crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bird] Changing role syntax to permit mutliple bgp clients

certbot_on_virtu
_shirenn 2021-07-10 20:37:59 +02:00
parent 70fe903a11
commit cdc7648f04
5 changed files with 87 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
host_vars/routeur-daniel.adm.crans.org/bird.yml 100644
View File

@ -0,0 +1,28 @@
---
loc_bird:
ipv4:
id: 185.230.79.253
binds:
- 185.230.79.253
statics:
- 185.230.78.0/23
bgps:
- name: aurore
allow_local_as: 1
local_as: 204515
remote:
as: 43619
address: 185.230.79.254
ipv6:
id: 185.230.79.253
binds:
- 2a0c:700:28::1
statics:
- 2a0c:700::/36
bgps:
- name: aurore
allow_local_as: 1
local_as: 204515
remote:
as: 43619
address: 2a0c:700:28::2

44
host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
View File

@ -1,20 +1,28 @@
--- ---
loc_bird: loc_bird:
bgp: ipv4:
as: 204515 id: 158.255.113.73
remote_as: 8218 binds:
ipv4: - 158.255.113.73
router_id: 158.255.113.73 statics:
bind_address: 158.255.113.73 - 185.230.76.0/24
network: bgps:
- 185.230.76.0/24 - name: zayo
- 185.230.78.0/23 allow_local_as: 1
neighbor: 158.255.113.72 local_as: 204515
ipv6: remote:
router_id: 185.230.79.62 as: 8218
bind_address: 2001:1b48:2:103::bb:2 address: 158.255.113.72
network: ipv6:
- 2a0c:700::/36 id: 185.230.79.62
- 2a0c:700:3000::/36 binds:
neighbor: 2001:1b48:2:103::bb:1 - 2001:1b48:2:103::bb:2
statics:
- 2a0c:700:3000::/36
bgps:
- name: zayo
allow_local_as: 1
local_as: 204515
remote:
as: 8218
address: 2001:1b48:2:103::bb:1

3
hosts
View File

@ -20,6 +20,9 @@ belenios.adm.crans.org
[bird] [bird]
routeur-gulp.cachan-adm.crans.org routeur-gulp.cachan-adm.crans.org
[bird:children]
routeurs_vm
[blackbox] [blackbox]
monitoring.adm.crans.org monitoring.adm.crans.org

27
roles/bird/templates/bird/bird.conf.j2
View File

@ -9,9 +9,12 @@
# Change this into your BIRD router ID. It's a world-wide unique identification # Change this into your BIRD router ID. It's a world-wide unique identification
# of your router, usually one of router's IPv4 addresses. # of your router, usually one of router's IPv4 addresses.
router id {{ bird.bgp.ipv4.router_id }}; router id {{ bird.ipv4.id }};
{% for bind in bird.ipv4.binds %}
listen bgp address {{ bind }} port 179;
{% endfor %}
listen bgp address {{ bird.bgp.ipv4.bind_address }} port 179;
# The Kernel protocol is not a real routing protocol. Instead of communicating # The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD's # with other routers in the network, it performs synchronization of BIRD's
@ -20,10 +23,7 @@ protocol kernel {
persist; persist;
scan time 60; scan time 60;
import none; import none;
export filter { export all;
if ( net ~ [ {{ bird.bgp.ipv4.network | join(', ') }} ] ) then reject;
accept;
};
} }
# The Device protocol is not a real routing protocol. It doesn't generate any # The Device protocol is not a real routing protocol. It doesn't generate any
@ -34,14 +34,19 @@ protocol device {
} }
protocol static { protocol static {
{% for ip in bird.bgp.ipv4.network %} {% for static in bird.ipv4.statics %}
route {{ ip }} reject; route {{ static }} reject;
{% endfor %} {% endfor %}
} }
protocol bgp zayo { {% for bgp in bird.ipv4.bgps %}
local as {{ bird.bgp.as }}; protocol bgp {{ bgp.name }} {
neighbor {{ bird.bgp.ipv4.neighbor }} as {{ bird.bgp.remote_as }}; local as {{ bgp.local_as }};
{% if bgp.allow_local_as is defined %}
allow local as {{ bgp.allow_local_as }};
{% endif %}
neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }};
import all; import all;
export all; export all;
} }
{% endfor %}

24
roles/bird/templates/bird/bird6.conf.j2
View File

@ -9,9 +9,11 @@
# Change this into your BIRD router ID. It's a world-wide unique identification # Change this into your BIRD router ID. It's a world-wide unique identification
# of your router, usually one of router's IPv6 addresses. # of your router, usually one of router's IPv6 addresses.
router id {{ bird.bgp.ipv6.router_id }}; router id {{ bird.ipv6.id }};
listen bgp address {{ bird.bgp.ipv6.bind_address }} port 179; {% for bind in bird.ipv6.binds %}
listen bgp address {{ bind }} port 179;
{% endfor %}
# The Kernel protocol is not a real routing protocol. Instead of communicating # The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD's # with other routers in the network, it performs synchronization of BIRD's
@ -20,10 +22,7 @@ protocol kernel {
persist; persist;
scan time 60; scan time 60;
import none; import none;
export filter { export all;
if ( net ~ [ {{ bird.bgp.ipv6.network | join(', ') }} ] ) then reject;
accept;
};
} }
# The Device protocol is not a real routing protocol. It doesn't generate any # The Device protocol is not a real routing protocol. It doesn't generate any
@ -34,14 +33,19 @@ protocol device {
} }
protocol static { protocol static {
{% for ip in bird.bgp.ipv6.network %} {% for route in bird.ipv6.statics %}
route {{ ip }} reject; route {{ route }} reject;
{% endfor %} {% endfor %}
} }
{%for bgp in bird.ipv6.bgps %}
protocol bgp zayo { protocol bgp zayo {
local as {{ bird.bgp.as }}; local as {{ bgp.local_as }};
neighbor {{ bird.bgp.ipv6.neighbor }} as {{ bird.bgp.remote_as }}; {% if bgp.allow_local_as is defined %}
allow local as {{ bgp.allow_local_as }};
{% endif %}
neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }};
import all; import all;
export all; export all;
} }
{% endfor %}