# # {{ ansible_managed }} # # Variables define router_id = {{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define mwu_address_legacy = {{ bgp_ipv6_transfer_net_legacy | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define mwu_as = {{ as_private }}; # General timeformat protocol iso long; router id router_id; # Functions function is_default() { return net ~ [ ::/0 ]; } function is_ula() { return net ~ [ fc00::/7{48,64} ]; } function is_mwu_self_nets_loose() { return net ~ [ {% for prefix in internal_prefixes %} {{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }} {% endfor %} ]; } function is_mwu_self_nets_strict() { return net ~ [ {% for prefix in internal_prefixes %} {{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }} {% endfor %} ]; } function is_mwu_loopback() { return net ~ [ {{ loopback_net_ipv6 }}+ ]; }; function is_mwu_anycast() { return net ~ [ {{ anycast_ipv6 }}+ ]; }; # Protocols protocol device { scan time 30; }; protocol direct mwu_subnets { {% if server_type == 'gateway' or server_type == 'monitoring' %} {% for mesh in meshes %} interface "{{ mesh.id }}br"; {% endfor %} {% endif %} {% for network in my_wireguard_networks %} interface "wg-{{ network.remote[:11] }}"; {% endfor %} import where is_mwu_self_nets_loose(); }; protocol direct mwu_loopback { interface "loopback"; import where is_mwu_loopback(); }; {% if server_type == "gateway" %} protocol direct mwu_anycast { interface "anycast"; import where is_mwu_anycast(); }; protocol static { {% for prefix in internal_prefixes %} route {{ prefix.ipv6 }} reject; {% endfor %} }; {% endif %} protocol kernel kernel_mwu { scan time 30; import none; export filter { {% if server_type == "gateway" %} if is_mwu_anycast() then reject; {% else %} if is_mwu_anycast() then accept; {% endif %} {% if server_type == "mesh-service" %} if is_ula() then accept; {% endif %} if is_mwu_loopback() then accept; reject; }; merge paths yes limit {{ groups['ffmwu-gateways'] | length }}; kernel table ipt_mwu; }; # Templates template bgp ibgp_mwu { local as mwu_as; import keep filtered on; import filter { {% if server_type == "gateway" %} if is_mwu_anycast() then reject; {% endif %} if is_mwu_self_nets_loose() then accept; if is_ula() then accept; reject; }; export filter { {% if server_type == "gateway" %} if is_mwu_self_nets_loose() then accept; if source = RTS_BGP then accept; {% else %} if is_mwu_loopback() then accept; {% endif %} reject; }; direct; gateway direct; }; # Include IPv6 MWU peers include "mwu_ipv6_peers.con?"; {% if server_type == "gateway" %} # Include IPv6 ICVPN configuration include "icvpn_ipv6.con?"; # Include IPv6 FFRL configuration include "ffrl_ipv6.con?"; # Include IPv6 Router Advertisement configuration include "radv.con?"; {% endif %}