crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bird] Filter exported routes to avoid announcing a full view 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-07-26 22:22:35 +02:00
parent ddb2850adc
commit 6a66ccd8ca
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
6 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
host_vars/routeur-daniel.adm.crans.org/bird.yml
View File

@ -17,6 +17,8 @@ loc_bird:
remote: remote:
as: 212424 as: 212424
address: 138.195.159.249 address: 138.195.159.249
allow_export_prefixes:
- 185.230.76.0/22+
- name: aurore - name: aurore
allow_local_as: 1 allow_local_as: 1
local: local:
@ -25,6 +27,8 @@ loc_bird:
remote: remote:
as: 43619 as: 43619
address: 185.230.79.254 address: 185.230.79.254
allow_export_prefixes:
- 185.230.76.0/22+
ipv6: ipv6:
id: 185.230.79.253 id: 185.230.79.253
binds: binds:
@ -40,3 +44,5 @@ loc_bird:
remote: remote:
as: 43619 as: 43619
address: 2a0c:700:28::2 address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+

4
host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
View File

@ -14,6 +14,8 @@ loc_bird:
remote: remote:
as: 8218 as: 8218
address: 158.255.113.72 address: 158.255.113.72
allow_export_prefixes:
- 185.230.76.0/22+
ipv6: ipv6:
id: 185.230.79.62 id: 185.230.79.62
binds: binds:
@ -28,3 +30,5 @@ loc_bird:
remote: remote:
as: 8218 as: 8218
address: 2001:1b48:2:103::bb:1 address: 2001:1b48:2:103::bb:1
allow_export_prefixes:
- 2a0c:700::/32+

6
host_vars/routeur-jack.adm.crans.org/bird.yml
View File

@ -17,6 +17,8 @@ loc_bird:
remote: remote:
as: 212424 as: 212424
address: 138.195.159.249 address: 138.195.159.249
allow_export_prefixes:
- 185.230.76.0/22+
- name: aurore - name: aurore
allow_local_as: 1 allow_local_as: 1
local: local:
@ -25,6 +27,8 @@ loc_bird:
remote: remote:
as: 43619 as: 43619
address: 185.230.79.254 address: 185.230.79.254
allow_export_prefixes:
- 185.230.76.0/22+
ipv6: ipv6:
id: 185.230.79.253 id: 185.230.79.253
binds: binds:
@ -40,3 +44,5 @@ loc_bird:
remote: remote:
as: 43619 as: 43619
address: 2a0c:700:28::2 address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+

6
host_vars/routeur-sam.adm.crans.org/bird.yml
View File

@ -17,6 +17,8 @@ loc_bird:
remote: remote:
as: 212424 as: 212424
address: 138.195.159.249 address: 138.195.159.249
allow_export_prefixes:
- 185.230.76.0/22+
- name: aurore - name: aurore
allow_local_as: 1 allow_local_as: 1
local: local:
@ -25,6 +27,8 @@ loc_bird:
remote: remote:
as: 43619 as: 43619
address: 185.230.79.254 address: 185.230.79.254
allow_export_prefixes:
- 185.230.76.0/22+
ipv6: ipv6:
id: 185.230.79.253 id: 185.230.79.253
binds: binds:
@ -40,3 +44,5 @@ loc_bird:
remote: remote:
as: 43619 as: 43619
address: 2a0c:700:28::2 address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+

5
roles/bird/templates/bird/bird.conf.j2
View File

@ -51,6 +51,9 @@ protocol bgp {{ bgp.name }} {
{% endif %} {% endif %}
neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }}; neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }};
import all; import all;
export all; export filter {
if ( net ~ [ {{ bgp.allow_export_prefixes|join(', ') }} ] ) then accept;
reject;
};
} }
{% endfor %} {% endfor %}

5
roles/bird/templates/bird/bird6.conf.j2
View File

@ -50,6 +50,9 @@ protocol bgp {{ bgp.name }} {
{% endif %} {% endif %}
neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }}; neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }};
import all; import all;
export all; export filter {
if ( net ~ [ {{ bgp.allow_export_prefixes|join(', ') }} ] ) then accept;
reject;
};
} }
{% endfor %} {% endfor %}