swann: add peering to cofractal-ams01/rexxar
This commit is contained in:
parent
fbe35f040b
commit
761465b393
1 changed files with 256 additions and 49 deletions
|
@ -44,8 +44,6 @@ in {
|
||||||
networking = {
|
networking = {
|
||||||
# Routing tables:
|
# Routing tables:
|
||||||
# bgp (150) -- contains default routes over WG tunnels
|
# bgp (150) -- contains default routes over WG tunnels
|
||||||
# wg-ee (152) -- contains default routes over WG tunnels
|
|
||||||
# wg-gnet (153) -- contains default routes over WG tunnels
|
|
||||||
# ee (201) -- table contains a default route via EE
|
# ee (201) -- table contains a default route via EE
|
||||||
# vm (202) -- table contains a default route via VM
|
# vm (202) -- table contains a default route via VM
|
||||||
# gnet (203) -- table contains a default route via gnetwork
|
# gnet (203) -- table contains a default route via gnetwork
|
||||||
|
@ -195,6 +193,8 @@ in {
|
||||||
bgp = 150;
|
bgp = 150;
|
||||||
wg-ee = 152;
|
wg-ee = 152;
|
||||||
wg-gnet = 153;
|
wg-gnet = 153;
|
||||||
|
wg-cf-ee = 154;
|
||||||
|
wg-cf-gnet = 155;
|
||||||
wg-eta = 160;
|
wg-eta = 160;
|
||||||
ee = 201;
|
ee = 201;
|
||||||
gnet = 203;
|
gnet = 203;
|
||||||
|
@ -202,20 +202,34 @@ in {
|
||||||
in {
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
config.routeTables = routeTables;
|
config.routeTables = routeTables;
|
||||||
networks."50-wg-tuvok-ee" = wireguardNetwork {
|
networks."50-wg-rexxar-ee" = wireguardNetwork {
|
||||||
linkName = "wg-tuvok-ee";
|
linkName = "wg-rexxar-ee";
|
||||||
relativePriority = 3;
|
relativePriority = 3;
|
||||||
rtID = routeTables.wg-ee;
|
rtID = routeTables.wg-ee;
|
||||||
v4Linknet = "92.118.30.2";
|
v4Linknet = "92.118.30.2";
|
||||||
v6Linknet = "2a09:a442::2:1";
|
v6Linknet = "2a09:a442::2:1";
|
||||||
};
|
};
|
||||||
networks."50-wg-tuvok-gnet" = wireguardNetwork {
|
networks."50-wg-rexxar-gnet" = wireguardNetwork {
|
||||||
linkName = "wg-tuvok-gnet";
|
linkName = "wg-rexxar-gnet";
|
||||||
relativePriority = 1;
|
relativePriority = 1;
|
||||||
rtID = routeTables.wg-gnet;
|
rtID = routeTables.wg-gnet;
|
||||||
v4Linknet = "92.118.30.4";
|
v4Linknet = "92.118.30.4";
|
||||||
v6Linknet = "2a09:a442::3:1";
|
v6Linknet = "2a09:a442::3:1";
|
||||||
};
|
};
|
||||||
|
networks."50-wg-cofractal-ee" = wireguardNetwork {
|
||||||
|
linkName = "wg-cofractal-ee";
|
||||||
|
relativePriority = 4;
|
||||||
|
rtID = routeTables.wg-cf-ee;
|
||||||
|
v4Linknet = "92.118.30.0";
|
||||||
|
v6Linknet = "2a09:a442::1:1";
|
||||||
|
};
|
||||||
|
networks."50-wg-cofractal-gn" = wireguardNetwork {
|
||||||
|
linkName = "wg-cofractal-gn";
|
||||||
|
relativePriority = 2;
|
||||||
|
rtID = routeTables.wg-cf-gnet;
|
||||||
|
v4Linknet = "92.118.30.6";
|
||||||
|
v6Linknet = "2a09:a442::4:1";
|
||||||
|
};
|
||||||
networks."50-wg-eta" = wireguardNetwork {
|
networks."50-wg-eta" = wireguardNetwork {
|
||||||
linkName = "wg-eta";
|
linkName = "wg-eta";
|
||||||
relativePriority = 10;
|
relativePriority = 10;
|
||||||
|
@ -326,8 +340,7 @@ in {
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
ListenPort = listenPort;
|
ListenPort = listenPort;
|
||||||
PrivateKeyFile = pkgs.writeText "${name}" privateKey;
|
PrivateKeyFile = privateKey;
|
||||||
# TODO: PrivateKeyFile
|
|
||||||
FirewallMark = hexToInt fwmark;
|
FirewallMark = hexToInt fwmark;
|
||||||
RouteTable = "off";
|
RouteTable = "off";
|
||||||
};
|
};
|
||||||
|
@ -342,22 +355,39 @@ in {
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
tuvokWireguard = args: wireguard (args // {
|
rexxarWireguard = args: wireguard (args // {
|
||||||
privateKey = secrets.wireguard.tuvok-swann.swann.privateKey;
|
privateKey = config.my.vault.secrets.wg-rexxar-private.path;
|
||||||
publicKey = secrets.wireguard.tuvok-swann.tuvok.publicKey;
|
publicKey = "UnmWp6OI283EJfJ9PabZePq/IDsfk1ku/vilRy9TIg0=";
|
||||||
|
});
|
||||||
|
cofractalams01Wireguard = args: wireguard (args // {
|
||||||
|
privateKey = config.my.vault.secrets.wg-cofractal-ams01-private.path;
|
||||||
|
publicKey = "go9lHRpTrtPx8oGzsCs3bG1Z9bQBYsCk7l3T+1KBi1Y=";
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
"40-wg-tuvok-ee" = tuvokWireguard {
|
"40-wg-rexxar-ee" = rexxarWireguard {
|
||||||
name = "wg-tuvok-ee";
|
name = "wg-rexxar-ee";
|
||||||
listenPort = 51821;
|
listenPort = 51821;
|
||||||
#endpoint = "92.118.28.252:51821";
|
#endpoint = "92.118.28.252:51821";
|
||||||
endpoint = "[2a09:a441::f00f]:51821";
|
endpoint = "[2a09:a442:1000::]:51821";
|
||||||
fwmark = "0xdead";
|
fwmark = "0xdead";
|
||||||
};
|
};
|
||||||
"40-wg-tuvok-gnet" = tuvokWireguard {
|
"40-wg-rexxar-gnet" = rexxarWireguard {
|
||||||
name = "wg-tuvok-gnet";
|
name = "wg-rexxar-gnet";
|
||||||
listenPort = 51822;
|
listenPort = 51822;
|
||||||
endpoint = "92.118.28.252:51822";
|
endpoint = "92.118.30.251:51822";
|
||||||
|
fwmark = "0xcafe";
|
||||||
|
};
|
||||||
|
"40-wg-cofractal-ee" = cofractalams01Wireguard {
|
||||||
|
name = "wg-cofractal-ee";
|
||||||
|
listenPort = 51823;
|
||||||
|
#endpoint = "92.118.28.252:51821";
|
||||||
|
endpoint = "[2a09:a446:1337:ffff::10]:51821";
|
||||||
|
fwmark = "0xdead";
|
||||||
|
};
|
||||||
|
"40-wg-cofractal-gn" = cofractalams01Wireguard {
|
||||||
|
name = "wg-cofractal-gn";
|
||||||
|
listenPort = 51824;
|
||||||
|
endpoint = "199.19.152.160:51822";
|
||||||
fwmark = "0xcafe";
|
fwmark = "0xcafe";
|
||||||
};
|
};
|
||||||
"50-wg-eta" = {
|
"50-wg-eta" = {
|
||||||
|
@ -412,23 +442,19 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
my.vault.secrets = {
|
my.vault.secrets = let
|
||||||
wg-eta-public = {
|
wireguardSecret = key: {
|
||||||
group = "systemd-network";
|
group = "systemd-network";
|
||||||
template = ''
|
template = ''
|
||||||
{{- with secret "kv/apps/wireguard/swann" -}}
|
{{- with secret "kv/apps/wireguard/swann" -}}
|
||||||
{{- .Data.data.publicKeyFromEta -}}
|
{{- .Data.data.${key} -}}
|
||||||
{{- end -}}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
wg-eta-private = {
|
|
||||||
group = "systemd-network";
|
|
||||||
template = ''
|
|
||||||
{{- with secret "kv/apps/wireguard/swann" -}}
|
|
||||||
{{- .Data.data.privateKeyToEta -}}
|
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
in {
|
||||||
|
wg-eta-private = wireguardSecret "privateKeyToEta";
|
||||||
|
wg-rexxar-private = wireguardSecret "privateKeyToRexxar";
|
||||||
|
wg-cofractal-ams01-private = wireguardSecret "privateKeyToCofractalAms01";
|
||||||
};
|
};
|
||||||
services.mstpd.enable = true;
|
services.mstpd.enable = true;
|
||||||
my.ip.tailscale = "100.102.224.95";
|
my.ip.tailscale = "100.102.224.95";
|
||||||
|
@ -462,8 +488,10 @@ in {
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o en-gnet -j MASQUERADE
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o en-gnet -j MASQUERADE
|
||||||
|
|
||||||
# SNAT packets we're sending over tunnels.
|
# SNAT packets we're sending over tunnels.
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o wg-tuvok-ee -j SNAT --to-source 92.118.30.254
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o wg-rexxar-ee -j SNAT --to-source 92.118.30.254
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o wg-tuvok-gnet -j SNAT --to-source 92.118.30.254
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o wg-rexxar-gnet -j SNAT --to-source 92.118.30.254
|
||||||
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o wg-cofractal-ee -j SNAT --to-source 92.118.30.254
|
||||||
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 -o wg-cofractal-gn -j SNAT --to-source 92.118.30.254
|
||||||
|
|
||||||
# eduroam
|
# eduroam
|
||||||
# > mark incoming eduroam packets
|
# > mark incoming eduroam packets
|
||||||
|
@ -472,8 +500,10 @@ in {
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o en-ee -j MASQUERADE
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o en-ee -j MASQUERADE
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o en-gnet -j MASQUERADE
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o en-gnet -j MASQUERADE
|
||||||
# > NAT packets going over tunnels.
|
# > NAT packets going over tunnels.
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o wg-tuvok-ee -j SNAT --to-source 92.118.30.253
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o wg-rexxar-ee -j SNAT --to-source 92.118.30.253
|
||||||
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o wg-tuvok-gnet -j SNAT --to-source 92.118.30.253
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o wg-rexxar-gnet -j SNAT --to-source 92.118.30.253
|
||||||
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o wg-cofractal-ee -j SNAT --to-source 92.118.30.253
|
||||||
|
iptables -w -t nat -A nixos-nat-post -m mark --mark 2 -o wg-cofractal-gn -j SNAT --to-source 92.118.30.253
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services.erbium = {
|
services.erbium = {
|
||||||
|
@ -623,12 +653,22 @@ in {
|
||||||
51822
|
51822
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
interfaces.wg-tuvok-ee = {
|
interfaces.wg-rexxar-ee = {
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
3784 # BFD
|
3784 # BFD
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
interfaces.wg-tuvok-gnet = {
|
interfaces.wg-rexxar-gnet = {
|
||||||
|
allowedUDPPorts = [
|
||||||
|
3784 # BFD
|
||||||
|
];
|
||||||
|
};
|
||||||
|
interfaces.wg-cofractal-ee = {
|
||||||
|
allowedUDPPorts = [
|
||||||
|
3784 # BFD
|
||||||
|
];
|
||||||
|
};
|
||||||
|
interfaces.wg-cofractal-gn = {
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
3784 # BFD
|
3784 # BFD
|
||||||
];
|
];
|
||||||
|
@ -647,8 +687,10 @@ in {
|
||||||
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
|
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
|
||||||
ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
|
ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
|
||||||
|
|
||||||
ip46tables -A FORWARD -i vl-eduroam -o wg-tuvok-ee -j ACCEPT
|
ip46tables -A FORWARD -i vl-eduroam -o wg-rexxar-ee -j ACCEPT
|
||||||
ip46tables -A FORWARD -i vl-eduroam -o wg-tuvok-gnet -j ACCEPT
|
ip46tables -A FORWARD -i vl-eduroam -o wg-rexxar-gnet -j ACCEPT
|
||||||
|
ip46tables -A FORWARD -i vl-eduroam -o wg-cofractal-ee -j ACCEPT
|
||||||
|
ip46tables -A FORWARD -i vl-eduroam -o wg-cofractal-gn -j ACCEPT
|
||||||
ip46tables -A FORWARD -i vl-eduroam -o wg-eta -j ACCEPT
|
ip46tables -A FORWARD -i vl-eduroam -o wg-eta -j ACCEPT
|
||||||
ip46tables -A FORWARD -i vl-eduroam -m state --state NEW,RELATED -j REJECT
|
ip46tables -A FORWARD -i vl-eduroam -m state --state NEW,RELATED -j REJECT
|
||||||
'';
|
'';
|
||||||
|
@ -774,16 +816,20 @@ in {
|
||||||
|
|
||||||
protocol static export4 {
|
protocol static export4 {
|
||||||
ipv4 {};
|
ipv4 {};
|
||||||
route 0.0.0.0/0 via 92.118.30.1 bfd {
|
|
||||||
# Virgin Media
|
|
||||||
preference = 100;
|
|
||||||
};
|
|
||||||
route 0.0.0.0/0 via 92.118.30.3 bfd {
|
route 0.0.0.0/0 via 92.118.30.3 bfd {
|
||||||
# EE
|
# EE, rexxar
|
||||||
preference = 10;
|
preference = 10;
|
||||||
};
|
};
|
||||||
route 0.0.0.0/0 via 92.118.30.5 bfd {
|
route 0.0.0.0/0 via 92.118.30.5 bfd {
|
||||||
# GNetwork
|
# GNetwork, rexxar
|
||||||
|
preference = 200;
|
||||||
|
};
|
||||||
|
route 0.0.0.0/0 via 92.118.30.1 bfd {
|
||||||
|
# EE, cofractal-ams01
|
||||||
|
preference = 10;
|
||||||
|
};
|
||||||
|
route 0.0.0.0/0 via 92.118.30.7 bfd {
|
||||||
|
# GNetwork, cofractal-ams01
|
||||||
preference = 200;
|
preference = 200;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -793,24 +839,30 @@ in {
|
||||||
route 92.118.30.16/28 via "br-internal";
|
route 92.118.30.16/28 via "br-internal";
|
||||||
route 92.118.30.254/32 via "lo";
|
route 92.118.30.254/32 via "lo";
|
||||||
route 92.118.30.253/32 via "lo";
|
route 92.118.30.253/32 via "lo";
|
||||||
# route 92.118.30.0/31 via "wg-tuvok-vm";
|
route 92.118.30.0/31 via "wg-cofractal-ee";
|
||||||
route 92.118.30.2/31 via "wg-tuvok-ee";
|
route 92.118.30.2/31 via "wg-rexxar-ee";
|
||||||
route 92.118.30.4/31 via "wg-tuvok-gnet";
|
route 92.118.30.4/31 via "wg-rexxar-gnet";
|
||||||
|
route 92.118.30.6/31 via "wg-cofractal-gn";
|
||||||
};
|
};
|
||||||
protocol static export6 {
|
protocol static export6 {
|
||||||
ipv6 {};
|
ipv6 {};
|
||||||
route ::/0 via 2a09:a442::1:2 bfd {
|
route ::/0 via 2a09:a442::1:2 bfd {
|
||||||
# Virgin Media
|
# EE, cofractal-ams01
|
||||||
preference = 100;
|
preference = 10;
|
||||||
krt_prefsrc = 2a09:a443::1;
|
krt_prefsrc = 2a09:a443::1;
|
||||||
};
|
};
|
||||||
route ::/0 via 2a09:a442::2:2 bfd {
|
route ::/0 via 2a09:a442::2:2 bfd {
|
||||||
# EE
|
# EE, rexxar
|
||||||
preference = 10;
|
preference = 10;
|
||||||
krt_prefsrc = 2a09:a443::1;
|
krt_prefsrc = 2a09:a443::1;
|
||||||
};
|
};
|
||||||
route ::/0 via 2a09:a442::3:2 bfd {
|
route ::/0 via 2a09:a442::3:2 bfd {
|
||||||
# GNetwork
|
# GNetwork, rexxar
|
||||||
|
preference = 200;
|
||||||
|
krt_prefsrc = 2a09:a443::1;
|
||||||
|
};
|
||||||
|
route ::/0 via 2a09:a442::4:2 bfd {
|
||||||
|
# GNetwork, cofractal-ams01
|
||||||
preference = 200;
|
preference = 200;
|
||||||
krt_prefsrc = 2a09:a443::1;
|
krt_prefsrc = 2a09:a443::1;
|
||||||
};
|
};
|
||||||
|
@ -838,6 +890,161 @@ in {
|
||||||
neighbor 2a09:a442::2:2;
|
neighbor 2a09:a442::2:2;
|
||||||
neighbor 92.118.30.5;
|
neighbor 92.118.30.5;
|
||||||
neighbor 2a09:a442::3:2;
|
neighbor 2a09:a442::3:2;
|
||||||
|
neighbor 92.118.30.7;
|
||||||
|
neighbor 2a09:a442::4:2;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp rexxar_ee4 {
|
||||||
|
local 92.118.30.2 as 205479;
|
||||||
|
neighbor 92.118.30.3 as 205479;
|
||||||
|
interface "wg-rexxar-ee";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp rexxar_ee6 {
|
||||||
|
local 2a09:a442::2:1 as 205479;
|
||||||
|
neighbor 2a09:a442::2:2 as 205479;
|
||||||
|
interface "wg-rexxar-ee";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp rexxar_gnet4 {
|
||||||
|
local 92.118.30.4 as 205479;
|
||||||
|
neighbor 92.118.30.5 as 205479;
|
||||||
|
interface "wg-rexxar-gnet";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp rexxar_gnet6 {
|
||||||
|
local 2a09:a442::3:1 as 205479;
|
||||||
|
neighbor 2a09:a442::3:2 as 205479;
|
||||||
|
interface "wg-rexxar-gnet";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp cofractal_ee4 {
|
||||||
|
local 92.118.30.0 as 205479;
|
||||||
|
neighbor 92.118.30.1 as 205479;
|
||||||
|
interface "wg-cofractal-ee";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp cofractal_ee6 {
|
||||||
|
local 2a09:a442::1:1 as 205479;
|
||||||
|
neighbor 2a09:a442::1:2 as 205479;
|
||||||
|
interface "wg-cofractal-ee";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp cofractal_gnet4 {
|
||||||
|
local 92.118.30.6 as 205479;
|
||||||
|
neighbor 92.118.30.7 as 205479;
|
||||||
|
interface "wg-cofractal-gn";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp cofractal_gnet6 {
|
||||||
|
local 2a09:a442::4:1 as 205479;
|
||||||
|
neighbor 2a09:a442::4:2 as 205479;
|
||||||
|
interface "wg-cofractal-gn";
|
||||||
|
direct;
|
||||||
|
bfd on;
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 10) ~ bgp_ext_community) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
protocol bgp eta4 {
|
protocol bgp eta4 {
|
||||||
|
|
Loading…
Reference in a new issue