From 6d66e56b15ece591d2341a05d70dff851d0f232b Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 7 Jan 2023 08:53:44 +0100 Subject: [PATCH] bird: filter by proto (ugly) --- playbooks/bird.yml | 103 ++++++++++++++++++++++++++++-- roles/bird/templates/bird.conf.j2 | 30 ++++++--- 2 files changed, 118 insertions(+), 15 deletions(-) diff --git a/playbooks/bird.yml b/playbooks/bird.yml index 6f01cd4..997bf86 100755 --- a/playbooks/bird.yml +++ b/playbooks/bird.yml @@ -65,6 +65,42 @@ - enp2s1 - enp2s2 - enp2s3 + bird__asn: + aurore: 43619 + bird__bgp_addresses: + infra-1.rtr.infra.auro.re: + - 2a09:6840:203:1:3::1 + - 10.203.1.3 + infra-2.rtr.infra.auro.re: + - 2a09:6840:203:1:4::1 + - 10.203.1.4 + bird__bgp_sessions: + - name: edge1 + local: + address: "{{ bird__bgp_addresses[inventory_hostname] }}" + as: "{{ bird__asn.aurore }}" + remote: + address: + - 2a09:6840:203:0:1::1 + - 10.203.0.1 + as: "{{ bird__asn.aurore }}" + import: + - accept: true + export: + - accept: false + - name: edge2 + local: + address: "{{ bird__bgp_addresses[inventory_hostname] }}" + as: "{{ bird__asn.aurore }}" + remote: + address: + - 2a09:6840:203:0:2::1 + - 10.203.0.2 + as: "{{ bird__asn.aurore }}" + import: + - accept: true + export: + - accept: false roles: - bird @@ -117,10 +153,65 @@ - fec0::/10 - ff00::/8 bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" - #bird__ospf_stub_networks: - # - 0.0.0.0/0 - # - ::/0 + bird__bgp_addresses: + edge-1.rtr.infra.auro.re: + - 2a09:6840:203:0:1::1 + - 10.203.0.1 + edge-2.rtr.infra.auro.re: + - 2a09:6840:203:0:2::1 + - 10.203.0.2 bird__bgp_sessions: + - name: edge + local: + address: "{{ bird__bgp_addresses[inventory_hostname] }}" + as: "{{ bird__asn.aurore }}" + remote: + address: "{{ bird__bgp_addresses + | dict2items + | selectattr('key', '!=', inventory_hostname) + | map(attribute='value') + | first }}" + as: "{{ bird__asn.aurore }}" + import: + - accept: true + export: + - accept: true + - name: infra1 + local: + address: "{{ bird__bgp_addresses[inventory_hostname] }}" + as: "{{ bird__asn.aurore }}" + remote: + address: + - 2a09:6840:203:1:3::1 + - 10.203.1.3 + as: "{{ bird__asn.aurore }}" + import: + - accept: false + export: + - bgp_proto: + - crans + - viarezo + - zayo + accept: true + - accept: false + - name: infra2 + local: + address: "{{ bird__bgp_addresses[inventory_hostname] }}" + as: "{{ bird__asn.aurore }}" + remote: + address: + - 2a09:6840:203:1:4::1 + - 10.203.1.4 + as: "{{ bird__asn.aurore }}" + import: + - accept: false + export: + - bgp_proto: + - crans + - viarezo + - zayo + accept: true + - accept: false - name: zayo local: address: @@ -190,9 +281,9 @@ - ens19 - ens20 - ens21 - #bird__static_unreachable: - # - 45.66.108.0/22 - # - 2a09:6840::/29 + bird__static_unreachable: + - 45.66.108.0/22 + - 2a09:6840::/29 roles: - bird ... diff --git a/roles/bird/templates/bird.conf.j2 b/roles/bird/templates/bird.conf.j2 index c812cad..0c8270e 100644 --- a/roles/bird/templates/bird.conf.j2 +++ b/roles/bird/templates/bird.conf.j2 @@ -110,7 +110,7 @@ protocol ospf v3 ospf6 { } {% endif %} -{% macro bird_filter(filter, last) %} +{% macro bird_filter(filter, last) %} {% if filter.as_prepend is defined %} {% for _ in range(filter.as_prepend.size) %} bgp_path.prepend({{ filter.as_prepend.asn }}); @@ -119,33 +119,42 @@ bgp_path.prepend({{ filter.as_prepend.asn }}); {% if filter.local_pref is defined %} bgp_local_pref = {{ filter.local_pref }}; {% endif %} -{% if filter.accept is defined %} +{% if filter.accept is defined %} {{ filter.accept | ternary("accept", "reject") }}; {% endif %} {% endmacro %} +{# FIXME: massive cleanup required #} {% for session in bird__bgp_sessions %} {% for version in [4, 6] %} {% for direction in ["import", "export"] %} filter bgp{{ version }}_{{ direction }}_{{ session.name }} { {% for filter in session[direction] %} -{% if filter.prefix | default([]) %} -{% set op = - filter.negate - | default(False) - | ternary("!~", "~") %} +{% set negate = filter.negate | default(False) %} {% set networks = filter.prefix | default([]) | ansible.utils.ipaddr(version=version) | map("suffix", filter.sub | default(False) - | ternary("+", "")) %} + | ternary("+", "")) + | list %} +{% set bgp_protos = + filter.bgp_proto + | default([]) + | map("format_rev", 'proto {1} "bgp{2}_{0}"', + negate | ternary("!=", "="), version) + | list %} +{% if networks or bgp_protos %} {% if networks %} +{% set op = negate | ternary("!~", "~") %} if net {{ op }} [ {{ networks | join(", ") }} ] then { +{% elif bgp_protos %} +{% set op = negate | ternary("&&", "||") %} + if {{ bgp_protos | join(" " + op + " ") }} then { +{% endif %} {{ bird_filter(filter) | indent(8) }} } -{% endif %} {% else %} {{ bird_filter(filter) | indent(4) }} {% endif %} @@ -169,6 +178,9 @@ protocol bgp bgp{{ version }}_{{ session.name }} { local {{ local_address }} as {{ session.local.as }}; neighbor {{ remote_address }} as {{ session.remote.as }}; {{ "ipv4" if version == 4 else "ipv6" }} { +{% if session.next_hop_self | default(False) %} + next hop self; +{% endif %} import filter bgp{{ version }}_import_{{ session.name }}; export filter bgp{{ version }}_export_{{ session.name }}; };