C4TG1RL5_UN1T3D/C4TG1RL5_UN1T3D.DN42
4
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
C4TG1RL5_UN1T3D.DN42/base/bird/bird/config/community_filters.conf
famfo 3d1cd06983 Update IPAM, base config
2022-06-11 00:59:24 +02:00

108 lines
4.7 KiB
Plaintext
Raw Blame History

# Stole from https://github.com/jlu5/ansible-dn42/tree/main/roles/config-bird2
# adapted for our general config (thanks jlu5 for sharing it)
#
# DN42 community filters. Based off https://dn42.net/howto/Bird-communities and tweaked
# for Bird 2
function update_latency(int link_latency) {
bgp_community.add((64511, link_latency));
if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; }
else if (64511, 8) ~ bgp_community then { bgp_community.delete([(64511, 1..7)]); return 8; }
else if (64511, 7) ~ bgp_community then { bgp_community.delete([(64511, 1..6)]); return 7; }
else if (64511, 6) ~ bgp_community then { bgp_community.delete([(64511, 1..5)]); return 6; }
else if (64511, 5) ~ bgp_community then { bgp_community.delete([(64511, 1..4)]); return 5; }
else if (64511, 4) ~ bgp_community then { bgp_community.delete([(64511, 1..3)]); return 4; }
else if (64511, 3) ~ bgp_community then { bgp_community.delete([(64511, 1..2)]); return 3; }
else if (64511, 2) ~ bgp_community then { bgp_community.delete([(64511, 1..1)]); return 2; }
else return 1;
}
function update_bandwidth(int link_bandwidth) {
bgp_community.add((64511, link_bandwidth));
if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; }
else if (64511, 22) ~ bgp_community then { bgp_community.delete([(64511, 23..29)]); return 22; }
else if (64511, 23) ~ bgp_community then { bgp_community.delete([(64511, 24..29)]); return 23; }
else if (64511, 24) ~ bgp_community then { bgp_community.delete([(64511, 25..29)]); return 24; }
else if (64511, 25) ~ bgp_community then { bgp_community.delete([(64511, 26..29)]); return 25; }
else if (64511, 26) ~ bgp_community then { bgp_community.delete([(64511, 27..29)]); return 26; }
else if (64511, 27) ~ bgp_community then { bgp_community.delete([(64511, 28..29)]); return 27; }
else if (64511, 28) ~ bgp_community then { bgp_community.delete([(64511, 29..29)]); return 28; }
else return 29;
}
function update_crypto(int link_crypto) {
bgp_community.add((64511, link_crypto));
if (64511, 31) ~ bgp_community then { bgp_community.delete([(64511, 32..34)]); return 31; }
else if (64511, 32) ~ bgp_community then { bgp_community.delete([(64511, 33..34)]); return 32; }
else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; }
else return 34;
}
function update_flags(int link_latency; int link_bandwidth; int link_crypto)
int dn42_latency;
int dn42_bandwidth;
int dn42_crypto;
{
dn42_latency = update_latency(link_latency);
dn42_bandwidth = update_bandwidth(link_bandwidth) - 20;
dn42_crypto = update_crypto(link_crypto) - 30;
# TODO: abstract this out into a config variable
if dn42_bandwidth > 4 then dn42_bandwidth = 4;
return true;
}
function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) {
if net.type = NET_IP4 && is_valid_network() && !is_self_net() then {
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
print "[dn42] ROA check failed for ", net, " - AS ", bgp_path.last;
reject;
}
} else if net.type = NET_IP6 && is_valid_network_v6() && !is_self_net_v6() then {
if (roa_check(dn42_roa6, net, bgp_path.last) != ROA_VALID) then {
print "[dn42] ROA check failed for ", net, " - AS ", bgp_path.last;
reject;
}
} else { # Invalid IP or unknown net type
reject;
}
update_flags(link_latency, link_bandwidth, link_crypto);
bgp_import_filter();
accept;
}
function dn42_export_filter(int link_latency; int link_bandwidth; int link_crypto) {
if (is_valid_network() || is_valid_network_v6()) then {
if source = RTS_STATIC || source = RTS_DEVICE then {
bgp_community.add((64511, DN42_REGION));
}
update_flags(link_latency, link_bandwidth, link_crypto);
accept;
}
reject;
}
function dn42_ibgp_import_filter(int link_latency; int link_bandwidth; int link_crypto) {
if source = RTS_BGP && net.type = NET_IP4 && is_valid_network() && !is_self_net() then {
update_flags(link_latency, link_bandwidth, link_crypto);
accept;
} else if source = RTS_BGP && net.type = NET_IP6 && is_valid_network_v6() && !is_self_net_v6() then {
update_flags(link_latency, link_bandwidth, link_crypto);
accept;
} else {
reject;
}
}
function dn42_ibgp_export_filter(int link_latency; int link_bandwidth; int link_crypto) {
if source = RTS_BGP && (is_valid_network() || is_valid_network_v6()) && (!is_self_net() || !is_self_net_v6()) then {
update_flags(link_latency, link_bandwidth, link_crypto);
accept;
}
reject;
}
Reference in a new issue View git blame Copy permalink