ansible-ffibk/roles/service-bird-icvpn/templates/icvpn_ipv6.conf.j2
Tobias Hachmer fa37598c3b
Roles service-bird + service-bird-icvpn:
Restructure bird configuration to exchange loopback addresses and announce the whole freifunk subnets instead the configured ones.
2018-11-07 10:28:13 +01:00

76 lines
1.7 KiB
Django/Jinja

#
# {{ ansible_managed }}
#
# Variables
define icvpn_address = {{ icvpn_ipv6_transfer_net | ipaddr('net') | ipsubnet(112, 37) | ipaddr(magic) | ipaddr('address') }};
# ROA
roa table roa_icvpn {
include "icvpn_ipv6_roa.con?";
}
# Routing Tables
table icvpn;
# Filters
filter icvpn_import_filter {
if is_mwu_self_nets_loose() then reject;
if roa_check(roa_icvpn) = ROA_VALID then {
if is_ula() then accept;
} else {
if roa_check(roa_icvpn) = ROA_UNKNOWN then {
if is_ula() then {
print "ROA UNKNOWN for ula net, accepting: ", net, " ASN: ", bgp_path.last;
accept;
}
}
if roa_check(roa_icvpn) = ROA_INVALID then {
if is_ula() then {
print "ROA INVALID for ula net, accepting: ", net, " ASN: ", bgp_path.last;
accept;
}
}
reject;
}
reject;
}
# Protocols
protocol pipe {
peer table icvpn;
export filter {
if is_mwu_self_nets_loose() then reject;
if is_ula() then accept;
reject;
};
import none;
};
protocol kernel kernel_icvpn {
table icvpn;
scan time 30;
import none;
export filter {
if is_mwu_self_nets_loose() then reject;
krt_prefsrc = icvpn_address;
accept;
};
kernel table ipt_icvpn;
};
# Templates
template bgp ebgp_icvpn {
local icvpn_address as mwu_as;
import keep filtered on;
import filter icvpn_import_filter;
export filter {
if is_mwu_self_nets_strict() then accept;
if source = RTS_BGP then accept;
reject;
};
direct;
}
# Include ICVPN IPv6 peers
include "icvpn_ipv6_peers.con?";