ansible-ffibk/roles/service-bird/templates/bird6.conf.j2
Tobias Hachmer e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose.
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
 * add host kichererbse.freifunk-mwu.de
 * add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
 * use new loopback and anycast networks
 * add role wireguard
 * add role wireguard as dependency for roles network-routing + service-bird
 * add playbook 'mesh-services'
2019-03-19 15:23:12 +01:00

146 lines
3 KiB
Django/Jinja

#
# {{ ansible_managed }}
#
# Variables
define router_id = {{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_address_legacy = {{ bgp_ipv6_transfer_net_legacy | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_as = {{ as_private }};
# General
timeformat protocol iso long;
router id router_id;
# Functions
function is_default() {
return net ~ [
::/0
];
}
function is_ula() {
return net ~ [
fc00::/7{48,64}
];
}
function is_mwu_self_nets_loose() {
return net ~ [
{% for prefix in internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %}
];
}
function is_mwu_self_nets_strict() {
return net ~ [
{% for prefix in internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
{% endfor %}
];
}
function is_mwu_loopback() {
return net ~ [
{{ loopback_net_ipv6 }}+
];
};
function is_mwu_anycast() {
return net ~ [
{{ anycast_ipv6 }}+
];
};
# Protocols
protocol device {
scan time 30;
};
protocol direct mwu_subnets {
{% if server_type == 'gateway' or server_type == 'monitoring' %}
{% for mesh in meshes %}
interface "{{ mesh.id }}br";
{% endfor %}
{% endif %}
{% for network in my_wireguard_networks %}
interface "wg-{{ network.remote[:11] }}";
{% endfor %}
import where is_mwu_self_nets_loose();
};
protocol direct mwu_loopback {
interface "loopback";
import where is_mwu_loopback();
};
{% if server_type == "gateway" %}
protocol direct mwu_anycast {
interface "anycast";
import where is_mwu_anycast();
};
protocol static {
{% for prefix in internal_prefixes %}
route {{ prefix.ipv6 }} reject;
{% endfor %}
};
{% endif %}
protocol kernel kernel_mwu {
scan time 30;
import none;
export filter {
{% if server_type == "gateway" %}
if is_mwu_anycast() then reject;
{% else %}
if is_mwu_anycast() then accept;
{% endif %}
{% if server_type == "mesh-service" %}
if is_ula() then accept;
{% endif %}
if is_mwu_loopback() then accept;
reject;
};
merge paths yes limit {{ groups['ffmwu-gateways'] | length }};
kernel table ipt_mwu;
};
# Templates
template bgp ibgp_mwu {
local as mwu_as;
import keep filtered on;
import filter {
{% if server_type == "gateway" %}
if is_mwu_anycast() then reject;
{% endif %}
if is_mwu_self_nets_loose() then accept;
if is_ula() then accept;
reject;
};
export filter {
{% if server_type == "gateway" %}
if is_mwu_self_nets_loose() then accept;
if source = RTS_BGP then accept;
{% else %}
if is_mwu_loopback() then accept;
{% endif %}
reject;
};
direct;
gateway direct;
};
# Include IPv6 MWU peers
include "mwu_ipv6_peers.con?";
{% if server_type == "gateway" %}
# Include IPv6 ICVPN configuration
include "icvpn_ipv6.con?";
# Include IPv6 FFRL configuration
include "ffrl_ipv6.con?";
# Include IPv6 Router Advertisement configuration
include "radv.con?";
{% endif %}