diff --git a/group_vars/all/bird.yml b/group_vars/all/bird.yml new file mode 100644 index 0000000..1811511 --- /dev/null +++ b/group_vars/all/bird.yml @@ -0,0 +1,4 @@ +--- +bird__as: + aurore: 43619 +... diff --git a/group_vars/infra/bird.yml b/group_vars/infra/bird.yml new file mode 100644 index 0000000..2256c56 --- /dev/null +++ b/group_vars/infra/bird.yml @@ -0,0 +1,47 @@ +--- +bird__kernel: + kernel: + learn: true + import: accept + export: accept + +bird__ospf: + limits: + import: 4000 + export: 4000 + import: accept + export: + protos: kernel + areas: + 0: + broadcast: + - back0 + stub: + - monit0 + - wifi0 + - int0 + - sw0 + - bmc0 + - pve0 + - isp0 + - ext0 + - ups0 + 1: + broadcast: + - vpn0 + +bird__bgp: + edge1: + local: + address: "{{ bird__bgp_addr.back }}" + as: "{{ bird__as.aurore }}" + neighbor: + address: + - 2a09:6840:203::1:1 + - 10.203.1.1 + as: "{{ bird__as.aurore }}" + import: + - pref_src: "{{ bird__pref_src_addr }}" + - accept + export: reject +... diff --git a/group_vars/isp/bird.yml b/group_vars/isp/bird.yml new file mode 100644 index 0000000..ddadd84 --- /dev/null +++ b/group_vars/isp/bird.yml @@ -0,0 +1,53 @@ +--- +bird__kernel: + kernel: + learn: true + import: accept + export: accept + +bird__ospf: + limits: + import: 4000 + export: 4000 + import: accept + export: + protos: kernel + areas: + 0: + broadcast: + - back0 + stub: + - client0 + - client1 + - client2 + - client3 + - client4 + +bird__bgp: + edge1: + local: + address: "{{ bird__bgp_addr.back }}" + as: "{{ bird__as.aurore }}" + neighbor: + address: + - 2a09:6840:203::1:1 + - 10.203.1.1 + as: "{{ bird__as.aurore }}" + import: + - pref_src: "{{ bird__pref_src_addr }}" + - accept + export: reject + +bird__radv: + rdnss: + - 2a09:6840:206::1:1 + - 2a09:6840:206::1:2 + interfaces: + client0: + max_interval: 5 + prefixes: + - 2a09:6841::/64 + dnssl: client0.isp.auro.re + domain_search: + - auro.re +... diff --git a/group_vars/isp/keepalived.yml b/group_vars/isp/keepalived.yml index 0a18a88..50add88 100644 --- a/group_vars/isp/keepalived.yml +++ b/group_vars/isp/keepalived.yml @@ -25,5 +25,8 @@ keepalived__virtual_addresses: - 2a09:6841:0:4::1/64 - fe80::1/10 +keepalived__virtual_blackholes: + - 45.66.111.220/32 + keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}" ... diff --git a/host_vars/infra-1.back.infra.auro.re.yml b/host_vars/infra-1.back.infra.auro.re.yml index 0449d58..b90de8c 100644 --- a/host_vars/infra-1.back.infra.auro.re.yml +++ b/host_vars/infra-1.back.infra.auro.re.yml @@ -40,4 +40,15 @@ ifupdown2__interfaces: addresses: - 2a09:6840:213::1:1 - 10.213.1.1 + +bird__router_id: 10.203.1.3 + +bird__bgp_addr: + back: + - 2a09:6840:203::1:3 + - 10.203.1.3 + +bird__pref_src_addr: + - 2a09:6840:203::1:3 + - 45.66.111.210 ... diff --git a/host_vars/infra-2.back.infra.auro.re.yml b/host_vars/infra-2.back.infra.auro.re.yml index 6b4843d..6f2f7ee 100644 --- a/host_vars/infra-2.back.infra.auro.re.yml +++ b/host_vars/infra-2.back.infra.auro.re.yml @@ -40,4 +40,15 @@ ifupdown2__interfaces: addresses: - 2a09:6840:213::1:2 - 10.213.1.2 + +bird__router_id: 10.203.1.4 + +bird__bgp_addr: + back: + - 2a09:6840:203::1:4 + - 10.203.1.4 + +bird__pref_src_addr: + - 2a09:6840:203::1:4 + - 45.66.111.211 ... diff --git a/host_vars/isp-1.back.infra.auro.re.yml b/host_vars/isp-1.back.infra.auro.re.yml index 9f3eb70..af2f17c 100644 --- a/host_vars/isp-1.back.infra.auro.re.yml +++ b/host_vars/isp-1.back.infra.auro.re.yml @@ -13,6 +13,7 @@ ifupdown2__interfaces: back0: addresses: - 2a09:6840:203::1:5/64 + - 45.66.111.211/32 - 10.203.1.5/16 trunk0: ipv6_addrgen: false @@ -44,4 +45,15 @@ ifupdown2__interfaces: vlan_id: 1004 vlan_raw_device: clients0 ipv6_addrgen: false + +bird__router_id: 10.203.1.5 + +bird__bgp_addr: + back: + - 2a09:6840:203::1:5 + - 10.203.1.5 + +bird__pref_src_addr: + - 2a09:6840:203::1:5 + - 45.66.111.211 ... diff --git a/playbooks/bird.yml b/playbooks/bird.yml index 4395d62..2901dec 100755 --- a/playbooks/bird.yml +++ b/playbooks/bird.yml @@ -1,5 +1,11 @@ #!/usr/bin/env ansible-playbook --- +- hosts: + - infra + - isp + roles: + - bird + #- hosts: # - isp-1.back.infra.auro.re # - isp-2.back.infra.auro.re @@ -85,78 +91,6 @@ # - bird -- hosts: - - infra-1.back.infra.auro.re - - infra-2.back.infra.auro.re - vars: - bird__as: - aurore: 43619 - bird__router_ids: - infra-1: 10.203.1.3 - infra-2: 10.203.1.4 - bird__pref_src_addrs: - infra-1: - - 2a09:6840:203::1:3 - - 45.66.111.210 - infra-2: - - 2a09:6840:203::1:4 - - 45.66.111.211 - bird__bgp_addrs: - infra-1: - back: - - 2a09:6840:203::1:3 - - 10.203.1.3 - infra-2: - back: - - 2a09:6840:203::1:4 - - 10.203.1.4 - bird__router_id: "{{ bird__router_ids[inventory_hostname_short] }}" - bird__kernel: - kernel: - learn: true - import: accept - export: accept - bird__ospf: - limits: - import: 4000 - export: 4000 - import: accept - export: - protos: kernel - areas: - 0: - broadcast: - - back0 - stub: - - monit0 - - wifi0 - - int0 - - sw0 - - bmc0 - - pve0 - - isp0 - - ext0 - - ups0 - 1: - broadcast: - - vpn0 - bird__bgp: - edge1: - local: - address: "{{ bird__bgp_addrs[inventory_hostname_short].back }}" - as: "{{ bird__as.aurore }}" - neighbor: - address: - - 2a09:6840:203::1:1 - - 10.203.1.1 - as: "{{ bird__as.aurore }}" - import: - - pref_src: "{{ bird__pref_src_addrs[inventory_hostname_short] }}" - - accept - export: reject - roles: - - bird - #- hosts: # - infra-1.back.infra.auro.re # - infra-2.back.infra.auro.re @@ -215,247 +149,247 @@ # roles: # - bird -- hosts: - - edge-1.back.infra.auro.re - - edge-2.back.infra.auro.re - vars: - bird__router_ids: - edge-1.back.infra.auro.re: 10.203.1.1 - edge-2.back.infra.auro.re: 10.203.1.2 - bird__asn: - aurore: 43619 - crans: 204515 - zayo: 8218 - viarezo: 212424 - rezel: 199116 - bird__orig_prefixes: - aurore: - - 45.66.108.0/22 - - 2a09:6840::/32 - - 2a09:6841::/32 - - 2a09:6842::/32 - crans: - - 185.230.76.0/22 - - 2a0c:700::/32 - viarezo: - - 138.195.144.0/20 - - 192.159.121.0/24 - - 2a0c:b641:2f0::/44 - rezel: - - 137.194.8.0/22 - - 2a09:6847::/32 - martians: - - 10.0.0.0/8 - - 172.16.0.0/12 - - 192.168.0.0/16 - - 100.64.0.0/10 - - 127.0.0.0/8 - - 169.254.0.0/16 - - 192.0.0.0/24 - - 192.0.2.0/24 - - 198.18.0.0/15 - - 198.51.100.0/24 - - 203.0.113.0/24 - - 224.0.0.0/4 - - 240.0.0.0/4 - - ::/128 - - ::1/128 - - ::ffff:0:0/96 - - ::/96 - - 100::/64 - - 2001:10::/28 - - 2001:db8::/32 - - fc00::/7 - - fe80::/10 - - fec0::/10 - - ff00::/8 - bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" - bird__bgp_addresses: - edge: - edge-1.back.infra.auro.re: - - 2a09:6840:203::1:1 - - 10.203.1.1 - edge-2.back.infra.auro.re: - - 2a09:6840:203::1:2 - - 10.203.1.2 - legacy: - edge-1.back.infra.auro.re: - - 2a09:6840:129::10:2 - - 10.129.10.2 - edge-2.back.infra.auro.re: - - 2a09:6840:129::10:102 - - 10.129.10.102 - rezel: - edge-1.back.infra.auro.re: - - 2a09:6842:19:9116::1 - - 45.66.111.1 - edge-2.back.infra.auro.re: - - 2a09:6842:19:9116::3 - - 45.66.111.3 - bird__bgp_sessions: - edge: - local: - address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: "{{ bird__bgp_addresses.edge - | dict2items - | selectattr('key', '!=', inventory_hostname) - | map(attribute='value') - | first }}" - as: "{{ bird__asn.aurore }}" - import: - - accept: true - export: - - local_pref: 75 - accept: true - vpn1: - local: - address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6840:203::1:7 - - 10.203.1.7 - as: "{{ bird__asn.aurore }}" - import: - - accept: false - export: - - accept: true - vpn2: - local: - address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6840:203::1:8 - - 10.203.1.8 - as: "{{ bird__asn.aurore }}" - import: - - accept: false - export: - - accept: false - legacy: - next_hop_self: true - local: - address: "{{ bird__bgp_addresses.legacy[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6840:129::240 - - 10.129.0.240 - as: "{{ bird__asn.aurore }}" - import: - - accept: false - export: - - bgp_proto: - - crans - - zayo - - rezel1 - - rezel2 - accept: true - - accept: false - zayo: - local: - address: - - 83.167.52.69 - - 2001:1b48:2:103::d7:2 - as: "{{ bird__asn.aurore }}" - remote: - address: - - 83.167.52.68 - - 2001:1b48:2:103::d7:1 - as: "{{ bird__asn.zayo }}" - import: - - prefix: "{{ bird__orig_prefixes.martians }}" - sub: true - accept: false - - accept: true - export: - - prefix: "{{ ['aurore', 'crans', 'viarezo', 'rezel'] - | map('extract', bird__orig_prefixes) - | flatten }}" - sub: true - accept: true - - accept: false - crans: - local: - address: - - 185.230.79.254 - - 2a0c:700:28::2 - as: "{{ bird__asn.aurore }}" - remote: - address: - - 185.230.79.253 - - 2a0c:700:28::1 - as: "{{ bird__asn.crans }}" - import: - - prefix: "{{ bird__orig_prefixes.crans }}" - sub: true - accept: true - - accept: false - export: - - bgp_proto: - - viarezo - - rezel1 - - rezel2 - - zayo - accept: true - - prefix: "{{ bird__orig_prefixes.aurore }}" - sub: true - accept: true - - accept: false - rezel1: - local: - address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6842:19:9116::2 - - 45.66.111.2 - as: "{{ bird__asn.rezel }}" - import: - - prefix: "{{ bird__orig_prefixes.rezel }}" - sub: true - accept: true - - accept: false - export: - - bgp_proto: - - edge - - viarezo - - crans - - zayo - accept: true - - prefix: "{{ bird__orig_prefixes.aurore }}" - sub: true - accept: true - - accept: false - rezel2: - local: - address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6842:19:9116::4 - - 45.66.111.4 - as: "{{ bird__asn.rezel }}" - import: - - local_pref: 75 - - prefix: "{{ bird__orig_prefixes.rezel }}" - sub: true - accept: true - - accept: false - export: - - bgp_proto: - - edge - - viarezo - - crans - - zayo - accept: true - - prefix: "{{ bird__orig_prefixes.aurore }}" - sub: true - accept: true - - accept: false +#- hosts: +# - edge-1.back.infra.auro.re +# - edge-2.back.infra.auro.re +# vars: +# bird__router_ids: +# edge-1.back.infra.auro.re: 10.203.1.1 +# edge-2.back.infra.auro.re: 10.203.1.2 +# bird__asn: +# aurore: 43619 +# crans: 204515 +# zayo: 8218 +# viarezo: 212424 +# rezel: 199116 +# bird__orig_prefixes: +# aurore: +# - 45.66.108.0/22 +# - 2a09:6840::/32 +# - 2a09:6841::/32 +# - 2a09:6842::/32 +# crans: +# - 185.230.76.0/22 +# - 2a0c:700::/32 +# viarezo: +# - 138.195.144.0/20 +# - 192.159.121.0/24 +# - 2a0c:b641:2f0::/44 +# rezel: +# - 137.194.8.0/22 +# - 2a09:6847::/32 +# martians: +# - 10.0.0.0/8 +# - 172.16.0.0/12 +# - 192.168.0.0/16 +# - 100.64.0.0/10 +# - 127.0.0.0/8 +# - 169.254.0.0/16 +# - 192.0.0.0/24 +# - 192.0.2.0/24 +# - 198.18.0.0/15 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 224.0.0.0/4 +# - 240.0.0.0/4 +# - ::/128 +# - ::1/128 +# - ::ffff:0:0/96 +# - ::/96 +# - 100::/64 +# - 2001:10::/28 +# - 2001:db8::/32 +# - fc00::/7 +# - fe80::/10 +# - fec0::/10 +# - ff00::/8 +# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" +# bird__bgp_addresses: +# edge: +# edge-1.back.infra.auro.re: +# - 2a09:6840:203::1:1 +# - 10.203.1.1 +# edge-2.back.infra.auro.re: +# - 2a09:6840:203::1:2 +# - 10.203.1.2 +# legacy: +# edge-1.back.infra.auro.re: +# - 2a09:6840:129::10:2 +# - 10.129.10.2 +# edge-2.back.infra.auro.re: +# - 2a09:6840:129::10:102 +# - 10.129.10.102 +# rezel: +# edge-1.back.infra.auro.re: +# - 2a09:6842:19:9116::1 +# - 45.66.111.1 +# edge-2.back.infra.auro.re: +# - 2a09:6842:19:9116::3 +# - 45.66.111.3 +# bird__bgp_sessions: +# edge: +# local: +# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: "{{ bird__bgp_addresses.edge +# | dict2items +# | selectattr('key', '!=', inventory_hostname) +# | map(attribute='value') +# | first }}" +# as: "{{ bird__asn.aurore }}" +# import: +# - accept: true +# export: +# - local_pref: 75 +# accept: true +# vpn1: +# local: +# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6840:203::1:7 +# - 10.203.1.7 +# as: "{{ bird__asn.aurore }}" +# import: +# - accept: false +# export: +# - accept: true +# vpn2: +# local: +# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6840:203::1:8 +# - 10.203.1.8 +# as: "{{ bird__asn.aurore }}" +# import: +# - accept: false +# export: +# - accept: false +# legacy: +# next_hop_self: true +# local: +# address: "{{ bird__bgp_addresses.legacy[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6840:129::240 +# - 10.129.0.240 +# as: "{{ bird__asn.aurore }}" +# import: +# - accept: false +# export: +# - bgp_proto: +# - crans +# - zayo +# - rezel1 +# - rezel2 +# accept: true +# - accept: false +# zayo: +# local: +# address: +# - 83.167.52.69 +# - 2001:1b48:2:103::d7:2 +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 83.167.52.68 +# - 2001:1b48:2:103::d7:1 +# as: "{{ bird__asn.zayo }}" +# import: +# - prefix: "{{ bird__orig_prefixes.martians }}" +# sub: true +# accept: false +# - accept: true +# export: +# - prefix: "{{ ['aurore', 'crans', 'viarezo', 'rezel'] +# | map('extract', bird__orig_prefixes) +# | flatten }}" +# sub: true +# accept: true +## - accept: false +# crans: +# local: +# address: +# - 185.230.79.254 +# - 2a0c:700:28::2 +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 185.230.79.253 +# - 2a0c:700:28::1 +# as: "{{ bird__asn.crans }}" +# import: +# - prefix: "{{ bird__orig_prefixes.crans }}" +# sub: true +# accept: true +# - accept: false +# export: +# - bgp_proto: +# - viarezo +# - rezel1 +# - rezel2 +# - zayo +# accept: true +# - prefix: "{{ bird__orig_prefixes.aurore }}" +# sub: true +# accept: true +# - accept: false +# rezel1: +# local: +# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6842:19:9116::2 +# - 45.66.111.2 +# as: "{{ bird__asn.rezel }}" +# import: +# - prefix: "{{ bird__orig_prefixes.rezel }}" +# sub: true +# accept: true +# - accept: false +# export: +# - bgp_proto: +# - edge +# - viarezo +# - crans +# - zayo +# accept: true +# - prefix: "{{ bird__orig_prefixes.aurore }}" +# sub: true +# accept: true +# - accept: false +# rezel2: +# local: +# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6842:19:9116::4 +# - 45.66.111.4 +# as: "{{ bird__asn.rezel }}" +# import: +# - local_pref: 75 +# - prefix: "{{ bird__orig_prefixes.rezel }}" +# sub: true +# accept: true +# - accept: false +# export: +# - bgp_proto: +# - edge +# - viarezo +# - crans +# - zayo +# accept: true +# - prefix: "{{ bird__orig_prefixes.aurore }}" +# sub: true +# accept: true +# - accept: false # viarezo: # local: # address: @@ -485,65 +419,65 @@ # - zayo # accept: true # - accept: false - bird__ospf_broadcast_interfaces: - back0: null - bird__ospf_stub_interfaces: - - crans0 - - zayo0 - - rezel0 - - viarezo0 - bird__static_unreachable: "{{ bird__orig_prefixes.aurore }}" - roles: - - bird +# bird__ospf_broadcast_interfaces: +# back0: null +# bird__ospf_stub_interfaces: +# - crans0 +# - zayo0 +# - rezel0 +# - viarezo0 +# bird__static_unreachable: "{{ bird__orig_prefixes.aurore }}" +# roles: +# - bird -- hosts: - - vpn-1.back.infra.auro.re - - vpn-2.back.infra.auro.re - vars: - bird__asn: - aurore: 43619 - bird__router_ids: - vpn-1.back.infra.auro.re: 10.203.1.7 - vpn-2.back.infra.auro.re: 10.203.1.8 - bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" - bird__bgp_addresses: - vpn-1.back.infra.auro.re: - - 2a09:6840:203::1:7 - - 10.203.1.7 - vpn-2.back.infra.auro.re: - - 2a09:6840:203::1:8 - - 10.203.1.8 - bird__bgp_sessions: - edge1: - local: - address: "{{ bird__bgp_addresses[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6840:203::1:1 - - 10.203.1.1 - as: "{{ bird__asn.aurore }}" - import: - - accept: true - export: - - accept: false - edge2: - local: - address: "{{ bird__bgp_addresses[inventory_hostname] }}" - as: "{{ bird__asn.aurore }}" - remote: - address: - - 2a09:6840:203::1:2 - - 10.203.1.2 - as: "{{ bird__asn.aurore }}" - import: - - accept: true - export: - - accept: false - bird__ospf_broadcast_interfaces: - back0: null - bird__ospf_stub_interfaces: - - wg0 - roles: - - bird +#- hosts: +# - vpn-1.back.infra.auro.re +# - vpn-2.back.infra.auro.re +# vars: +# bird__asn: +# aurore: 43619 +# bird__router_ids: +# vpn-1.back.infra.auro.re: 10.203.1.7 +# vpn-2.back.infra.auro.re: 10.203.1.8 +# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" +# bird__bgp_addresses: +# vpn-1.back.infra.auro.re: +# - 2a09:6840:203::1:7 +# - 10.203.1.7 +# vpn-2.back.infra.auro.re: +# - 2a09:6840:203::1:8 +# - 10.203.1.8 +# bird__bgp_sessions: +# edge1: +# local: +# address: "{{ bird__bgp_addresses[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6840:203::1:1 +# - 10.203.1.1 +# as: "{{ bird__asn.aurore }}" +# import: +# - accept: true +# export: +# - accept: false +# edge2: +# local: +# address: "{{ bird__bgp_addresses[inventory_hostname] }}" +# as: "{{ bird__asn.aurore }}" +# remote: +# address: +# - 2a09:6840:203::1:2 +# - 10.203.1.2 +# as: "{{ bird__asn.aurore }}" +# import: +# - accept: true +# export: +# - accept: false +# bird__ospf_broadcast_interfaces: +# back0: null +# bird__ospf_stub_interfaces: +## - wg0 +# roles: +# - bird ... diff --git a/roles/bird/templates/.bird.conf.j2.swp b/roles/bird/templates/.bird.conf.j2.swp new file mode 100644 index 0000000..bbe98ff Binary files /dev/null and b/roles/bird/templates/.bird.conf.j2.swp differ diff --git a/roles/bird/templates/bird.conf.j2 b/roles/bird/templates/bird.conf.j2 index 099ebe9..92360b3 100644 --- a/roles/bird/templates/bird.conf.j2 +++ b/roles/bird/templates/bird.conf.j2 @@ -112,6 +112,27 @@ protocol bgp {{ name | bird_name(ipv4) }} { {% endfor %} {% endfor %} +{% if bird__radv is defined %} +protocol radv { +{% set interfaces = bird__radv.interfaces | default({}) %} +{% for iface, radv in interfaces.items() %} + interface {{ iface | enquote }} { + max ra interval {{ radv.max_interval + | default(bird__radv_max_interval) }}; +{% for prefix in radv.prefixes | default([]) %} + prefix {{ prefix }}; +{% endfor %} +{% for domain in radv.domain_search | default([]) %} + dnssl {{ domain | enquote }}; +{% endfor %} + }; +{% endfor %} +{% for addr in bird__radv.rdnss | default([]) %} + rdnss {{ addr }}; +{% endfor %} +} +{% endif %} + {# {% if bird__static_unreachable | ansible.utils.ipv4 %} protocol static unreachable4 { ipv4 { @@ -133,102 +154,3 @@ protocol static unreachable6 { {% endfor %} } {% endif %} #} - -{# {% macro bird_filter(filter, last) %} -{% if filter.as_prepend is defined %} -{% for _ in range(filter.as_prepend.size) %} -bgp_path.prepend({{ filter.as_prepend.asn }}); -{% endfor %} -{% endif %} -{% if filter.local_pref is defined %} -bgp_local_pref = {{ filter.local_pref }}; -{% endif %} -{% if filter.accept is defined %} -{{ filter.accept | ternary("accept", "reject") }}; -{% endif %} -{% endmacro %} - -{% for name, session in bird__bgp_sessions.items() %} -{% for version in [4, 6] %} -{% for direction in ["import", "export"] %} -filter bgp{{ version }}_{{ direction }}_{{ name }} { -{% for filter in session[direction] %} -{% set negate = filter.negate | default(False) %} -{% set networks = - filter.prefix - | default([]) - | ansible.utils.ipaddr(version=version) - | map("suffix", filter.sub - | default(False) - | ternary("+", "")) - | list %} -{% set bgp_protos = - filter.bgp_proto - | default([]) - | map("format_rev", 'proto {1} "bgp{2}_{0}"', - negate | ternary("!=", "="), version) - | list %} -{% if networks or bgp_protos %} -{% if networks %} -{% set op = negate | ternary("!~", "~") %} - if net {{ op }} [ {{ networks | join(", ") }} ] then { -{% elif bgp_protos %} -{% set op = negate | ternary("&&", "||") %} - if {{ bgp_protos | join(" " + op + " ") }} then { -{% endif %} - {{ bird_filter(filter) | indent(8) }} - } -{% else %} - {{ bird_filter(filter) | indent(4) }} -{% endif %} -{% endfor %} -} - -{% endfor %} -{% endfor %} -{% endfor %} - -{% for name, session in bird__bgp_sessions.items() %} -{% for local_address in session.local.address %} -{% set version = - local_address - | ansible.utils.ipaddr(query="version") %} -{% set remote_address = - session.remote.address - | ansible.utils.ipaddr(version=version) - | first %} -protocol bgp bgp{{ version }}_{{ name }} { - local {{ local_address }} as {{ session.local.as }}; - neighbor {{ remote_address }} as {{ session.remote.as }}; - {{ "ipv4" if version == 4 else "ipv6" }} { -{% if session.next_hop_self | default(False) %} - next hop self; -{% endif %} -{% if session.direct | default(False) %} - direct; -{% endif %} - import filter bgp{{ version }}_import_{{ name }}; - export filter bgp{{ version }}_export_{{ name }}; - }; -} -{% endfor %} -{% endfor %} - -{% if bird__radv_interfaces %} -protocol radv { -{% for name, iface in bird__radv_interfaces.items() %} - interface {{ name | enquote }} { - max ra interval {{ bird__radv_max_interval | int }}; -{% for prefix in iface.prefix | default([]) %} - prefix {{ prefix | ipaddr }}; -{% endfor %} -{% for domain in iface.domain_search | default([]) %} - dnssl {{ domain | enquote }}; -{% endfor %} - }; -{% endfor %} -{% for address in bird__radv_dns_servers %} - rdnss {{ address | ipaddr }}; -{% endfor %} -} -{% endif %} #}