[technique] WiP : Proposition de conf BGP
Jérôme Nicolle
jerome at ceriz.fr
Sam 17 Déc 19:57:59 CET 2011
Et voilà la version réécrite pour h3 ipv4
J'attends validation pour appliquer et faire pareil en v6
###
#
# BIRD IPv4 COnfiguration for AS197422 - Toulouse node (h3.tetaneutral.net)
#
###
#
# Conventions
#
# Local Prefs :
# (beware localprefs are transmited over iBGP : should be set
accordingly for internal TE)
# - Customers / members fromm 300 to 399
# - IX from 200 to 299
# - Transits from 100 to 199
#
# Communities :
# WiP
#
###
#
# History (topmost is most recent activity)
# 20111217 - jerome at ceriz.fr - major rewriting, creation of doc header
# local pref rescaling
# added customer : chiwawa
# added community setup on JAGUAR (instead of prepending)
#
###
router id 91.224.148.2;
define myas = 197422;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
# incremented log (jni 20111217)
log "/var/log/bird-20111217.log" all;
debug commands 2;
#debug protocols all;
#debug protocols { states };
#debug protocols { routes };
#debug protocols { filters };
#debug protocols { interfaces };
#debug protocols { events };
#debug protocols { packets };
#debug protocols off;
debug protocols { states, events };
protocol device {
scan time 10;
# primary "eth0" 192.168.3.8;
primary "eth0" 91.224.148.3;
}
protocol static static_bgp {
import all;
route 91.224.148.0/23 reject;
#route 91.224.148.0/24 reject;
#route 91.224.149.0/24 reject;
}
protocol static misc {
route 91.224.148.0/24 via 91.224.148.2;
#route 91.224.149.10/32 via 91.224.148.2;
}
protocol kernel{
import all;
export all;
}
function avoid_martians()
prefix set martians;
{
# replaced pfx_lenght and 0/0 route by extended martian filters,
faster and shorter (jni 20111217)
martians = [ 169.254.0.0/16+,
172.16.0.0/12+,
192.168.0.0/16+,
10.0.0.0/8+,
224.0.0.0/4+,
240.0.0.0/4+,
0.0.0.0/32-,
0.0.0.0/0{25,32},
0.0.0.0/0{0,7} ];
if net ~ martians then return false;
return true;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23]) then accept;
else reject;
}
filter bgp_OUT_JAGUAR {
if (net ~ [91.224.148.0/23]) then {
# add control community jor Jaguar to prepend us
bgp_community.add([ (65003,2914),
(65003,3356),
(65003,5511),
(65003,3257),
(65003,3491),
(65000,6939),
(65003,8218),
(65003,8928),
(65003,9009),
(65003,12322),
(65003,15557),
(65003,15169),
(65003,20932),
(65003,21502),
(64603,32101),
(64603,32102),
(64602,32103),
(64603,32104),
(64603,32105),
(64603,32106),
(64603,32107),
(64603,32108),
(64603,32109),
(64603,32110),
(64603,32111),
(64603,32112),
(64603,32113)]);
# and prepend once more to be sure ;)
bgp_path.prepend(myas);
accept;
}
reject;
}
filter bgp_OUT_148 {
if (net ~ [91.224.148.0/24]) then accept;
else reject;
}
filter bgp_OUT_149 {
if (net ~ [91.224.149.0/24]) then accept;
else reject;
}
filter bgp_OUT_148_149 {
if (net ~ [91.224.148.0/24,91.224.149.0/24]) then accept;
else reject;
}
filter bgp_IN_CHIWAWA {
if (net ~ [91.224.148.32/29]) then accept;
else reject;
}
###
# BGP sessions
###
# iBGP session to gw
protocol bgp TETANEUTRAL {
local as myas;
neighbor 91.224.148.2 as myas;
# preference 100; # not required : eBGP prefered over iBGP (jni 20111217)
#import where avoid_martians(); # warning : will match "prefix too short"
import bgp_IN_CHIWAWA;
export all;
}
###
#
# IX route serveurs
#
###
#
# Local Prefs settings :
#
# We prefer some IX over others due to capacity and/or price
# Primary RS are slightly prefered over secondary RS to make the BGP
# decision process faster, yet keeping redundancy
#
# FR-IX : pri 201, sec 200
# France-IX : pri 250, sec 249
# Equinix-IX : pri 280, sec 279
# TOUIX : 290
#
###
protocol bgp TOUIX {
local as myas;
neighbor 91.213.236.1 as 47184;
preference 290;
import where avoid_martians();
export filter bgp_OUT;
#export filter bgp_OUT_148_149;
}
#
# transits
#
protocol bgp JAGUAR {
local as myas;
neighbor 31.172.233.1 as 30781;
preference 100;
password "CoolvIbni";
import where avoid_martians();
export filter bgp_OUT_JAGUAR;
#import none;
#export none;
}
#
# Customers / members
#
#primary access : higher pref than backup (350)
protocol bgp CHIWAWA {
local as myas;
neighbor 91.224.149.175 as 64600;
import filter bgp_IN_CHIWAWA;
export where avoid_martians();
preference 399;
}
--
Jérôme Nicolle
06 19 31 27 14
Plus d'informations sur la liste de diffusion technique