134 lines
2.7 KiB
Django/Jinja
134 lines
2.7 KiB
Django/Jinja
#
|
|
# {{ ansible_managed }}
|
|
#
|
|
|
|
# Variables
|
|
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
|
define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
|
define mwu_as = {{ as_private_mwu }};
|
|
|
|
# General
|
|
timeformat protocol iso long;
|
|
router id router_id;
|
|
|
|
# Functions
|
|
function is_default() {
|
|
return net ~ [
|
|
::/0
|
|
];
|
|
}
|
|
|
|
function is_ula() {
|
|
return net ~ [
|
|
fc00::/7{48,64}
|
|
];
|
|
}
|
|
|
|
function is_mwu_self_nets_loose() {
|
|
return net ~ [
|
|
{% for prefix in ffmwu_internal_prefixes %}
|
|
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
|
|
{% endfor %}
|
|
];
|
|
}
|
|
|
|
function is_mwu_self_nets_strict() {
|
|
return net ~ [
|
|
{% for prefix in ffmwu_internal_prefixes %}
|
|
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
|
|
{% endfor %}
|
|
];
|
|
}
|
|
|
|
function is_mwu_loopback() {
|
|
return net ~ [
|
|
{{ ffmwu_loopback_net_ipv6 }}+
|
|
];
|
|
};
|
|
|
|
function is_mwu_anycast() {
|
|
return net ~ [
|
|
{{ ffmwu_anycast_ipv6 }}+
|
|
];
|
|
};
|
|
|
|
# Protocols
|
|
protocol device {
|
|
scan time 30;
|
|
};
|
|
|
|
protocol direct mwu_subnets {
|
|
{% for mesh in meshes %}
|
|
interface "{{ mesh.id }}br";
|
|
{% endfor %}
|
|
import where is_mwu_self_nets_loose();
|
|
};
|
|
|
|
protocol direct mwu_loopback {
|
|
interface "loopback";
|
|
import where is_mwu_loopback();
|
|
};
|
|
|
|
{% if ffmwu_server_type == "gateway" %}
|
|
protocol direct mwu_anycast {
|
|
interface "anycast";
|
|
import where is_mwu_anycast();
|
|
};
|
|
{% endif %}
|
|
|
|
protocol static {
|
|
{% for prefix in ffmwu_internal_prefixes %}
|
|
route {{ prefix.ipv6 }} reject;
|
|
{% endfor %}
|
|
};
|
|
|
|
protocol kernel kernel_mwu {
|
|
scan time 30;
|
|
import none;
|
|
export filter {
|
|
{% if ffmwu_server_type == "gateway" %}
|
|
if is_mwu_anycast() then reject;
|
|
{% else %}
|
|
if is_mwu_anycast() then accept;
|
|
{% endif %}
|
|
if is_mwu_loopback() then accept;
|
|
reject;
|
|
};
|
|
kernel table ipt_mwu;
|
|
};
|
|
|
|
# Templates
|
|
template bgp ibgp_mwu {
|
|
local mwu_address as mwu_as;
|
|
import keep filtered on;
|
|
import filter {
|
|
{% if ffmwu_server_type == "gateway" %}
|
|
if is_mwu_anycast() then reject;
|
|
{% endif %}
|
|
if is_mwu_self_nets_loose() then accept;
|
|
if is_ula() then accept;
|
|
reject;
|
|
};
|
|
export filter {
|
|
if is_mwu_self_nets_loose() then accept;
|
|
if source = RTS_BGP then accept;
|
|
reject;
|
|
};
|
|
direct;
|
|
gateway direct;
|
|
};
|
|
|
|
# Include IPv6 MWU peers
|
|
include "mwu_ipv6_peers.con?";
|
|
{% if ffmwu_server_type == "gateway" %}
|
|
|
|
# Include IPv6 ICVPN configuration
|
|
include "icvpn_ipv6.con?";
|
|
|
|
# Include IPv6 FFRL configuration
|
|
include "ffrl_ipv6.con?";
|
|
|
|
# Include IPv6 Router Advertisement configuration
|
|
include "radv.con?";
|
|
{% endif %}
|