log "/var/log/bird.log" all; log syslog all; router id 206.71.137.2; define myas = 396501; protocol kernel { scan time 60; export all; } protocol device { scan time 60; } # This function excludes weird networks # rfc1918, class D, class E, too long and too short prefixes function avoid_martians() prefix set martians; { martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ]; # Avoid RFC1918 and similar networks if net ~ martians then return false; return true; } function avoid_crappy_prefixes() { if net.len < 8 then return false; if net.len > 24 then return false; return true; } #### # Protocol template template bgp PEERS { local as myas; import all; export all; import limit 100000 action restart; rs client; } # BGP output filter (based on communities) function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false; if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; if ((ro,0,myas) ~ bgp_ext_community) then return false; if (ro,myas,myas) ~ bgp_ext_community then return true; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; if ((0, myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; if ((myas,myas) ~ bgp_community) || ((ro,myas,myas) ~ bgp_ext_community) then return true; } return true; } function bgp_out(int peeras) { if !bgp_out_comm(peeras) then return false; # Remove IXP related communities bgp_community.delete([(0,*)]); ## bgp_community.delete([(myas,*)]); bgp_ext_community.delete([(ro,0,*)]); bgp_ext_community.delete([(ro,myas,*)]); return true; } #### # Configuration of BGP peer follows ### AS3367 - Member1 filter bgp_in_AS3367 prefix set allnet; int set allas; { if ! (avoid_martians()) then reject; if (bgp_path.first != 3367 ) then reject; # allas = [ 1234, 2345, 3456, 4567 ]; # if ! (bgp_path.last ~ allas) then reject; # allnet = [ 12.34.0.0/16 , 23.45.0.0/16, 34.56.0.0/16, 45.56.0.0/16 ]; # if ! (net ~ allnet) then reject; accept; } protocol bgp R3367 from PEERS { description "Member 1 - peer 1"; neighbor 206.71.137.6 as 3367; import filter bgp_in_AS3367; export where bgp_out_comm(3367); } ### AS6939 - Member1 filter bgp_in_AS6939 prefix set allnet; int set allas; { if ! (avoid_martians()) then reject; if (bgp_path.first != 6939 ) then reject; #allas = [ 1234, 2345, 3456, 4567 ]; #if ! (bgp_path.last ~ allas) then reject; #allnet = [ 12.34.0.0/16 , 23.45.0.0/16, 34.56.0.0/16, 45.56.0.0/16 ]; #if ! (net ~ allnet) then reject; accept; } protocol bgp R6939 from PEERS { description "Member 1 - peer 2"; neighbor 206.71.137.7 as 6939; import filter bgp_in_AS6939; export where bgp_out_comm(6939); } ### AS42 - Member1 table T42; filter bgp_in_AS42 prefix set allnet; int set allas; { if ! (avoid_martians()) then reject; if (bgp_path.first != 42 ) then reject; allas = [ 42, 187, 16686, 20144, 32978, 35160, 52306, 10886 ]; # if ! (bgp_path.last ~ allas) then reject; # (PCH prefer us to use the following instead) allnet = [ 64.68.195.0/24, 64.68.196.0/24, 65.22.4.0/23 {23,24}, 70.40.0.0/20 {20,24}, 72.0.48.0/20 {20,24}, 72.42.112.0/20 {20,24}, 74.63.16.0/20 {20,24}, 114.69.222.0/24, 156.154.96.0/24, 156.154.99.0/24, 189.201.244.0/23, 192.203.230.0/24, 194.0.17.0/24, 194.0.27.0/24, 194.0.36.0/24, 194.0.42.0/24, 194.0.47.0/24, 194.117.56.0/21 {21,24}, 198.182.167.0/24, 199.4.137.0/24, 199.7.64.0/24, 199.7.77.0/24, 199.7.82.0/23, 199.7.83.0/24, 199.43.132.0/24, 199.115.156.0/23 {23,24}, 199.182.32.0/24, 199.182.40.0/24, 199.249.112.0/20 {20,24}, 199.254.171.0/24, 200.16.98.0/24, 200.108.148.0/24, 203.119.88.0/23, 204.61.216.0/23, 199.7.91.0/24, 204.19.119.0/24, 204.26.57.0/24, 144.254.254.0/24, 207.34.6.0/23 {23,24}, 206.51.254.0/23 {23,24}, 149.112.112.0/24, 149.112.149.0/24, 205.132.46.0/23 {23,24}, 170.210.180.0/24, 65.22.19.0/24, 65.22.23.0/24, 65.22.27.0/24, 65.22.31.0/24, 65.22.35.0/24, 65.22.39.0/24, 65.22.43.0/24, 65.22.47.0/24, 65.22.51.0/24, 65.22.55.0/24, 65.22.59.0/24, 65.22.63.0/24, 65.22.67.0/24, 65.22.71.0/24, 65.22.79.0/24, 65.22.83.0/24, 65.22.87.0/24, 65.22.91.0/24, 65.22.95.0/24, 65.22.99.0/24, 65.22.103.0/24, 65.22.107.0/24, 65.22.111.0/24, 65.22.115.0/24, 65.22.119.0/24, 65.22.123.0/24, 65.22.127.0/24, 65.22.131.0/24, 65.22.135.0/24, 65.22.139.0/24, 65.22.143.0/24, 65.22.147.0/24, 65.22.151.0/24, 65.22.155.0/24, 65.22.159.0/24, 65.22.163.0/24, 65.22.171.0/24, 65.22.175.0/24, 65.22.179.0/24, 65.22.183.0/24, 65.22.187.0/24, 65.22.191.0/24, 65.22.195.0/24, 65.22.199.0/24, 65.22.203.0/24, 65.22.207.0/24, 65.22.211.0/24, 65.22.215.0/24, 65.22.219.0/24, 65.22.223.0/24, 65.22.227.0/24, 65.22.231.0/24, 65.22.235.0/24, 65.22.239.0/24, 65.22.243.0/24 ]; if ! (net ~ allnet) then reject; accept; } # protocol pipe P42 from PIPES { # description "Packet Clearing House"; # peer table T42; # import filter bgp_in_AS42; # export where bgp_out(42); #} protocol bgp R42 from PEERS { description "Member 1 - peer 3"; neighbor 206.71.137.4 as 42; table T42; } ### AS3856 - Member1 table T3856; filter bgp_in_AS3856 prefix set allnet; int set allas; { if ! (avoid_martians()) then reject; if (bgp_path.first != 3856 ) then reject; allas = [ 3856 ]; if ! (bgp_path.last ~ allas) then reject; accept; } #protocol pipe P3856 from PIPES { # description "Packet Clearing House"; # peer table T3856; # import filter bgp_in_AS3856; # export where bgp_out(3856); #} protocol bgp R3856 from PEERS { description "Packet Clearing House - peer 1"; neighbor 206.71.137.5 as 3856; table T3856; } ### AS5645 - Member1 filter bgp_in_AS5645 prefix set allnet; int set allas; { if ! (avoid_martians()) then reject; if (bgp_path.first != 5645 ) then reject; #allas = [ 1234, 2345, 3456, 4567 ]; #if ! (bgp_path.last ~ allas) then reject; #allnet = [ 12.34.0.0/16 , 23.45.0.0/16, 34.56.0.0/16, 45.56.0.0/16 ]; #if ! (net ~ allnet) then reject; accept; } protocol bgp R5645 from PEERS { description "Member 1 - peer 5"; neighbor 206.71.137.8 as 5645; import filter bgp_in_AS5645; export where bgp_out_comm(5645); } ### AS55195 - Member1 filter bgp_in_AS55195 prefix set allnet; int set allas; { if ! (avoid_martians()) then reject; if (bgp_path.first != 55195 ) then reject; #allas = [ 1234, 2345, 3456, 4567 ]; #if ! (bgp_path.last ~ allas) then reject; #allnet = [ 12.34.0.0/16 , 23.45.0.0/16, 34.56.0.0/16, 45.56.0.0/16 ]; #if ! (net ~ allnet) then reject; accept; } protocol bgp R55195 from PEERS { description "Member 1 - peer 5"; neighbor 206.71.137.53 as 55195; import filter bgp_in_AS55195; export where bgp_out_comm(55195); }