diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/l4lb.pp b/global/overlay/etc/puppet/modules/cdn/manifests/l4lb.pp index 17c2eca..18b4890 100644 --- a/global/overlay/etc/puppet/modules/cdn/manifests/l4lb.pp +++ b/global/overlay/etc/puppet/modules/cdn/manifests/l4lb.pp @@ -79,4 +79,18 @@ class cdn::l4lb( content => template('cdn/l4lb/bird-override.conf.erb'), notify => [Class['sunet::systemd_reload']] } + + file { '/etc/bird/bird.conf': + ensure => file, + owner => 'bird', + group => 'bird', + mode => '0640', + content => template('cdn/l4lb/bird.conf.erb'), + notify => Service['bird'], + } + + service { 'bird': + ensure => 'running', + enable => true, + } } diff --git a/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb b/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb new file mode 100644 index 0000000..e3b8a31 --- /dev/null +++ b/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb @@ -0,0 +1,103 @@ +# Configure logging +log syslog all; + +# Set router ID. It is a unique identification of your router, usually one of +# IPv4 addresses of the router. It is recommended to configure it explicitly. +router id <%= @facts['networking']['interfaces']['default']['ip'] %>; + +# The Device protocol is not a real routing protocol. It does not generate any +# routes and it only serves as a module for getting information about network +# interfaces from the kernel. It is necessary in almost any configuration. +protocol device { +} + +# The direct protocol is not a real routing protocol. It automatically generates +# direct routes to all network interfaces. Can exist in as many instances as you +# wish if you want to populate multiple routing tables with direct routes. +protocol direct { + ipv4; + ipv6; + interface "dummy0"; +} + +# The Kernel protocol is not a real routing protocol. Instead of communicating +# with other routers in the network, it performs synchronization of BIRD +# routing tables with the OS kernel. One instance per table. +protocol kernel { + ipv4 { + import none; + export filter { if source = RTS_DEVICE then { reject; } accept; }; + }; + # Create ECMP routes in kernel table from multiple paths + merge paths; +} + +protocol kernel { + ipv6 { + import none; + export filter { if source = RTS_DEVICE then { reject; } accept; }; + }; + # Create ECMP routes in kernel table from multiple paths + merge paths; +} + +protocol bgp tug_r11_v4 { + description "tug-r11-v4"; + local 130.242.64.233 as 65443; + neighbor 130.242.64.232 as 1653; + hold time 90; + + ipv4 { + import all; + export filter { + if net ~ [ 188.240.152.0/24{32,32} ] then + accept; else reject; + }; + }; +} + +protocol bgp tug_r11_v6 { + description "tug-r12-v6"; + local 2001:6b0:2006:74::1 as 65443; + neighbor 2001:6b0:2006:74:: as 1653; + hold time 90; + + ipv6 { + import all; + export filter { + if net ~ [ 2001:6b0:2100::/48{128,128} ] then + accept; else reject; + }; + }; +} + + +protocol bgp tug_r12_v4 { + description "tug-r12-v4"; + local 130.242.64.235 as 65443; + neighbor 130.242.64.234 as 1653; + hold time 90; + + ipv4 { + import all; + export filter { + if net ~ [ 188.240.152.0/24{32,32} ] then + accept; else reject; + }; + }; +} + +protocol bgp tug_r12_v6 { + description "tug-r12-v6"; + local 2001:6b0:2006:75::1 as 65443; + neighbor 2001:6b0:2006:75:: as 1653; + hold time 90; + + ipv6 { + import all; + export filter { + if net ~ [ 2001:6b0:2100::/48{128,128} ] then + accept; else reject; + }; + }; +}