diff --git a/ops/nixos/lib/bgp.nix b/ops/nixos/lib/bgp.nix index 66af4cdac4..5e5d87d30b 100644 --- a/ops/nixos/lib/bgp.nix +++ b/ops/nixos/lib/bgp.nix @@ -14,6 +14,7 @@ let { if ! (avoid_martians4()) then reject; ${if ix.remote.must_be_next_hop then "if (bgp_path.first != ${toString ix.remote.asn}) then reject;" else "# no next-hop requirement"} + ${lib.concatMapStringsSep "\n" (asn: "if (bgp_path ~ [= * ${toString asn} * =]) then reject;") ix.remote.drop_asns} bgp_local_pref = ${toString ix.remote.bgp_local_pref}; accept; } @@ -23,6 +24,7 @@ let { if ! (avoid_martians6()) then reject; ${if ix.remote.must_be_next_hop then "if (bgp_path.first != ${toString ix.remote.asn}) then reject;" else "# no next-hop requirement"} + ${lib.concatMapStringsSep "\n" (asn: "if (bgp_path ~ [= * ${toString asn} * =]) then reject;") ix.remote.drop_asns} bgp_local_pref = ${toString ix.remote.bgp_local_pref}; accept; } @@ -141,6 +143,10 @@ in { type = bool; default = true; }; + drop_asns = mkOption { # lukegbgp.config.peering..remote.drop_asns + type = listOf int; + default = []; + }; bgp_local_pref = mkOption { # lukegbgp.config.peering..remote.bgp_local_pref type = int; default = 100; diff --git a/ops/nixos/lib/blade-router.nix b/ops/nixos/lib/blade-router.nix index 7d0a2dc292..43c69dc52e 100644 --- a/ops/nixos/lib/blade-router.nix +++ b/ops/nixos/lib/blade-router.nix @@ -140,6 +140,9 @@ in asn = 3170; export_community = 4001; bgp_local_pref = 101; + drop_asns = [ + 15169 # prefer RS to transit + ]; routers = [{ v4 = config.my.blade-router.addresses.linknet.v4.remote; v6 = config.my.blade-router.addresses.linknet.v6.remote;