diff --git a/ops/nixos/ixvm-fra01/bird.nix b/ops/nixos/ixvm-fra01/bird.nix index 1a9c1d2397..1130ea901b 100644 --- a/ops/nixos/ixvm-fra01/bird.nix +++ b/ops/nixos/ixvm-fra01/bird.nix @@ -11,6 +11,7 @@ let }; remote = { asn = 209844; + export_community = 2000; routers = [{ v4 = "141.98.136.97"; v6 = "2a09:11c0:f1:bc0b::1"; @@ -27,6 +28,7 @@ let }; remote = { asn = 31142; + export_community = 2001; routers = [{ v4 = "193.189.82.251"; v6 = "2001:7f8:33::a103:1142:1"; @@ -46,6 +48,7 @@ let }; remote = { asn = 202409; + export_community = 2002; routers = [{ v4 = "185.1.166.100"; v6 = "2001:7f8:f2:e1::babe:1"; @@ -65,6 +68,7 @@ let }; remote = { asn = 34307; + export_community = 2003; routers = [{ v4 = "193.239.116.255"; v6 = "2001:7f8:13::a503:4307:1"; @@ -83,13 +87,13 @@ let protocol pipe ${ixName}pipe_4 { table ${ixName}4; peer table master4; - import none; + import where ((ro, 205479, ${toString ix.remote.export_community}) ~ bgp_ext_community); export all; }; protocol pipe ${ixName}pipe_6 { table ${ixName}6; peer table master6; - import none; + import where ((ro, 205479, ${toString ix.remote.export_community}) ~ bgp_ext_community); export all; }; '' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers; @@ -102,7 +106,7 @@ let ipv4 { table ${ixName}4; import all; - export none; + export where ((ro, 205479, 1000) ~ bgp_ext_community); }; }; protocol bgp ${ixName}${toString routerNum}_6 { @@ -112,7 +116,7 @@ let ipv6 { table ${ixName}6; import all; - export none; + export where ((ro, 205479, 1000) ~ bgp_ext_community); }; }; ''; @@ -128,18 +132,45 @@ in { persist; ipv4 { import none; - export none; + export all; }; }; protocol kernel { persist; ipv6 { import none; - export none; + export all; }; }; protocol device { }; + + protocol static export4 { + ipv4 { + import filter { + bgp_ext_community.add((ro, 205479, 1000)); + bgp_ext_community.add((ro, 205479, 2000)); + bgp_ext_community.add((ro, 205479, 2001)); + bgp_ext_community.add((ro, 205479, 2002)); + bgp_ext_community.add((ro, 205479, 2003)); + accept; + }; + }; + route 92.118.31.0/24 blackhole; + }; + protocol static export6 { + ipv6 { + import filter { + bgp_ext_community.add((ro, 205479, 1000)); + bgp_ext_community.add((ro, 205479, 2000)); + bgp_ext_community.add((ro, 205479, 2001)); + bgp_ext_community.add((ro, 205479, 2002)); + bgp_ext_community.add((ro, 205479, 2003)); + accept; + }; + }; + route 2a09:a440::/48 blackhole; + }; ''; };