bgp-contd, prior to redundancy for branch office

R0/config

@@ -31,3 +31,17 @@ lxc.net.1.veth.pair = r0.2
 lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
 lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
 lxc.net.1.hwaddr = 02:00:0a:28:02:01
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = lan
+lxc.net.0.veth.pair = r0.1
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.1.type = veth
+lxc.net.1.flags = up
+lxc.net.1.name = ebgp_r11
+lxc.net.1.veth.pair = r0.3
+lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.1.script.down = /etc/lxc/lxc-openvswitch

R0/rootfs/etc/bird/bird6.conf

@@ -1,4 +1,4 @@
-router id 10.40.217.0;
+router id 10.0.0.0;
 
 log "/var/log/bird/bird6.log" all;
 debug protocols { states, routes, filters, interfaces }
@@ -15,16 +15,84 @@ protocol device {
 protocol ospf {
 	area 0 {
 		# BIRD ignores the IPv6 lo because it has no link local address
-		stubnet 2001:db8:40::/128;
+		stubnet 2001:db8::ff/128;
-		interface "vlan216" {
+		interface "lan" {
 		};
-		interface "vlan2" {
+		interface "ebgp_r11" {
 			stub;
 		};
 	};
 }
 
-protocol bgp ibgp_r0 {
+protocol static {
-    neighbor 2001:db8:40:d8::1 as 64080;
+	import all;
-    local    2001:db8:40:d8::2 as 64080;
+	route 2001:db8::/48 blackhole;
+}
+
+##############################################################################
+# BGP table
+#
+
+# Use this routing table to gather external routes received via BGP which we
+# want push to the kernel via our master table and to other routers in our AS
+# via iBGP or even to other routers outside our AS again (transit), which can
+# be connected here or to a router elsewhere on the border of our AS.
+
+table t_bgp;
+
+protocol pipe p_master_to_bgp {
+	table master;
+	peer table t_bgp;
+	import all;  # default
+	export none;  # default
+}
+
+##############################################################################
+# eBGP R11
+#
+
+table t_r11;
+
+protocol static originate_to_r11 {
+	table t_r11;
+	import all;  # originate here
+	route 2001:db8::/48 blackhole;
+}
+
+protocol bgp ebgp_r11 {
+	table t_r11;
+	local    2001:db8:0:3::ff as 65000;
+	neighbor 2001:db8:0:3::11 as 65010;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r11 {
+	table t_bgp;
+	peer table t_r11;
+	import where proto = "ebgp_r11";
+	export none;
+}
+
+##############################################################################
+# iBGP
+#
+
+protocol bgp ibgp_r2 {
+	table t_bgp;
+	igp table master;
+	import none;
+	export all;
+	local    2001:db8::ff as 65000;
+	neighbor 2001:db8::2  as 65000;
+}
+
+
+protocol bgp ibgp_r1 {
+	table t_bgp;
+	igp table master;
+	import all;
+	export all;
+	local    2001:db8::ff as 65000;
+	neighbor 2001:db8::1  as 65000;
 }

R0/rootfs/etc/hosts

@@ -3,3 +3,30 @@
 ff02::1		ip6-allnodes
 ff02::2		ip6-allrouters
 
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R0/rootfs/etc/network/interfaces

@@ -1,24 +1,18 @@
 auto lo
 iface lo inet loopback
-	up ip addr add 10.40.217.0/32 dev lo
+	up ip addr add 2001:db8::ff/128 dev lo
-	up ip addr add 2001:db8:40:: dev lo
+	down ip addr del 2001:db8::ff/128 dev lo
-	down ip addr del 2001:db8:40:: dev lo
-	down ip addr del 10.40.217.0/32 dev lo
 
-auto vlan2
+auto lan
-iface vlan2 inet manual
+iface lan inet manual
-	up ip link set up dev vlan2
+	up ip link set up dev lan
-	up ip addr add 10.40.2.1/24 brd + dev vlan2
+	up ip addr add 2001:db8:0:1::ff/120 dev lan
-	up ip addr add 2001:db8:40:2::1/120 dev vlan2
+	down ip addr del 2001:db8:0:1::ff/120 dev lan
-	down ip addr del 2001:db8:40:2::1/120 dev vlan2
+	down ip link set down dev lan
-	down ip addr del 10.40.2.1/24 dev vlan2
-	down up link set down dev vlan2
 
-auto vlan216
+auto ebgp_r11
-iface vlan216 inet manual
+iface ebgp_r11 inet manual
-	up ip link set up dev vlan216
+	up ip link set up dev ebgp_r11
-	up ip addr add 10.40.216.2/28 brd + dev vlan216
+	up ip addr add 2001:db8:0:3::ff/120 dev ebgp_r11
-	up ip addr add 2001:db8:40:d8::2/120 dev vlan216
+	down ip addr del 2001:db8:0:3::ff/120 dev ebgp_r11
-	down ip addr del 2001:db8:40:d8::2/120 dev vlan216
+	down ip link set down dev ebgp_r11
-	down ip addr del 10.40.216.2/28 dev vlan216
-	down up link set down dev vlan216

R1/config

@@ -34,3 +34,24 @@ lxc.net.1.veth.pair = r1.3
 lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
 lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
 lxc.net.1.hwaddr = 02:00:0a:28:03:01
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = lan
+lxc.net.0.veth.pair = r1.1
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.1.type = veth
+lxc.net.1.flags = up
+lxc.net.1.name = ebgp_r10
+lxc.net.1.veth.pair = r1.4
+lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.2.type = veth
+lxc.net.2.flags = up
+lxc.net.2.name = ebgp_r20
+lxc.net.2.veth.pair = r1.5
+lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.2.script.down = /etc/lxc/lxc-openvswitch

R1/rootfs/etc/bird/bird6.conf

@@ -1,4 +1,4 @@
-router id 10.40.217.1;
+router id 10.0.0.1;
 
 log "/var/log/bird/bird6.log" all;
 debug protocols { states, routes, filters, interfaces }
@@ -15,16 +15,113 @@ protocol device {
 protocol ospf {
 	area 0 {
 		# BIRD ignores the IPv6 lo because it has no link local address
-		stubnet 2001:db8:40::1/128;
+		stubnet 2001:db8::1/128;
-		interface "vlan216" {
+		interface "lan" {
 		};
-		interface "vlan3" {
+		interface "ebgp_r10" {
+			stub;
+		};
+		interface "ebgp_r20" {
 			stub;
 		};
 	};
 }
 
-protocol bgp ibgp_r3 {
+protocol static {
-    local    2001:db8:40::1 as 64080;
+	import all;
-    neighbor 2001:db8:40::3 as 64080;
+	route 2001:db8::/48 blackhole;
+}
+
+##############################################################################
+# BGP table
+#
+
+# Use this routing table to gather external routes received via BGP which we
+# want push to the kernel via our master table and to other routers in our AS
+# via iBGP or even to other routers outside our AS again (transit), which can
+# be connected here or to a router elsewhere on the border of our AS.
+
+table t_bgp;
+
+protocol pipe p_master_to_bgp {
+	table master;
+	peer table t_bgp;
+	import all;  # default
+	export none;  # default
+}
+
+##############################################################################
+# eBGP R10
+#
+
+table t_r10;
+
+protocol static originate_to_r10 {
+	table t_r10;
+	import all;  # originate here
+	route 2001:db8::/48 blackhole;
+}
+
+protocol bgp ebgp_r10 {
+	table t_r10;
+	local    2001:db8:10:4::1  as 65000;
+	neighbor 2001:db8:10:4::10 as 65010;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r10 {
+	table t_bgp;
+	peer table t_r10;
+	import where proto = "ebgp_r10";
+	export none;
+}
+
+##############################################################################
+# eBGP R20
+#
+
+table t_r20;
+
+protocol static originate_to_r20 {
+	table t_r20;
+	import all;  # originate here
+	route 2001:db8::/48 blackhole;
+}
+
+protocol bgp ebgp_r20 {
+	table t_r20;
+	local    2001:db8:0:5::1  as 65000;
+	neighbor 2001:db8:0:5::20 as 65020;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r20 {
+	table t_bgp;
+	peer table t_r20;
+	import where proto = "ebgp_r20";
+	export none;
+}
+
+##############################################################################
+# iBGP
+#
+
+protocol bgp ibgp_r2 {
+	table t_bgp;
+	igp table master;
+	import none;
+	export all;
+	local    2001:db8::1 as 65000;
+	neighbor 2001:db8::2 as 65000;
+}
+
+protocol bgp ibgp_r0 {
+	table t_bgp;
+	igp table master;
+	import all;
+	export all;
+	local    2001:db8::1  as 65000;
+	neighbor 2001:db8::ff as 65000;
 }

R1/rootfs/etc/hosts

@@ -3,3 +3,30 @@
 ff02::1		ip6-allnodes
 ff02::2		ip6-allrouters
 
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R1/rootfs/etc/network/interfaces

@@ -1,24 +1,25 @@
 auto lo
 iface lo inet loopback
-	up ip addr add 10.40.217.1/32 dev lo
+	up ip addr add 2001:db8::1/128 dev lo
-	up ip addr add 2001:db8:40::1 dev lo
+	down ip addr del 2001:db8::1/128 dev lo
-	down ip addr del 2001:db8:40::1 dev lo
-	down ip addr del 10.40.217.1/32 dev lo
 
-auto vlan3
+auto lan
-iface vlan3 inet manual
+iface lan inet manual
-	up ip link set up dev vlan3
+	up ip link set up dev lan
-	up ip addr add 10.40.3.1/24 brd + dev vlan3
+	up ip addr add 2001:db8:0:1::1/120 dev lan
-	up ip addr add 2001:db8:40:3::1/120 dev vlan3
+	down ip addr del 2001:db8:0:1::1/120 dev lan
-	down ip addr del 2001:db8:40:3::1/120 dev vlan3
+	down ip link set down dev lan
-	down ip addr del 10.40.3.1/24 dev vlan3
-	down up link set down dev vlan3
 
-auto vlan216
+auto ebgp_r10
-iface vlan216 inet manual
+iface ebgp_r10 inet manual
-	up ip link set up dev vlan216
+	up ip link set up dev ebgp_r10
-	up ip addr add 10.40.216.3/28 brd + dev vlan216
+	up ip addr add 2001:db8:10:4::1/120 dev ebgp_r10
-	up ip addr add 2001:db8:40:d8::3/120 dev vlan216
+	down ip addr del 2001:db8:10:4::1/120 dev ebgp_r10
-	down ip addr del 2001:db8:40:d8::3/120 dev vlan216
+	down ip link set down dev ebgp_r10
-	down ip addr del 10.40.216.3/28 dev vlan216
+
-	down up link set down dev vlan216
+auto ebgp_r20
+iface ebgp_r20 inet manual
+	up ip link set up dev ebgp_r20
+	up ip addr add 2001:db8:0:5::1/120 dev ebgp_r20
+	down ip addr del 2001:db8:0:5::1/120 dev ebgp_r20
+	down ip link set down dev ebgp_r20

R10/config

@@ -31,3 +31,17 @@ lxc.net.1.veth.pair = r10.217
 lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
 lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
 lxc.net.1.hwaddr = 02:00:0a:28:d9:11
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = lan
+lxc.net.0.veth.pair = r10.2
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.1.type = veth
+lxc.net.1.flags = up
+lxc.net.1.name = ebgp_r1
+lxc.net.1.veth.pair = r10.4
+lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.1.script.down = /etc/lxc/lxc-openvswitch

R10/rootfs/etc/bird/bird6.conf

@@ -1,4 +1,4 @@
-router id 10.40.32.10;
+router id 10.0.0.10;
 
 log "/var/log/bird/bird6.log" all;
 debug protocols { states, routes, filters, interfaces }
@@ -15,58 +15,85 @@ protocol device {
 protocol ospf {
 	area 0 {
 		# BIRD ignores the IPv6 lo because it has no link local address
-		stubnet 2001:db8:10:6::a/128;
+		stubnet 2001:db8:10::10/128;
-		interface "vlan33" {
+		interface "lan" {
 		};
-		interface "vlan217" {
+		interface "ebgp_r1" {
 			stub;
 		};
 	};
 }
 
+protocol static {
+	import all;
+	route 2001:db8:10::/48 blackhole;
+}
+
 ##############################################################################
-# eBGP R3
+# BGP table
 #
 
-table t_r3;
+# Use this routing table to gather external routes received via BGP which we
+# want push to the kernel via our master table and to other routers in our AS
+# via iBGP or even to other routers outside our AS again (transit), which can
+# be connected here or to a router elsewhere on the border of our AS.
 
-protocol static originate_to_r3 {
+table t_bgp;
-    table t_r3;
+
-    import all;  # originate here
+protocol pipe p_master_to_bgp {
-    route 2001:db8:10::/48 blackhole;
+	table master;
+	peer table t_bgp;
+	import all;  # default
+	export none;  # default
 }
 
-protocol bgp ebgp_r3 {
+##############################################################################
-    table t_r3;
+# eBGP R1
-    neighbor  2001:db8:40:d910::1 as 64080;
-    local     2001:db8:40:d910::2 as 65033;
-    import all;
-    import keep filtered on;
-    export where source = RTS_STATIC;
-}
-
-protocol pipe p_master_to_r3 {
-    table master;
-    peer table t_r3;
-    import where source = RTS_BGP;
-    export none;
-}
-
-
-###
-# iBGP R11
 #
 
-protocol bgp ibgp_r11 {
+table t_r1;
-  import none;
+
-  export where source = RTS_BGP;
+protocol static originate_to_r1 {
-  local 2001:db8:10:6::a as 65033;
+	table t_r1;
-  neighbor 2001:db8:10:6::b as 65033;
+	import all;  # originate here
+	route 2001:db8:10::/48 blackhole;
 }
 
+protocol bgp ebgp_r1 {
+	table t_r1;
+	local    2001:db8:10:4::10 as 65010;
+	neighbor 2001:db8:10:4::1  as 65000;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r1 {
+	table t_bgp;
+	peer table t_r1;
+	import where proto = "ebgp_r1";
+	export none;
+}
+
+##############################################################################
+# iBGP
+#
+
 protocol bgp ibgp_r12 {
-  import none;
+	table t_bgp;
-  export where source = RTS_BGP;
+	igp table master;
-  local 2001:db8:10:6::a as 65033;
+	import none;
-  neighbor 2001:db8:10:6::c as 65033;
+	export all;
+	local    2001:db8:10::10 as 65010;
+	neighbor 2001:db8:10::12 as 65010;
 }
+
+
+protocol bgp ibgp_r10 {
+	table t_bgp;
+	igp table master;
+	import all;
+	export all;
+	local    2001:db8:10::10 as 65010;
+	neighbor 2001:db8:10::11 as 65010;
+}
+

R10/rootfs/etc/hosts

@@ -3,3 +3,30 @@
 ff02::1		ip6-allnodes
 ff02::2		ip6-allrouters
 
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R10/rootfs/etc/network/interfaces

@@ -1,24 +1,18 @@
 auto lo
 iface lo inet loopback
-	up ip addr add 10.40.32.10/32 dev lo
+	up ip addr add 2001:db8:10::10/128 dev lo
-	up ip addr add 2001:db8:10:6::a dev lo
+	down ip addr del 2001:db8:10::10/128 dev lo
-	down ip addr del 2001:db8:10:6::a dev lo
-	down ip addr del 10.40.32.10/32 dev lo
 
-auto vlan33
+auto lan
-iface vlan33 inet manual
+iface lan inet manual
-	up ip link set up dev vlan33
+	up ip link set up dev lan
-	up ip addr add 10.40.33.1/26 brd + dev vlan33
+	up ip addr add 2001:db8:10:2::10/120 dev lan
-	up ip addr add 2001:db8:10:21::1/120 dev vlan33
+	down ip addr del 2001:db8:10:2::10/120 dev lan
-	down ip addr del 2001:db8:10:21::1/120 dev vlan33
+	down ip link set down dev lan
-	down ip addr del 10.40.33.1/26 dev vlan33
-	down up link set down dev vlan33
 
-auto vlan217
+auto ebgp_r1
-iface vlan217 inet manual
+iface ebgp_r1 inet manual
-	up ip link set up dev vlan217
+	up ip link set up dev ebgp_r1
-	up ip addr add 10.40.217.18/30 brd + dev vlan217
+	up ip addr add 2001:db8:10:4::10/120 dev ebgp_r1
-	up ip addr add 2001:db8:40:d910::2/120 dev vlan217
+	down ip addr del 2001:db8:10:4::10/120 dev ebgp_r1
-	down ip addr del 2001:db8:40:d910::2/120 dev vlan217
+	down ip link set down dev ebgp_r1
-	down ip addr del 10.40.217.18/30 dev vlan217
-	down up link set down dev vlan217

R11/config

@@ -31,3 +31,24 @@ lxc.net.1.veth.pair = r11.48
 lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
 lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
 lxc.net.1.hwaddr = 02:00:0a:28:30:01
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = lan
+lxc.net.0.veth.pair = r11.2
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.1.type = veth
+lxc.net.1.flags = up
+lxc.net.1.name = ebgp_r0
+lxc.net.1.veth.pair = r11.3
+lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.2.type = veth
+lxc.net.2.flags = up
+lxc.net.2.name = ebgp_r20
+lxc.net.2.veth.pair = r11.6
+lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.2.script.down = /etc/lxc/lxc-openvswitch

R11/rootfs/etc/bird/bird6.conf

@@ -1,4 +1,4 @@
-router id 10.40.32.11;
+router id 10.0.0.11;
 
 log "/var/log/bird/bird6.log" all;
 debug protocols { states, routes, filters, interfaces }
@@ -15,20 +15,115 @@ protocol device {
 protocol ospf {
 	area 0 {
 		# BIRD ignores the IPv6 lo because it has no link local address
-		stubnet 2001:db8:10:6::b/128;
+		stubnet 2001:db8:10::11/128;
-		interface "vlan33" {
+		interface "lan" {
 		};
-		interface "vlan48" {
+		interface "ebgp_r0" {
+			stub;
+		};
+		interface "ebgp_r20" {
 			stub;
 		};
 	};
 }
 
-#
+protocol static {
-# iBGP R10
+	import all;
+	route 2001:db8:10::/48 blackhole;
+}
+
+##############################################################################
+# BGP table
 #
 
-protocol bgp ibgpR10 {
+# Use this routing table to gather external routes received via BGP which we
-  local 2001:db8:10:6::b as 65033;
+# want push to the kernel via our master table and to other routers in our AS
-  neighbor 2001:db8:10:6::a as 65033;
+# via iBGP or even to other routers outside our AS again (transit), which can
+# be connected here or to a router elsewhere on the border of our AS.
+
+table t_bgp;
+
+protocol pipe p_master_to_bgp {
+	table master;
+	peer table t_bgp;
+	import all;  # default
+	export none;  # default
 }
+
+##############################################################################
+# eBGP R0
+#
+
+table t_r0;
+
+protocol static originate_to_r0 {
+	table t_r0;
+	import all;  # originate here
+	route 2001:db8:10::/48 blackhole;
+}
+
+protocol bgp ebgp_r0 {
+	table t_r0;
+	local    2001:db8:0:3::11 as 65010;
+	neighbor 2001:db8:0:3::ff as 65000;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r0 {
+	table t_bgp;
+	peer table t_r0;
+	import where proto = "ebgp_r0";
+	export none;
+}
+
+##############################################################################
+# eBGP R20
+#
+
+table t_r20;
+
+protocol static originate_to_r20 {
+	table t_r20;
+	import all;  # originate here
+	route 2001:db8:10::/48 blackhole;
+}
+
+protocol bgp ebgp_r20 {
+	table t_r20;
+	local    2001:db8:10:6::11 as 65010;
+	neighbor 2001:db8:10:6::20 as 65020;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r20 {
+	table t_bgp;
+	peer table t_r20;
+	import where proto = "ebgp_r20";
+	export none;
+}
+
+##############################################################################
+# iBGP
+#
+
+protocol bgp ibgp_r12 {
+	table t_bgp;
+	igp table master;
+	import none;
+	export all;
+	local    2001:db8:10::11 as 65010;
+	neighbor 2001:db8:10::12 as 65010;
+}
+
+
+protocol bgp ibgp_r10 {
+	table t_bgp;
+	igp table master;
+	import all;
+	export all;
+	local    2001:db8:10::11 as 65010;
+	neighbor 2001:db8:10::10 as 65010;
+}
+

R11/rootfs/etc/hosts

@@ -3,3 +3,30 @@
 ff02::1		ip6-allnodes
 ff02::2		ip6-allrouters
 
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R11/rootfs/etc/network/interfaces

@@ -1,24 +1,25 @@
 auto lo
 iface lo inet loopback
-	up ip addr add 10.40.32.11/32 dev lo
+	up ip addr add 2001:db8:10::11/128 dev lo
-	up ip addr add 2001:db8:10:6::b dev lo
+	down ip addr del 2001:db8:10::11/128 dev lo
-	down ip addr del 2001:db8:10:6::b dev lo
-	down ip addr del 10.40.32.11/32 dev lo
 
-auto vlan48
+auto lan
-iface vlan48 inet manual
+iface lan inet manual
-	up ip link set up dev vlan48
+	up ip link set up dev lan
-	up ip addr add 10.40.48.1/21 brd + dev vlan48
+	up ip addr add 2001:db8:10:2::11/120 dev lan
-	up ip addr add 2001:db8:10:30::1/117 dev vlan48
+	down ip addr del 2001:db8:10:2::11/120 dev lan
-	down ip addr del 2001:db8:10:30::1/117 dev vlan48
+	down ip link set down dev lan
-	down ip addr del 10.40.48.1/21 dev vlan48
-	down up link set down dev vlan48
 
-auto vlan33
+auto ebgp_r0
-iface vlan33 inet manual
+iface ebgp_r0 inet manual
-	up ip link set up dev vlan33
+	up ip link set up dev ebgp_r0
-	up ip addr add 10.40.33.2/26 brd + dev vlan33
+	up ip addr add 2001:db8:0:3::11/120 dev ebgp_r0
-	up ip addr add 2001:db8:10:21::2/120 dev vlan33
+	down ip addr del 2001:db8:0:3::11/120 dev ebgp_r0
-	down ip addr del 2001:db8:10:21::2/120 dev vlan33
+	down ip link set down dev ebgp_r0
-	down ip addr del 10.40.33.2/26 dev vlan33
+
-	down up link set down dev vlan33
+auto ebgp_r20
+iface ebgp_r20 inet manual
+	up ip link set up dev ebgp_r20
+	up ip addr add 2001:db8:10:6::11/120 dev ebgp_r20
+	down ip addr del 2001:db8:10:6::11/120 dev ebgp_r20
+	down ip link set down dev ebgp_r20

R12/config

@@ -31,3 +31,10 @@ lxc.net.1.veth.pair = r12.36
 lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
 lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
 lxc.net.1.hwaddr = 02:00:0a:28:24:01
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = lan
+lxc.net.0.veth.pair = r12.2
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch

R12/rootfs/etc/bird/bird6.conf

@@ -1,4 +1,4 @@
-router id 10.40.32.12;
+router id 10.0.0.12;
 
 log "/var/log/bird/bird6.log" all;
 debug protocols { states, routes, filters, interfaces }
@@ -15,20 +15,31 @@ protocol device {
 protocol ospf {
 	area 0 {
 		# BIRD ignores the IPv6 lo because it has no link local address
-		stubnet 2001:db8:10:6::c/128;
+		stubnet 2001:db8:10::12/128;
-		interface "vlan33" {
+		interface "lan" {
-		};
-		interface "vlan36" {
-			stub;
 		};
 	};
 }
 
-#
+protocol static {
-# iBGP R10
+	import all;
+	route 2001:db8:10::/48 blackhole;
+}
+
+##############################################################################
+# iBGP
 #
 
 protocol bgp ibgp_r10 {
- local 2001:db8:10:6::c as 65033;
+	import all;
- neighbor 2001:db8:10:6::a as 65033;
+	export none;
+	local    2001:db8:10::12 as 65010;
+	neighbor 2001:db8:10::10 as 65010;
+}
+
+protocol bgp ibgp_r11 {
+	import all;
+	export none;
+	local    2001:db8:10::12 as 65010;
+	neighbor 2001:db8:10::11 as 65010;
 }

R12/rootfs/etc/hosts

@@ -3,3 +3,30 @@
 ff02::1		ip6-allnodes
 ff02::2		ip6-allrouters
 
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R12/rootfs/etc/network/interfaces

@@ -1,24 +1,11 @@
 auto lo
 iface lo inet loopback
-	up ip addr add 10.40.32.12/32 dev lo
+	up ip addr add 2001:db8:10::12/128 dev lo
-	up ip addr add 2001:db8:10:6::c dev lo
+	down ip addr del 2001:db8:10::12/128 dev lo
-	down ip addr del 2001:db8:10:6::c dev lo
-	down ip addr del 10.40.32.12/32 dev lo
 
-auto vlan36
+auto lan
-iface vlan36 inet manual
+iface lan inet manual
-	up ip link set up dev vlan36
+	up ip link set up dev lan
-	up ip addr add 10.40.36.1/24 brd + dev vlan36
+	up ip addr add 2001:db8:10:2::12/120 dev lan
-	up ip addr add 2001:db8:10:24::1/120 dev vlan36
+	down ip addr del 2001:db8:10:2::12/120 dev lan
-	down ip addr del 2001:db8:10:24::1/120 dev vlan36
+	down ip link set down dev lan
-	down ip addr del 10.40.36.1/24 dev vlan36
-	down up link set down dev vlan36
-
-auto vlan33
-iface vlan33 inet manual
-	up ip link set up dev vlan33
-	up ip addr add 10.40.33.3/26 brd + dev vlan33
-	up ip addr add 2001:db8:10:21::3/120 dev vlan33
-	down ip addr del 2001:db8:10:21::3/120 dev vlan33
-	down ip addr del 10.40.33.3/26 dev vlan33
-	down up link set down dev vlan33

R2/config

@@ -15,3 +15,10 @@ lxc.arch = amd64
 lxc.pty.max = 1024
 lxc.rootfs.path = btrfs:/var/lib/lxc/R2/rootfs
 lxc.uts.name = R2
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = lan
+lxc.net.0.veth.pair = r2.1
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch

R2/rootfs/etc/bird/bird6.conf

@@ -1,6 +1,6 @@
-router id 10.9.99.2;
+router id 10.0.0.2;
 
-log "/var/log/bird/bird.log" all;
+log "/var/log/bird/bird6.log" all;
 debug protocols { states, routes, filters, interfaces }
 
 protocol kernel {
@@ -13,18 +13,33 @@ protocol device {
 }
 
 protocol ospf {
- area 0 {
+	area 0 {
-  interface "lo" {
+		# BIRD ignores the IPv6 lo because it has no link local address
-   stub;
+		stubnet 2001:db8::2/128;
-  };
+		interface "lan" {
-  interface "vlan1082" {
+		};
-   stub;
+	};
-  };
+}
-  interface "vlan1050" {
-   stub;
-  };
-  interface "vlan1012" {
-  };
- };
-};
 
+protocol static {
+	import all;
+	route 2001:db8::/48 blackhole;
+}
+
+##############################################################################
+# iBGP
+#
+
+protocol bgp ibgp_r0 {
+	import all;
+	export none;
+	local    2001:db8::2  as 65000;
+	neighbor 2001:db8::ff as 65000;
+}
+
+protocol bgp ibgp_r1 {
+	import all;
+	export none;
+	local    2001:db8::2 as 65000;
+	neighbor 2001:db8::1 as 65000;
+}

R2/rootfs/etc/hosts

@@ -3,3 +3,30 @@
 ff02::1		ip6-allnodes
 ff02::2		ip6-allrouters
 
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R2/rootfs/etc/network/interfaces

@@ -1,4 +1,11 @@
 auto lo
 iface lo inet loopback
-	up ip addr add 10.9.99.2/32 dev lo
+	up ip addr add 2001:db8::2/128 dev lo
-	down ip addr del 10.9.99.2/32 dev lo
+	down ip addr del 2001:db8::2/128 dev lo
+
+auto lan
+iface lan inet manual
+	up ip link set up dev lan
+	up ip addr add 2001:db8:0:1::2/120 dev lan
+	down ip addr del 2001:db8:0:1::2/120 dev lan
+	down ip link set down dev lan

R20/config

@@ -0,0 +1,38 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.net.0.type = veth
+#lxc.net.0.link = vlan10
+lxc.net.0.name = vlan10
+lxc.net.0.veth.pair = birdbase.10
+lxc.net.0.flags = up
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/R20/rootfs
+lxc.uts.name = R20
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = ebgp_r1
+lxc.net.0.veth.pair = r20.5
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.net.1.type = veth
+lxc.net.1.flags = up
+lxc.net.1.name = ebgp_r11
+lxc.net.1.veth.pair = r20.6
+lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.1.script.down = /etc/lxc/lxc-openvswitch

R20/rootfs/etc/bird/bird6.conf

@@ -0,0 +1,103 @@
+router id 10.0.0.20;
+
+log "/var/log/bird/bird6.log" all;
+debug protocols { states, routes, filters, interfaces }
+
+protocol kernel {
+	import none;
+	export all;
+}
+
+protocol device {
+	# defaults...
+}
+
+protocol ospf {
+	area 0 {
+		# BIRD ignores the IPv6 lo because it has no link local address
+		stubnet 2001:db8:20::20/128;
+		interface "ebgp_r1" {
+			stub;
+		};
+		interface "ebgp_r11" {
+			stub;
+		};
+	};
+}
+
+protocol static {
+	import all;
+	route 2001:db8:20::/48 blackhole;
+}
+
+##############################################################################
+# BGP table
+#
+
+# Use this routing table to gather external routes received via BGP which we
+# want push to the kernel via our master table and to other routers in our AS
+# via iBGP or even to other routers outside our AS again (transit), which can
+# be connected here or to a router elsewhere on the border of our AS.
+
+table t_bgp;
+
+protocol pipe p_master_to_bgp {
+	table master;
+	peer table t_bgp;
+	import all;  # default
+	export none;  # default
+}
+
+##############################################################################
+# eBGP R1
+#
+
+table t_r1;
+
+protocol static originate_to_r1 {
+	table t_r1;
+	import all;  # originate here
+	route 2001:db8:20::/48 blackhole;
+}
+
+protocol bgp ebgp_r1 {
+	table t_r1;
+	local    2001:db8:0:5::20 as 65020;
+	neighbor 2001:db8:0:5::1  as 65000;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r1 {
+	table t_bgp;
+	peer table t_r1;
+	import where proto = "ebgp_r1";
+	export none;
+}
+
+##############################################################################
+# eBGP R11
+#
+
+table t_r11;
+
+protocol static originate_to_r11 {
+	table t_r11;
+	import all;  # originate here
+	route 2001:db8:20::/48 blackhole;
+}
+
+protocol bgp ebgp_r11 {
+	table t_r11;
+	local    2001:db8:10:6::20 as 65020;
+	neighbor 2001:db8:10:6::11 as 65010;
+	import all;
+	export all;
+}
+
+protocol pipe p_bgp_to_r11 {
+	table t_bgp;
+	peer table t_r11;
+	import where proto = "ebgp_r11";
+	export none;
+}

R20/rootfs/etc/hosts

@@ -0,0 +1,32 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+
+2001:db8::ff       lo.r0 r0
+2001:db8:0:1::ff   lan.r0
+2001:db8:0:3::ff   ebgp_r11.r0
+
+2001:db8:10::10    lo.r10 r10
+2001:db8:10:2::10  lan.r10
+2001:db8:10:4::10  ebgp_r1.r10
+
+2001:db8:10::11    lo.r11 r11
+2001:db8:10:2::11  lan.r11
+2001:db8:0:3::11   ebgp_r0.r11
+2001:db8:10:6::11  ebgp_r20.r11
+
+2001:db8:10::12    lo.r12 r12
+2001:db8:10:2::12  lan.r12
+
+2001:db8::1        lo.r1 r1
+2001:db8:0:1::1    lan.r1
+2001:db8:10:4::1   ebgp_r10.r1
+2001:db8:0:5::1    ebgp_r20.r1
+
+2001:db8:20::20    lo.r20 r20
+2001:db8:0:5::20   ebgp_r1.r20
+2001:db8:10:6::20  ebgp_r11.r20
+
+2001:db8::2        lo.r2 r2
+2001:db8:0:1::2    lan.r2

R20/rootfs/etc/network/interfaces

@@ -0,0 +1,18 @@
+auto lo
+iface lo inet loopback
+	up ip addr add 2001:db8:20::20/128 dev lo
+	down ip addr del 2001:db8:20::20/128 dev lo
+
+auto ebgp_r1
+iface ebgp_r1 inet manual
+	up ip link set up dev ebgp_r1
+	up ip addr add 2001:db8:0:5::20/120 dev ebgp_r1
+	down ip addr del 2001:db8:0:5::20/120 dev ebgp_r1
+	down ip link set down dev ebgp_r1
+
+auto ebgp_r11
+iface ebgp_r11 inet manual
+	up ip link set up dev ebgp_r11
+	up ip addr add 2001:db8:10:6::20/120 dev ebgp_r11
+	down ip addr del 2001:db8:10:6::20/120 dev ebgp_r11
+	down ip link set down dev ebgp_r11

R20/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0