aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

bird: filter by proto (ugly)

Browse source
This commit is contained in:
jeltz 2023-01-07 08:53:44 +01:00
parent e7c3a9c771
commit 6d66e56b15
Signed by: jeltz
GPG key ID: 800882B66C0C3326
2 changed files with 118 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
playbooks/bird.yml
View file

@ -65,6 +65,42 @@
- enp2s1 - enp2s1
- enp2s2 - enp2s2
- enp2s3 - enp2s3
bird__asn:
aurore: 43619
bird__bgp_addresses:
infra-1.rtr.infra.auro.re:
- 2a09:6840:203:1:3::1
- 10.203.1.3
infra-2.rtr.infra.auro.re:
- 2a09:6840:203:1:4::1
- 10.203.1.4
bird__bgp_sessions:
- name: edge1
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203:0:1::1
- 10.203.0.1
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: false
- name: edge2
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203:0:2::1
- 10.203.0.2
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: false
roles: roles:
- bird - bird
@ -117,10 +153,65 @@
- fec0::/10 - fec0::/10
- ff00::/8 - ff00::/8
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
#bird__ospf_stub_networks: bird__bgp_addresses:
# - 0.0.0.0/0 edge-1.rtr.infra.auro.re:
# - ::/0 - 2a09:6840:203:0:1::1
- 10.203.0.1
edge-2.rtr.infra.auro.re:
- 2a09:6840:203:0:2::1
- 10.203.0.2
bird__bgp_sessions: bird__bgp_sessions:
- name: edge
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address: "{{ bird__bgp_addresses
| dict2items
| selectattr('key', '!=', inventory_hostname)
| map(attribute='value')
| first }}"
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: true
- name: infra1
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203:1:3::1
- 10.203.1.3
as: "{{ bird__asn.aurore }}"
import:
- accept: false
export:
- bgp_proto:
- crans
- viarezo
- zayo
accept: true
- accept: false
- name: infra2
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203:1:4::1
- 10.203.1.4
as: "{{ bird__asn.aurore }}"
import:
- accept: false
export:
- bgp_proto:
- crans
- viarezo
- zayo
accept: true
- accept: false
- name: zayo - name: zayo
local: local:
address: address:
@ -190,9 +281,9 @@
- ens19 - ens19
- ens20 - ens20
- ens21 - ens21
#bird__static_unreachable: bird__static_unreachable:
# - 45.66.108.0/22 - 45.66.108.0/22
# - 2a09:6840::/29 - 2a09:6840::/29
roles: roles:
- bird - bird
... ...

30
roles/bird/templates/bird.conf.j2
View file

@ -110,7 +110,7 @@ protocol ospf v3 ospf6 {
} }
{% endif %} {% endif %}
{% macro bird_filter(filter, last) %} {% macro bird_filter(filter, last) %}
{% if filter.as_prepend is defined %} {% if filter.as_prepend is defined %}
{% for _ in range(filter.as_prepend.size) %} {% for _ in range(filter.as_prepend.size) %}
bgp_path.prepend({{ filter.as_prepend.asn }}); bgp_path.prepend({{ filter.as_prepend.asn }});
@ -119,33 +119,42 @@ bgp_path.prepend({{ filter.as_prepend.asn }});
{% if filter.local_pref is defined %} {% if filter.local_pref is defined %}
bgp_local_pref = {{ filter.local_pref }}; bgp_local_pref = {{ filter.local_pref }};
{% endif %} {% endif %}
{% if filter.accept is defined %} {% if filter.accept is defined %}
{{ filter.accept | ternary("accept", "reject") }}; {{ filter.accept | ternary("accept", "reject") }};
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
{# FIXME: massive cleanup required #}
{% for session in bird__bgp_sessions %} {% for session in bird__bgp_sessions %}
{% for version in [4, 6] %} {% for version in [4, 6] %}
{% for direction in ["import", "export"] %} {% for direction in ["import", "export"] %}
filter bgp{{ version }}_{{ direction }}_{{ session.name }} { filter bgp{{ version }}_{{ direction }}_{{ session.name }} {
{% for filter in session[direction] %} {% for filter in session[direction] %}
{% if filter.prefix | default([]) %} {% set negate = filter.negate | default(False) %}
{% set op =
filter.negate
| default(False)
| ternary("!~", "~") %}
{% set networks = {% set networks =
filter.prefix filter.prefix
| default([]) | default([])
| ansible.utils.ipaddr(version=version) | ansible.utils.ipaddr(version=version)
| map("suffix", filter.sub | map("suffix", filter.sub
| default(False) | default(False)
| ternary("+", "")) %} | ternary("+", ""))
| list %}
{% set bgp_protos =
filter.bgp_proto
| default([])
| map("format_rev", 'proto {1} "bgp{2}_{0}"',
negate | ternary("!=", "="), version)
| list %}
{% if networks or bgp_protos %}
{% if networks %} {% if networks %}
{% set op = negate | ternary("!~", "~") %}
if net {{ op }} [ {{ networks | join(", ") }} ] then { if net {{ op }} [ {{ networks | join(", ") }} ] then {
{% elif bgp_protos %}
{% set op = negate | ternary("&&", "||") %}
if {{ bgp_protos | join(" " + op + " ") }} then {
{% endif %}
{{ bird_filter(filter) | indent(8) }} {{ bird_filter(filter) | indent(8) }}
} }
{% endif %}
{% else %} {% else %}
{{ bird_filter(filter) | indent(4) }} {{ bird_filter(filter) | indent(4) }}
{% endif %} {% endif %}
@ -169,6 +178,9 @@ protocol bgp bgp{{ version }}_{{ session.name }} {
local {{ local_address }} as {{ session.local.as }}; local {{ local_address }} as {{ session.local.as }};
neighbor {{ remote_address }} as {{ session.remote.as }}; neighbor {{ remote_address }} as {{ session.remote.as }};
{{ "ipv4" if version == 4 else "ipv6" }} { {{ "ipv4" if version == 4 else "ipv6" }} {
{% if session.next_hop_self | default(False) %}
next hop self;
{% endif %}
import filter bgp{{ version }}_import_{{ session.name }}; import filter bgp{{ version }}_import_{{ session.name }};
export filter bgp{{ version }}_export_{{ session.name }}; export filter bgp{{ version }}_export_{{ session.name }};
}; };