Add import filters for bgp

Less indentation
2024-10-28 13:26:13 +01:00 · 2024-10-28 13:22:53 +01:00
1 changed files with 71 additions and 59 deletions
--- a/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb
@ -15,89 +15,101 @@ protocol device {
 # direct routes to all network interfaces. Can exist in as many instances as you
 # wish if you want to populate multiple routing tables with direct routes.
 protocol direct {
-        ipv4;
-        ipv6;
-        interface "dummy0";
+  ipv4;
+  ipv6;
+  interface "dummy0";
 }

 # The Kernel protocol is not a real routing protocol. Instead of communicating
 # with other routers in the network, it performs synchronization of BIRD
 # routing tables with the OS kernel. One instance per table.
 protocol kernel {
-        ipv4 {
-                import none;
-                export filter { if source = RTS_DEVICE then { reject; } accept; };
-        };
-        # Create ECMP routes in kernel table from multiple paths
-        merge paths;
+  ipv4 {
+    import none;
+    export filter { if source = RTS_DEVICE then { reject; } accept; };
+  };
+# Create ECMP routes in kernel table from multiple paths
+  merge paths;
 }

 protocol kernel {
-        ipv6 {
-                import none;
-                export filter { if source = RTS_DEVICE then { reject; } accept; };
-        };
-        # Create ECMP routes in kernel table from multiple paths
-        merge paths;
+  ipv6 {
+    import none;
+    export filter { if source = RTS_DEVICE then { reject; } accept; };
+  };
+  # Create ECMP routes in kernel table from multiple paths
+  merge paths;
 }

 protocol bgp tug_r11_v4 {
-        description "tug-r11-v4";
-        local 130.242.64.233 as 65443;
-        neighbor 130.242.64.232 as 1653;
-        hold time 90;
+  description "tug-r11-v4";
+  local 130.242.64.233 as 65443;
+  neighbor 130.242.64.232 as 1653;
+  hold time 90;

-        ipv4 {
-                import all;
-                export filter {
-                  if net ~ [ 188.240.152.0/24{32,32} ] then
-                      accept; else reject;
-                  };
-        };
+  ipv4 {
+    import filter {
+      if net ~ [ 0.0.0.0/0 ] then
+        accept; else reject;
+    };
+    export filter {
+      if net ~ [ 188.240.152.0/24{32,32} ] then
+        accept; else reject;
+      };
+  };
 }

 protocol bgp tug_r11_v6 {
-        description "tug-r12-v6";
-        local 2001:6b0:2006:74::1 as 65443;
-        neighbor 2001:6b0:2006:74:: as 1653;
-        hold time 90;
+  description "tug-r12-v6";
+  local 2001:6b0:2006:74::1 as 65443;
+  neighbor 2001:6b0:2006:74:: as 1653;
+  hold time 90;

-        ipv6 {
-                import all;
-                export filter {
-                  if net ~ [ 2001:6b0:2100::/48{128,128} ] then
-                      accept; else reject;
-                  };
-        };
+  ipv6 {
+    import filter {
+      if net ~ [ ::/0 ] then
+        accept; else reject;
+    };
+    export filter {
+      if net ~ [ 2001:6b0:2100::/48{128,128} ] then
+        accept; else reject;
+    };
+  };
 }


 protocol bgp tug_r12_v4 {
-        description "tug-r12-v4";
-        local 130.242.64.235 as 65443;
-        neighbor 130.242.64.234 as 1653;
-        hold time 90;
+  description "tug-r12-v4";
+  local 130.242.64.235 as 65443;
+  neighbor 130.242.64.234 as 1653;
+  hold time 90;

-        ipv4 {
-                import all;
-                export filter {
-                  if net ~ [ 188.240.152.0/24{32,32} ] then
-                      accept; else reject;
-                  };
-        };
+  ipv4 {
+    import filter {
+      if net ~ [ 0.0.0.0/0 ] then
+        accept; else reject;
+    };
+    export filter {
+      if net ~ [ 188.240.152.0/24{32,32} ] then
+        accept; else reject;
+      };
+  };
 }

 protocol bgp tug_r12_v6 {
-        description "tug-r12-v6";
-        local 2001:6b0:2006:75::1 as 65443;
-        neighbor 2001:6b0:2006:75:: as 1653;
-        hold time 90;
+  description "tug-r12-v6";
+  local 2001:6b0:2006:75::1 as 65443;
+  neighbor 2001:6b0:2006:75:: as 1653;
+  hold time 90;

-        ipv6 {
-                import all;
-                export filter {
-                  if net ~ [ 2001:6b0:2100::/48{128,128} ] then
-                      accept; else reject;
-                  };
-        };
+  ipv6 {
+    import filter {
+      if net ~ [ ::/0 ] then
+        accept; else reject;
+    };
+    export filter {
+      if net ~ [ 2001:6b0:2100::/48{128,128} ] then
+        accept; else reject;
+    };
+  };
 }
Author	SHA1	Message	Date
Patrik Lundin	6a8671fa3e	Add import filters for bgp	2024-10-28 13:26:13 +01:00
Patrik Lundin	7dc787cb68	Less indentation	2024-10-28 13:22:53 +01:00