[technique] WiP : Proposition de conf BGP

Jérôme Nicolle jerome at ceriz.fr
Sam 17 Déc 19:57:59 CET 2011


Et voilà la version réécrite pour h3 ipv4

J'attends validation pour appliquer et faire pareil en v6

###
#
# BIRD IPv4 COnfiguration for AS197422 - Toulouse node (h3.tetaneutral.net)
#
###
#
# Conventions
#
# Local Prefs :
# (beware localprefs are transmited over iBGP : should be set
accordingly for internal TE)
# - Customers / members fromm 300 to 399
# - IX from 200 to 299
# - Transits from 100 to 199
#
# Communities :
# WiP
#
###
#
# History (topmost is most recent activity)
# 20111217 - jerome at ceriz.fr - 	major rewriting, creation of doc header
#				local pref rescaling
#				added customer : chiwawa
#				added community setup on JAGUAR (instead of prepending)
#
###


router id 91.224.148.2;
define myas = 197422;

timeformat base     iso long;
timeformat log      iso long;
timeformat protocol iso long;
timeformat route    iso long;

# incremented log (jni 20111217)
log "/var/log/bird-20111217.log" all;

debug commands 2;

#debug protocols all;
#debug protocols { states };
#debug protocols { routes };
#debug protocols { filters  };
#debug protocols { interfaces };
#debug protocols { events };
#debug protocols { packets };
#debug protocols off;
debug protocols { states, events };

protocol device {
	scan time 10;
#        primary "eth0" 192.168.3.8;
        primary "eth0" 91.224.148.3;
}

protocol static static_bgp {
	import all;
	route 91.224.148.0/23 reject;
	#route 91.224.148.0/24 reject;
	#route 91.224.149.0/24 reject;
}

protocol static misc {
	route 91.224.148.0/24 via 91.224.148.2;
        #route 91.224.149.10/32 via 91.224.148.2;
}


protocol kernel{
	import all;
	export all;
}


function avoid_martians()
prefix set martians;
{

  # replaced pfx_lenght and 0/0 route by extended martian filters,
faster and shorter (jni 20111217)
  martians = [ 	169.254.0.0/16+,
		172.16.0.0/12+,
		192.168.0.0/16+,
		10.0.0.0/8+,
		224.0.0.0/4+,
		240.0.0.0/4+,
		0.0.0.0/32-,
		0.0.0.0/0{25,32},
		0.0.0.0/0{0,7} ];

  if net ~ martians then return false;

  return true;
}

filter bgp_OUT {
	if (net ~ [91.224.148.0/23]) then accept;
	else reject;
}

filter bgp_OUT_JAGUAR {
      if (net ~ [91.224.148.0/23]) then {
	# add control community jor Jaguar to prepend us
	 bgp_community.add([	(65003,2914),
				(65003,3356),
				(65003,5511),
				(65003,3257),
				(65003,3491),
				(65000,6939),
				(65003,8218),
				(65003,8928),
				(65003,9009),
				(65003,12322),
				(65003,15557),
				(65003,15169),
				(65003,20932),
				(65003,21502),
				(64603,32101),
				(64603,32102),
				(64602,32103),
				(64603,32104),
				(64603,32105),
				(64603,32106),
				(64603,32107),
				(64603,32108),
				(64603,32109),
				(64603,32110),
				(64603,32111),
				(64603,32112),
				(64603,32113)]);
	# and prepend once more to be sure ;)
         bgp_path.prepend(myas);
         accept;
      }
      reject;
}

filter bgp_OUT_148 {
        if (net ~ [91.224.148.0/24]) then accept;
        else reject;
}

filter bgp_OUT_149 {
        if (net ~ [91.224.149.0/24]) then accept;
        else reject;
}

filter bgp_OUT_148_149 {
        if (net ~ [91.224.148.0/24,91.224.149.0/24]) then accept;
        else reject;
}

filter bgp_IN_CHIWAWA {
        if (net ~ [91.224.148.32/29]) then accept;
        else reject;
}


###
# BGP sessions
###

# iBGP session to gw
protocol bgp TETANEUTRAL {
	local as myas;
	neighbor 91.224.148.2 as myas;
	# preference 100; # not required : eBGP prefered over iBGP (jni 20111217)
	#import where avoid_martians(); # warning : will match "prefix too short"
	import bgp_IN_CHIWAWA;
	export all;
}



###
#
# IX route serveurs
#
###
#
# Local Prefs settings :
#
# We prefer some IX over others due to capacity and/or price
# Primary RS are slightly prefered over secondary RS to make the BGP
# decision process faster, yet keeping redundancy
#
# FR-IX : pri 201, sec 200
# France-IX : pri 250, sec 249
# Equinix-IX : pri 280, sec 279
# TOUIX : 290
#
###

protocol bgp TOUIX {
        local as myas;
        neighbor 91.213.236.1 as 47184;
        preference 290;
        import where avoid_martians();
        export filter bgp_OUT;
        #export filter bgp_OUT_148_149;
}

#
# transits
#

protocol bgp JAGUAR {
	 local as myas;
	 neighbor 31.172.233.1 as 30781;
	 preference 100;
	 password "CoolvIbni";
         import where avoid_martians();
         export filter bgp_OUT_JAGUAR;
	 #import none;
	 #export none;
}
#
# Customers / members
#

#primary access : higher pref than backup (350)
protocol bgp CHIWAWA {
        local as myas;
        neighbor 91.224.149.175 as 64600;
        import filter bgp_IN_CHIWAWA;
        export where avoid_martians();
	preference 399;
}



-- 
Jérôme Nicolle
06 19 31 27 14



Plus d'informations sur la liste de diffusion technique