# # Bird Route Server configuration generated by IXP Manager # # Do not edit this file, it will be overwritten. Please see: # # https://github.com/inex/IXP-Manager/wiki/Route-Server # # Generated: 2017-12-18 09:08:16 # # For VLAN: peeringLAN (Tag: 1200, Database ID: 2) log "/var/log/bird/rs1.log" all; log syslog all; define routeserverasn = 67001; define routeserveraddress = 10.0.0.220; router id 10.0.0.220; listen bgp address routeserveraddress; # ignore interface up/down events protocol device { } # This function excludes weird networks # rfc1918, class D, class E, too long and too short prefixes function avoid_martians() prefix set martians; { martians = [ 10.0.0.0/8+, 169.254.0.0/16+, 172.16.0.0/12+, 192.0.0.0/24+, 192.0.2.0/24+, 192.168.0.0/16+, 198.18.0.0/15+, 198.51.100.0/24+, 203.0.113.0/24+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ]; # Avoid RFC1918 and similar networks if net ~ martians then return false; return true; } ## ## Standard IXP community filter ## function ixp_community_filter(int peerasn) { if !(source = RTS_BGP) then return false; # it's unwise to conduct a 32-bit check on a 16-bit value if peerasn > 65535 then return true; # Implement widely used community filtering schema. if (0, peerasn) ~ bgp_community then return false; if (routeserverasn, peerasn) ~ bgp_community then return true; if (0, routeserverasn) ~ bgp_community then return false; return true; } ## ## Route Server client configuration ## template bgp tb_rsclient { local as routeserverasn; source address routeserveraddress; import filter { ## Prevent BGP NEXT_HOP Hijacking if !( from = bgp_next_hop ) then reject "BGP neighbor address [", from, "] != next hop address [", bgp_next_hop, "]", ", net:[", net, "], path:[", bgp_path, "]"; accept; }; export all; rs client; } ### AS67020 - ISP1 - VLAN Interface #5 table t_0005_as67020; filter f_import_0005_as67020 prefix set allnet; int set allas; { if !(avoid_martians()) then reject; # Route servers peering with route servers will cause the universe # to collapse. Recommend evasive manoeuvers. if (bgp_path.first != 67020 ) then reject; allas = [ 67020 ]; if !(bgp_path.last ~ allas) then reject; # Deny everything because the IRR database returned nothing reject; accept; } protocol pipe pp_0005_as67020 { description "Pipe for AS67020 - ISP1 - VLAN Interface 5"; table master; mode transparent; peer table t_0005_as67020; import filter f_import_0005_as67020; export where ixp_community_filter(67020); } protocol bgp pb_0005_as67020 from tb_rsclient { description "AS67020 - ISP1"; neighbor 10.0.0.2 as 67020; import limit 200 action restart; table t_0005_as67020; } ### AS67030 - ISP2 - VLAN Interface #6 table t_0006_as67030; filter f_import_0006_as67030 prefix set allnet; int set allas; { if !(avoid_martians()) then reject; # Route servers peering with route servers will cause the universe # to collapse. Recommend evasive manoeuvers. if (bgp_path.first != 67030 ) then reject; allas = [ 67030 ]; if !(bgp_path.last ~ allas) then reject; # Deny everything because the IRR database returned nothing reject; accept; } protocol pipe pp_0006_as67030 { description "Pipe for AS67030 - ISP2 - VLAN Interface 6"; table master; mode transparent; peer table t_0006_as67030; import filter f_import_0006_as67030; export where ixp_community_filter(67030); } protocol bgp pb_0006_as67030 from tb_rsclient { description "AS67030 - ISP2"; neighbor 10.0.0.3 as 67030; import limit 200 action restart; table t_0006_as67030; }