################################################ # Variable header # ################################################ define ROUTERID = 1; define OWNAS = 4242420129; define OWNIPv6 = fdfe:8d0:7450:100::; define OWNNETv6 = fdfe:8d0:7450::/48; define OWNNETSETv6 = [fdfe:8d0:7450::/48+]; ################################################ # Header end # ################################################ router id ROUTERID; protocol device { scan time 10; } /* * Utility functions */ function is_self_net_v6() { return net ~ OWNNETSETv6; } roa6 table dn42_roa_v6; protocol static { roa6 { table dn42_roa_v6; }; include "/etc/bird/roa_dn42_v6.conf"; } function is_valid_network_v6() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 ]; } protocol kernel { scan time 20; ipv6 { import none; export filter { if source = RTS_STATIC then reject; krt_prefsrc = OWNIPv6; accept; }; }; } protocol static { route OWNNETv6 reject; ipv6 { import all; export none; }; } function import_filter() { if !is_valid_network_v6() then { print "[dn42] Rejected invalid route ", net, " ASN ", bgp_path.last; reject; } if is_self_net_v6() then { print "[dn42] Rejected internal route ", net, " ASN ", bgp_path.last; reject; } if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then { print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last; reject; } if (bgp_path.len > 20) then { print "[dn42] Rejected long route ", net, " ASN ", bgp_path.last; reject; } accept; } function export_filter() { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; } template bgp dnpeers { local as OWNAS; path metric 1; graceful restart on; ipv6 { import where import_filter(); export where export_filter(); import limit 9000 action block; }; } include "/etc/bird/community_filters.conf"; include "/etc/bird/babel.conf"; include "/etc/bird/peers/*";