ansible-ffibk/roles/service-bird/templates/bird6.conf.j2
Tobias Hachmer fa37598c3b
Roles service-bird + service-bird-icvpn:
Restructure bird configuration to exchange loopback addresses and announce the whole freifunk subnets instead the configured ones.
2018-11-07 10:28:13 +01:00

125 lines
2.5 KiB
Django/Jinja

#
# {{ ansible_managed }}
#
# Variables
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_as = {{ as_private_mwu }};
# General
timeformat protocol iso long;
router id router_id;
# Functions
function is_default() {
return net ~ [
::/0
];
}
function is_ula() {
return net ~ [
fc00::/7{48,64}
];
}
function is_mwu_self_nets_loose() {
return net ~ [
{% for prefix in ffmwu_internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %}
];
}
function is_mwu_self_nets_strict() {
return net ~ [
{% for prefix in ffmwu_internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
{% endfor %}
];
}
function is_mwu_loopback() {
return net ~ [
{{ ffmwu_loopback_net_ipv6 }}+
];
};
function is_mwu_anycast() {
return net ~ [
{{ ffmwu_anycast_ipv6 }}+
];
};
# Protocols
protocol device {
scan time 30;
};
protocol direct mwu_subnets {
{% for mesh in meshes %}
interface "{{ mesh.id }}br";
{% endfor %}
import where is_mwu_self_nets_loose();
};
protocol direct mwu_loopback {
interface "loopback";
import where is_mwu_loopback();
};
{% if ffmwu_server_type == "gateway" %}
protocol direct mwu_anycast {
interface "anycast";
import where is_mwu_anycast();
};
{% endif %}
protocol static {
{% for prefix in ffmwu_internal_prefixes %}
route {{ prefix.ipv6 }} reject;
{% endfor %}
};
protocol kernel kernel_mwu {
scan time 30;
import none;
export filter {
if is_mwu_anycast() then reject;
if is_mwu_loopback() then accept;
reject;
};
kernel table ipt_mwu;
};
# Templates
template bgp ibgp_mwu {
local mwu_address as mwu_as;
import keep filtered on;
import filter {
if is_mwu_anycast() then reject;
if is_mwu_self_nets_loose() then accept;
if is_ula() then accept;
reject;
};
export filter {
if is_mwu_anycast() then reject;
if is_mwu_self_nets_loose() then accept;
if source = RTS_BGP then accept;
reject;
};
direct;
gateway direct;
};
# Include IPv6 MWU peers
include "mwu_ipv6_peers.con?";
{% if ffmwu_server_type == "gateway" %}
# Include IPv6 ICVPN configuration
include "icvpn_ipv6.con?";
# Include IPv6 FFRL configuration
include "ffrl_ipv6.con?";
{% endif %}