|
|
h1. Simple route server
|
|
|
|
|
|
Here is an example of simple BGP route server. It does not use BGP community policing. All the peers are connected into main (master) routing table. All the filtering is done in import filters and it exports everything to all the peers. (If you want to see everything what the peers are announcing to you, you can use _import all;_ and make the filtering in export filters.)
|
|
|
|
|
|
This example saves a lot of memory compared to a [Route server with community based filtering](Route_server_with_community_based_filtering_and_multiple_RIBs) especially in environment with a lot of peers and prefixes.
|
|
|
|
|
|
/*
|
|
|
* Route server configuration example
|
|
|
*/
|
|
|
|
|
|
log "/var/log/bird.log" all;
|
|
|
log syslog all;
|
|
|
|
|
|
router id 9.9.9.9;
|
|
|
define myas = 999;
|
|
|
|
|
|
protocol device { }
|
|
|
|
|
|
# This function excludes weird networks
|
|
|
# rfc1918, class D, class E, too long and too short prefixes
|
|
|
function avoid_martians()
|
|
|
prefix set martians;
|
|
|
{
|
|
|
martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+,
|
|
|
224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ];
|
|
|
|
|
|
# Avoid RFC1918 and similar networks
|
|
|
if net ~ martians then return false;
|
|
|
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
####
|
|
|
# Protocol template
|
|
|
|
|
|
template bgp PEERS {
|
|
|
local as myas;
|
|
|
import all;
|
|
|
export all;
|
|
|
import limit 10000 action restart;
|
|
|
rs client;
|
|
|
}
|
|
|
|
|
|
|
|
|
####
|
|
|
# Configuration of BGP peer follows
|
|
|
|
|
|
### AS111 - Member1
|
|
|
filter bgp_in_AS111
|
|
|
prefix set allnet;
|
|
|
int set allas;
|
|
|
{
|
|
|
if ! (avoid_martians()) then reject;
|
|
|
if (bgp_path.first != 111 ) then reject;
|
|
|
|
|
|
allas = [ 1234, 2345, 3456, 4567 ];
|
|
|
if ! (bgp_path.last ~ allas) then reject;
|
|
|
|
|
|
allnet = [ 12.34.0.0/16 , 23.45.0.0/16, 34.56.0.0/16, 45.56.0.0/16 ];
|
|
|
if ! (net ~ allnet) then reject;
|
|
|
|
|
|
accept;
|
|
|
}
|
|
|
|
|
|
protocol bgp R111x1 from PEERS {
|
|
|
description "Member 1 - peer 1";
|
|
|
neighbor 10.0.0.11 as 111;
|
|
|
import filter bgp_in_AS111;
|
|
|
}
|
|
|
|
|
|
protocol bgp R111x2 from PEERS {
|
|
|
description "Member 1 - peer 2";
|
|
|
neighbor 10.0.0.12 as 111;
|
|
|
import filter bgp_in_AS111;
|
|
|
}
|
|
|
|
|
|
### AS222 - Member2
|
|
|
filter bgp_in_AS222
|
|
|
prefix set allnet;
|
|
|
int set allas;
|
|
|
{
|
|
|
if ! (avoid_martians()) then reject;
|
|
|
if (bgp_path.first != 222 ) then reject;
|
|
|
|
|
|
allas = [ 4321, 5432, 6543 ];
|
|
|
if ! (bgp_path.last ~ allas) then reject;
|
|
|
|
|
|
allnet = [ 43.21.0.0/16 , 54.32.0.0/16, 65.43.0.0/16 ];
|
|
|
if ! (net ~ allnet) then reject;
|
|
|
|
|
|
accept;
|
|
|
}
|
|
|
|
|
|
protocol bgp R222x1 from PEERS {
|
|
|
description "Member 2 - peer 1";
|
|
|
neighbor 10.0.0.21 as 222;
|
|
|
import filter bgp_in_AS222;
|
|
|
}
|
|
|
|
|
|
### AS333 - Member3
|
|
|
filter bgp_in_AS333
|
|
|
prefix set allnet;
|
|
|
int set allas;
|
|
|
{
|
|
|
if ! (avoid_martians()) then reject;
|
|
|
if (bgp_path.first != 333 ) then reject;
|
|
|
|
|
|
allas = [ 1111, 2222, 3333, 4444, 5555, 6666 ];
|
|
|
if ! (bgp_path.last ~ allas) then reject;
|
|
|
|
|
|
allnet = [ 11.11.0.0/16, 22.22.0.0/16, 33.33.0.0/16, 44.44.0.0/16, 55.55.0.0/16, 66.66.0.0/16 ];
|
|
|
if ! (net ~ allnet) then reject;
|
|
|
|
|
|
accept;
|
|
|
}
|
|
|
|
|
|
protocol bgp R333x1 from PEERS {
|
|
|
description "Member 3 - peer 1";
|
|
|
neighbor 10.0.0.31 as 333;
|
|
|
import filter bgp_in_AS333;
|
|
|
}
|
|
|
|
|
|
protocol bgp R333x2 from PEERS {
|
|
|
description "Member 3 - peer 2";
|
|
|
neighbor 10.0.0.32 as 333;
|
|
|
import filter bgp_in_AS333;
|
|
|
}
|
|
|
|
|
|
protocol bgp R333x3 from PEERS {
|
|
|
description "Member 3 - peer 3";
|
|
|
neighbor 10.0.0.33 as 333;
|
|
|
import filter bgp_in_AS333;
|
|
|
} |