42) ~ bgp_community) then {
+        incoming_tag = get_region_tag(42);
+    }
+    else if ((64511, 43) ~ bgp_community) then {
+        incoming_tag = get_region_tag(43);
+    }
+    else if ((64511, 44) ~ bgp_community) then {
+        incoming_tag = get_region_tag(44);
+    }
+    else if ((64511, 50) ~ bgp_community) then {
+        incoming_tag = get_region_tag(50);
+    }
+    else if ((64511, 51) ~ bgp_community) then {
+        incoming_tag = get_region_tag(51);
+    }
+    else if ((64511, 52) ~ bgp_community) then {
+        incoming_tag = get_region_tag(52);
+    }
+    else if ((64511, 53) ~ bgp_community) then {
+        incoming_tag = get_region_tag(53);
+    }
+
+    if (incoming_tag = 0 || incoming_tag = region_tag) then {
+        # print "Route ", net, " has incoming tag ", incoming_tag, " matching ours ", region_tag;
+        bgp_local_pref = bgp_local_pref + 50;
+    }
+}
+
+function bgp_import_filter() {
+    # Reject routes with long path lengths
+    if (bgp_path.len > 12) then {         
+        reject;
+    }
+
+    bgp_local_pref = bgp_local_pref + 1400;
+    lower_pref(bgp_path.len * 100);
+    prefer_same_region_origin(200);
+
+    if (source = RTS_BGP && (65535, 666) ~ bgp_community) then {
+        dest = RTD_BLACKHOLE;
+    }
+};
+
+function ibgp_import_filter() {
+    if (source != RTS_BGP) then {
+        reject;
+    }
+    if (!is_valid_network() && !is_valid_network_v6()) then {
+        reject;
+    }
+
+    bgp_local_pref = bgp_local_pref + 1400;
+    lower_pref(bgp_path.len * 100);
+    if (bgp_path.len = 0) then {
+        bgp_local_pref = bgp_local_pref + 2000;
+    }
+
+    accept;
+}
+
+# TODO: implement exports with the bgp_med attribute
+

thilo-alpine/config/bird/bird/igp/ospf/ospf.conf

@@ -1,4 +1,4 @@
-protocol ospf v3 ospf_karx {
+protocol ospf v3 ospf_gpvm {
     ipv4 {
         import where is_self_net() && source != RTS_BGP;
         export where is_self_net() && source != RTS_BGP;
@@ -6,7 +6,7 @@ protocol ospf v3 ospf_karx {
     include "/etc/bird/igp/ospf/ospf_backbone.conf";
 };
 
-protocol ospf v3 ospf6_karx {
+protocol ospf v3 ospf6_gpvm {
     ipv6 {
         import where is_self_net_v6() && source != RTS_BGP;
         export where is_self_net_v6() && source != RTS_BGP;

thilo-alpine/config/bird/bird/igp/ospf/ospf_backbone.conf

@@ -1,6 +1,10 @@
 area 0 {
     interface "wgs1" {
-        cost 100;
+        cost 126;
+    };
+
+    interface "wgs2" {
+        cost 42;
     };
 
     interface "dn42_igp_gpvm" {

thilo-alpine/config/bird/bird/igp/peers/karx.conf

@@ -1,16 +1,16 @@
 protocol bgp karx_ibgp from dn42_igp {
-    neighbor fe80::4242%wgs1 as AS;
+    neighbor fe80::4243%wgs1 as AS;
 
     ipv4 {
-	    import where dn42_ibgp_import_filter(5,24,33);
+	    import where ibgp_import_filter();
 	    export where dn42_ibgp_export_filter(5,24,33);
-	    next hop self;
+	    #next hop self;
 	    extended next hop on;
     };
     ipv6 {
-	    import where dn42_ibgp_import_filter(5,24,33);
+	    import where ibgp_import_filter();
 	    export where dn42_ibgp_export_filter(5,24,33);
-	    next hop self;
+	    #next hop self;
     };
 }
 

thilo-alpine/config/bird/bird/peers/kioubit.conf

@@ -1,5 +1,5 @@
 protocol bgp kioubit from dn42_peer {
-    neighbor fe80::ade0%wg0 as 4242423914;
+    neighbor fe80::ade0%wg_kioubit as 4242423914;
     passive off;
 
     ipv4 {

thilo-alpine/config/bird/bird/peers/tech9.conf

@@ -1,5 +1,5 @@
 protocol bgp tech9 from dn42_peer {
-    neighbor fe80::1588%wg1 as 4242421588;
+    neighbor fe80::1588%wg_tech9 as 4242421588;
     passive off;
 
     ipv4 {

thilo-alpine/config/bird/bird/peers/whojk.conf

@@ -1,5 +1,5 @@
 protocol bgp whojk from dn42_peer {
-    neighbor fe80::2717%wg2 as 4242422717;
+    neighbor fe80::2717%wg_whojk as 4242422717;
     passive off;
 
     ipv4 {

thilo-alpine/config/bird/bird/peers/yuuta.conf

@@ -1,5 +1,5 @@
 protocol bgp yuuta from dn42_peer {
-    neighbor fe80::2980%wg3 as 4242422980;
+    neighbor fe80::2980%wg_yuuta as 4242422980;
     passive off;
 
     ipv4 {