harrison/dn42-ansible
1
0
Fork 0
forked from 9pfs/dn42-ansible
Code Pull requests Activity

prepare for anycast

Browse source
This commit is contained in:
9pfs 2024-11-28 18:32:27 -08:00
parent 1588a116a7
commit f9562a3b93
Signed by: 9pfs
SSH key fingerprint: SHA256:yVO09iotyiNaBzBBvVR8ZTx7SB9VpvJPgR1Ihy1bz3Q
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
bird-conf.j2
View file

@ -43,6 +43,12 @@ function is_self_net_v6() {
return net ~ OWNNETSETv6; return net ~ OWNNETSETv6;
} }
function is_my_anycast_v6() {
return net ~ [
fd42:d42:d42:81::/64
];
}
{% if unicastv4 is defined %} {% if unicastv4 is defined %}
function is_valid_network() { function is_valid_network() {
return net ~ [ return net ~ [
@ -57,6 +63,12 @@ function is_valid_network() {
10.0.0.0/8{15,24} # Freifunk.net 10.0.0.0/8{15,24} # Freifunk.net
]; ];
} }
function is_my_anycast_v4() {
return net ~ [
172.20.0.81/32+
];
}
{% endif %} {% endif %}
{% if unicastv4 is defined %} {% if unicastv4 is defined %}
@ -143,7 +155,7 @@ template bgp dnpeers {
} else reject; } else reject;
}; };
export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else if is_my_anycast_v4() && source ~ [RTS_BABEL] then accept; else reject; };
import limit 9000 action block; import limit 9000 action block;
import table; import table;
}; };
@ -159,7 +171,7 @@ template bgp dnpeers {
} else accept; } else accept;
} else reject; } else reject;
}; };
export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else if is_my_anycast_v6() && source ~ [RTS_BABEL] then accept; else reject; };
import limit 9000 action block; import limit 9000 action block;
import table; import table;
}; };