bird: filter by proto (ugly)

2023-01-07 08:53:44 +01:00 · 2023-01-07 08:53:44 +01:00 · 6d66e56b15
commit 6d66e56b15
parent e7c3a9c771
2 changed files with 118 additions and 15 deletions
--- a/playbooks/bird.yml
+++ b/playbooks/bird.yml
@ -65,6 +65,42 @@
      - enp2s1
      - enp2s2
      - enp2s3
+    bird__asn:
+      aurore: 43619
+    bird__bgp_addresses:
+      infra-1.rtr.infra.auro.re:
+        - 2a09:6840:203:1:3::1
+        - 10.203.1.3
+      infra-2.rtr.infra.auro.re:
+        - 2a09:6840:203:1:4::1
+        - 10.203.1.4
+    bird__bgp_sessions:
+      - name: edge1
+        local:
+          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
+          as: "{{ bird__asn.aurore }}"
+        remote:
+          address:
+            - 2a09:6840:203:0:1::1
+            - 10.203.0.1
+          as: "{{ bird__asn.aurore }}"
+        import:
+          - accept: true
+        export:
+          - accept: false
+      - name: edge2
+        local:
+          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
+          as: "{{ bird__asn.aurore }}"
+        remote:
+          address:
+            - 2a09:6840:203:0:2::1
+            - 10.203.0.2
+          as: "{{ bird__asn.aurore }}"
+        import:
+          - accept: true
+        export:
+          - accept: false
  roles:
    - bird

@ -117,10 +153,65 @@
        - fec0::/10
        - ff00::/8
    bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
-    #bird__ospf_stub_networks:
-    #  - 0.0.0.0/0
-    #  - ::/0
+    bird__bgp_addresses:
+      edge-1.rtr.infra.auro.re:
+        - 2a09:6840:203:0:1::1
+        - 10.203.0.1
+      edge-2.rtr.infra.auro.re:
+        - 2a09:6840:203:0:2::1
+        - 10.203.0.2
    bird__bgp_sessions:
+      - name: edge
+        local:
+          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
+          as: "{{ bird__asn.aurore }}"
+        remote:
+          address: "{{ bird__bgp_addresses
+                       | dict2items
+                       | selectattr('key', '!=', inventory_hostname)
+                       | map(attribute='value')
+                       | first }}"
+          as: "{{ bird__asn.aurore }}"
+        import:
+          - accept: true
+        export:
+          - accept: true
+      - name: infra1
+        local:
+          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
+          as: "{{ bird__asn.aurore }}"
+        remote:
+          address:
+            - 2a09:6840:203:1:3::1
+            - 10.203.1.3
+          as: "{{ bird__asn.aurore }}"
+        import:
+          - accept: false
+        export:
+          - bgp_proto:
+              - crans
+              - viarezo
+              - zayo
+            accept: true
+          - accept: false
+      - name: infra2
+        local:
+          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
+          as: "{{ bird__asn.aurore }}"
+        remote:
+          address:
+            - 2a09:6840:203:1:4::1
+            - 10.203.1.4
+          as: "{{ bird__asn.aurore }}"
+        import:
+          - accept: false
+        export:
+          - bgp_proto:
+              - crans
+              - viarezo
+              - zayo
+            accept: true
+          - accept: false
      - name: zayo
        local:
          address:
@ -190,9 +281,9 @@
      - ens19
      - ens20
      - ens21
-    #bird__static_unreachable:
-    #  - 45.66.108.0/22
-    #  - 2a09:6840::/29
+    bird__static_unreachable:
+      - 45.66.108.0/22
+      - 2a09:6840::/29
  roles:
    - bird
 ...
--- a/roles/bird/templates/bird.conf.j2
+++ b/roles/bird/templates/bird.conf.j2
@ -124,28 +124,37 @@ bgp_local_pref = {{ filter.local_pref }};
 {% endif %}
 {% endmacro %}

+{# FIXME: massive cleanup required #}
 {% for session in bird__bgp_sessions %}
 {% for version in [4, 6] %}
 {% for direction in ["import", "export"] %}
 filter bgp{{ version }}_{{ direction }}_{{ session.name }} {
 {% for filter in session[direction] %}
-{% if filter.prefix | default([]) %}
-{% set op =
-       filter.negate
-       | default(False)
-       | ternary("!~", "~") %}
+{% set negate = filter.negate | default(False) %}
 {% set networks =
       filter.prefix
       | default([])
       | ansible.utils.ipaddr(version=version)
       | map("suffix", filter.sub
                       | default(False)
-                       | ternary("+", "")) %}
+                       | ternary("+", ""))
+       | list %}
+{% set bgp_protos =
+       filter.bgp_proto
+       | default([])
+       | map("format_rev", 'proto {1} "bgp{2}_{0}"',
+             negate | ternary("!=", "="), version)
+       | list %}
+{% if networks or bgp_protos %}
 {% if networks %}
+{% set op = negate | ternary("!~", "~") %}
    if net {{ op }} [ {{ networks | join(", ") }} ] then {
+{% elif bgp_protos %}
+{% set op = negate | ternary("&&", "||") %}
+    if {{ bgp_protos | join(" " + op  + " ") }} then {
+{% endif %}
        {{ bird_filter(filter) | indent(8) }}
    }
-{% endif %}
 {% else %}
    {{ bird_filter(filter) | indent(4) }}
 {% endif %}
@ -169,6 +178,9 @@ protocol bgp bgp{{ version }}_{{ session.name }} {
    local {{ local_address }} as {{ session.local.as }};
    neighbor {{ remote_address }} as {{ session.remote.as }};
    {{ "ipv4" if version == 4 else "ipv6" }} {
+{% if session.next_hop_self | default(False) %}
+        next hop self;
+{% endif %}
        import filter bgp{{ version }}_import_{{ session.name }};
        export filter bgp{{ version }}_export_{{ session.name }};
    };