bgp-contd, prior to redundancy for branch office
This commit is contained in:
parent
1ccb20421d
commit
49d02ab309
14
R0/config
14
R0/config
|
@ -31,3 +31,17 @@ lxc.net.1.veth.pair = r0.2
|
|||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:28:02:01
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = lan
|
||||
lxc.net.0.veth.pair = r0.1
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = ebgp_r11
|
||||
lxc.net.1.veth.pair = r0.3
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
router id 10.40.217.0;
|
||||
router id 10.0.0.0;
|
||||
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
@ -15,16 +15,84 @@ protocol device {
|
|||
protocol ospf {
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8:40::/128;
|
||||
interface "vlan216" {
|
||||
stubnet 2001:db8::ff/128;
|
||||
interface "lan" {
|
||||
};
|
||||
interface "vlan2" {
|
||||
interface "ebgp_r11" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp ibgp_r0 {
|
||||
neighbor 2001:db8:40:d8::1 as 64080;
|
||||
local 2001:db8:40:d8::2 as 64080;
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# BGP table
|
||||
#
|
||||
|
||||
# Use this routing table to gather external routes received via BGP which we
|
||||
# want push to the kernel via our master table and to other routers in our AS
|
||||
# via iBGP or even to other routers outside our AS again (transit), which can
|
||||
# be connected here or to a router elsewhere on the border of our AS.
|
||||
|
||||
table t_bgp;
|
||||
|
||||
protocol pipe p_master_to_bgp {
|
||||
table master;
|
||||
peer table t_bgp;
|
||||
import all; # default
|
||||
export none; # default
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R11
|
||||
#
|
||||
|
||||
table t_r11;
|
||||
|
||||
protocol static originate_to_r11 {
|
||||
table t_r11;
|
||||
import all; # originate here
|
||||
route 2001:db8::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r11 {
|
||||
table t_r11;
|
||||
local 2001:db8:0:3::ff as 65000;
|
||||
neighbor 2001:db8:0:3::11 as 65010;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r11 {
|
||||
table t_bgp;
|
||||
peer table t_r11;
|
||||
import where proto = "ebgp_r11";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# iBGP
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r2 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import none;
|
||||
export all;
|
||||
local 2001:db8::ff as 65000;
|
||||
neighbor 2001:db8::2 as 65000;
|
||||
}
|
||||
|
||||
|
||||
protocol bgp ibgp_r1 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import all;
|
||||
export all;
|
||||
local 2001:db8::ff as 65000;
|
||||
neighbor 2001:db8::1 as 65000;
|
||||
}
|
||||
|
|
|
@ -3,3 +3,30 @@
|
|||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
||||
|
|
|
@ -1,24 +1,18 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.40.217.0/32 dev lo
|
||||
up ip addr add 2001:db8:40:: dev lo
|
||||
down ip addr del 2001:db8:40:: dev lo
|
||||
down ip addr del 10.40.217.0/32 dev lo
|
||||
up ip addr add 2001:db8::ff/128 dev lo
|
||||
down ip addr del 2001:db8::ff/128 dev lo
|
||||
|
||||
auto vlan2
|
||||
iface vlan2 inet manual
|
||||
up ip link set up dev vlan2
|
||||
up ip addr add 10.40.2.1/24 brd + dev vlan2
|
||||
up ip addr add 2001:db8:40:2::1/120 dev vlan2
|
||||
down ip addr del 2001:db8:40:2::1/120 dev vlan2
|
||||
down ip addr del 10.40.2.1/24 dev vlan2
|
||||
down up link set down dev vlan2
|
||||
auto lan
|
||||
iface lan inet manual
|
||||
up ip link set up dev lan
|
||||
up ip addr add 2001:db8:0:1::ff/120 dev lan
|
||||
down ip addr del 2001:db8:0:1::ff/120 dev lan
|
||||
down ip link set down dev lan
|
||||
|
||||
auto vlan216
|
||||
iface vlan216 inet manual
|
||||
up ip link set up dev vlan216
|
||||
up ip addr add 10.40.216.2/28 brd + dev vlan216
|
||||
up ip addr add 2001:db8:40:d8::2/120 dev vlan216
|
||||
down ip addr del 2001:db8:40:d8::2/120 dev vlan216
|
||||
down ip addr del 10.40.216.2/28 dev vlan216
|
||||
down up link set down dev vlan216
|
||||
auto ebgp_r11
|
||||
iface ebgp_r11 inet manual
|
||||
up ip link set up dev ebgp_r11
|
||||
up ip addr add 2001:db8:0:3::ff/120 dev ebgp_r11
|
||||
down ip addr del 2001:db8:0:3::ff/120 dev ebgp_r11
|
||||
down ip link set down dev ebgp_r11
|
||||
|
|
21
R1/config
21
R1/config
|
@ -34,3 +34,24 @@ lxc.net.1.veth.pair = r1.3
|
|||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:28:03:01
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = lan
|
||||
lxc.net.0.veth.pair = r1.1
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = ebgp_r10
|
||||
lxc.net.1.veth.pair = r1.4
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.2.type = veth
|
||||
lxc.net.2.flags = up
|
||||
lxc.net.2.name = ebgp_r20
|
||||
lxc.net.2.veth.pair = r1.5
|
||||
lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.2.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
router id 10.40.217.1;
|
||||
router id 10.0.0.1;
|
||||
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
@ -15,16 +15,113 @@ protocol device {
|
|||
protocol ospf {
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8:40::1/128;
|
||||
interface "vlan216" {
|
||||
stubnet 2001:db8::1/128;
|
||||
interface "lan" {
|
||||
};
|
||||
interface "vlan3" {
|
||||
interface "ebgp_r10" {
|
||||
stub;
|
||||
};
|
||||
interface "ebgp_r20" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol bgp ibgp_r3 {
|
||||
local 2001:db8:40::1 as 64080;
|
||||
neighbor 2001:db8:40::3 as 64080;
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# BGP table
|
||||
#
|
||||
|
||||
# Use this routing table to gather external routes received via BGP which we
|
||||
# want push to the kernel via our master table and to other routers in our AS
|
||||
# via iBGP or even to other routers outside our AS again (transit), which can
|
||||
# be connected here or to a router elsewhere on the border of our AS.
|
||||
|
||||
table t_bgp;
|
||||
|
||||
protocol pipe p_master_to_bgp {
|
||||
table master;
|
||||
peer table t_bgp;
|
||||
import all; # default
|
||||
export none; # default
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R10
|
||||
#
|
||||
|
||||
table t_r10;
|
||||
|
||||
protocol static originate_to_r10 {
|
||||
table t_r10;
|
||||
import all; # originate here
|
||||
route 2001:db8::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r10 {
|
||||
table t_r10;
|
||||
local 2001:db8:10:4::1 as 65000;
|
||||
neighbor 2001:db8:10:4::10 as 65010;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r10 {
|
||||
table t_bgp;
|
||||
peer table t_r10;
|
||||
import where proto = "ebgp_r10";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R20
|
||||
#
|
||||
|
||||
table t_r20;
|
||||
|
||||
protocol static originate_to_r20 {
|
||||
table t_r20;
|
||||
import all; # originate here
|
||||
route 2001:db8::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r20 {
|
||||
table t_r20;
|
||||
local 2001:db8:0:5::1 as 65000;
|
||||
neighbor 2001:db8:0:5::20 as 65020;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r20 {
|
||||
table t_bgp;
|
||||
peer table t_r20;
|
||||
import where proto = "ebgp_r20";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# iBGP
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r2 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import none;
|
||||
export all;
|
||||
local 2001:db8::1 as 65000;
|
||||
neighbor 2001:db8::2 as 65000;
|
||||
}
|
||||
|
||||
protocol bgp ibgp_r0 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import all;
|
||||
export all;
|
||||
local 2001:db8::1 as 65000;
|
||||
neighbor 2001:db8::ff as 65000;
|
||||
}
|
||||
|
|
|
@ -3,3 +3,30 @@
|
|||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
||||
|
|
|
@ -1,24 +1,25 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.40.217.1/32 dev lo
|
||||
up ip addr add 2001:db8:40::1 dev lo
|
||||
down ip addr del 2001:db8:40::1 dev lo
|
||||
down ip addr del 10.40.217.1/32 dev lo
|
||||
up ip addr add 2001:db8::1/128 dev lo
|
||||
down ip addr del 2001:db8::1/128 dev lo
|
||||
|
||||
auto vlan3
|
||||
iface vlan3 inet manual
|
||||
up ip link set up dev vlan3
|
||||
up ip addr add 10.40.3.1/24 brd + dev vlan3
|
||||
up ip addr add 2001:db8:40:3::1/120 dev vlan3
|
||||
down ip addr del 2001:db8:40:3::1/120 dev vlan3
|
||||
down ip addr del 10.40.3.1/24 dev vlan3
|
||||
down up link set down dev vlan3
|
||||
auto lan
|
||||
iface lan inet manual
|
||||
up ip link set up dev lan
|
||||
up ip addr add 2001:db8:0:1::1/120 dev lan
|
||||
down ip addr del 2001:db8:0:1::1/120 dev lan
|
||||
down ip link set down dev lan
|
||||
|
||||
auto vlan216
|
||||
iface vlan216 inet manual
|
||||
up ip link set up dev vlan216
|
||||
up ip addr add 10.40.216.3/28 brd + dev vlan216
|
||||
up ip addr add 2001:db8:40:d8::3/120 dev vlan216
|
||||
down ip addr del 2001:db8:40:d8::3/120 dev vlan216
|
||||
down ip addr del 10.40.216.3/28 dev vlan216
|
||||
down up link set down dev vlan216
|
||||
auto ebgp_r10
|
||||
iface ebgp_r10 inet manual
|
||||
up ip link set up dev ebgp_r10
|
||||
up ip addr add 2001:db8:10:4::1/120 dev ebgp_r10
|
||||
down ip addr del 2001:db8:10:4::1/120 dev ebgp_r10
|
||||
down ip link set down dev ebgp_r10
|
||||
|
||||
auto ebgp_r20
|
||||
iface ebgp_r20 inet manual
|
||||
up ip link set up dev ebgp_r20
|
||||
up ip addr add 2001:db8:0:5::1/120 dev ebgp_r20
|
||||
down ip addr del 2001:db8:0:5::1/120 dev ebgp_r20
|
||||
down ip link set down dev ebgp_r20
|
||||
|
|
14
R10/config
14
R10/config
|
@ -31,3 +31,17 @@ lxc.net.1.veth.pair = r10.217
|
|||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:28:d9:11
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = lan
|
||||
lxc.net.0.veth.pair = r10.2
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = ebgp_r1
|
||||
lxc.net.1.veth.pair = r10.4
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
router id 10.40.32.10;
|
||||
router id 10.0.0.10;
|
||||
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
@ -15,58 +15,85 @@ protocol device {
|
|||
protocol ospf {
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8:10:6::a/128;
|
||||
interface "vlan33" {
|
||||
stubnet 2001:db8:10::10/128;
|
||||
interface "lan" {
|
||||
};
|
||||
interface "vlan217" {
|
||||
interface "ebgp_r1" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R3
|
||||
# BGP table
|
||||
#
|
||||
|
||||
table t_r3;
|
||||
# Use this routing table to gather external routes received via BGP which we
|
||||
# want push to the kernel via our master table and to other routers in our AS
|
||||
# via iBGP or even to other routers outside our AS again (transit), which can
|
||||
# be connected here or to a router elsewhere on the border of our AS.
|
||||
|
||||
protocol static originate_to_r3 {
|
||||
table t_r3;
|
||||
import all; # originate here
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
table t_bgp;
|
||||
|
||||
protocol pipe p_master_to_bgp {
|
||||
table master;
|
||||
peer table t_bgp;
|
||||
import all; # default
|
||||
export none; # default
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r3 {
|
||||
table t_r3;
|
||||
neighbor 2001:db8:40:d910::1 as 64080;
|
||||
local 2001:db8:40:d910::2 as 65033;
|
||||
import all;
|
||||
import keep filtered on;
|
||||
export where source = RTS_STATIC;
|
||||
}
|
||||
|
||||
protocol pipe p_master_to_r3 {
|
||||
table master;
|
||||
peer table t_r3;
|
||||
import where source = RTS_BGP;
|
||||
export none;
|
||||
}
|
||||
|
||||
|
||||
###
|
||||
# iBGP R11
|
||||
##############################################################################
|
||||
# eBGP R1
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r11 {
|
||||
import none;
|
||||
export where source = RTS_BGP;
|
||||
local 2001:db8:10:6::a as 65033;
|
||||
neighbor 2001:db8:10:6::b as 65033;
|
||||
table t_r1;
|
||||
|
||||
protocol static originate_to_r1 {
|
||||
table t_r1;
|
||||
import all; # originate here
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r1 {
|
||||
table t_r1;
|
||||
local 2001:db8:10:4::10 as 65010;
|
||||
neighbor 2001:db8:10:4::1 as 65000;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r1 {
|
||||
table t_bgp;
|
||||
peer table t_r1;
|
||||
import where proto = "ebgp_r1";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# iBGP
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r12 {
|
||||
import none;
|
||||
export where source = RTS_BGP;
|
||||
local 2001:db8:10:6::a as 65033;
|
||||
neighbor 2001:db8:10:6::c as 65033;
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import none;
|
||||
export all;
|
||||
local 2001:db8:10::10 as 65010;
|
||||
neighbor 2001:db8:10::12 as 65010;
|
||||
}
|
||||
|
||||
|
||||
protocol bgp ibgp_r10 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import all;
|
||||
export all;
|
||||
local 2001:db8:10::10 as 65010;
|
||||
neighbor 2001:db8:10::11 as 65010;
|
||||
}
|
||||
|
||||
|
|
|
@ -3,3 +3,30 @@
|
|||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
||||
|
|
|
@ -1,24 +1,18 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.40.32.10/32 dev lo
|
||||
up ip addr add 2001:db8:10:6::a dev lo
|
||||
down ip addr del 2001:db8:10:6::a dev lo
|
||||
down ip addr del 10.40.32.10/32 dev lo
|
||||
up ip addr add 2001:db8:10::10/128 dev lo
|
||||
down ip addr del 2001:db8:10::10/128 dev lo
|
||||
|
||||
auto vlan33
|
||||
iface vlan33 inet manual
|
||||
up ip link set up dev vlan33
|
||||
up ip addr add 10.40.33.1/26 brd + dev vlan33
|
||||
up ip addr add 2001:db8:10:21::1/120 dev vlan33
|
||||
down ip addr del 2001:db8:10:21::1/120 dev vlan33
|
||||
down ip addr del 10.40.33.1/26 dev vlan33
|
||||
down up link set down dev vlan33
|
||||
auto lan
|
||||
iface lan inet manual
|
||||
up ip link set up dev lan
|
||||
up ip addr add 2001:db8:10:2::10/120 dev lan
|
||||
down ip addr del 2001:db8:10:2::10/120 dev lan
|
||||
down ip link set down dev lan
|
||||
|
||||
auto vlan217
|
||||
iface vlan217 inet manual
|
||||
up ip link set up dev vlan217
|
||||
up ip addr add 10.40.217.18/30 brd + dev vlan217
|
||||
up ip addr add 2001:db8:40:d910::2/120 dev vlan217
|
||||
down ip addr del 2001:db8:40:d910::2/120 dev vlan217
|
||||
down ip addr del 10.40.217.18/30 dev vlan217
|
||||
down up link set down dev vlan217
|
||||
auto ebgp_r1
|
||||
iface ebgp_r1 inet manual
|
||||
up ip link set up dev ebgp_r1
|
||||
up ip addr add 2001:db8:10:4::10/120 dev ebgp_r1
|
||||
down ip addr del 2001:db8:10:4::10/120 dev ebgp_r1
|
||||
down ip link set down dev ebgp_r1
|
||||
|
|
21
R11/config
21
R11/config
|
@ -31,3 +31,24 @@ lxc.net.1.veth.pair = r11.48
|
|||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:28:30:01
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = lan
|
||||
lxc.net.0.veth.pair = r11.2
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = ebgp_r0
|
||||
lxc.net.1.veth.pair = r11.3
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.2.type = veth
|
||||
lxc.net.2.flags = up
|
||||
lxc.net.2.name = ebgp_r20
|
||||
lxc.net.2.veth.pair = r11.6
|
||||
lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.2.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
router id 10.40.32.11;
|
||||
router id 10.0.0.11;
|
||||
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
@ -15,20 +15,115 @@ protocol device {
|
|||
protocol ospf {
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8:10:6::b/128;
|
||||
interface "vlan33" {
|
||||
stubnet 2001:db8:10::11/128;
|
||||
interface "lan" {
|
||||
};
|
||||
interface "vlan48" {
|
||||
interface "ebgp_r0" {
|
||||
stub;
|
||||
};
|
||||
interface "ebgp_r20" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
#
|
||||
# iBGP R10
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# BGP table
|
||||
#
|
||||
|
||||
protocol bgp ibgpR10 {
|
||||
local 2001:db8:10:6::b as 65033;
|
||||
neighbor 2001:db8:10:6::a as 65033;
|
||||
# Use this routing table to gather external routes received via BGP which we
|
||||
# want push to the kernel via our master table and to other routers in our AS
|
||||
# via iBGP or even to other routers outside our AS again (transit), which can
|
||||
# be connected here or to a router elsewhere on the border of our AS.
|
||||
|
||||
table t_bgp;
|
||||
|
||||
protocol pipe p_master_to_bgp {
|
||||
table master;
|
||||
peer table t_bgp;
|
||||
import all; # default
|
||||
export none; # default
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R0
|
||||
#
|
||||
|
||||
table t_r0;
|
||||
|
||||
protocol static originate_to_r0 {
|
||||
table t_r0;
|
||||
import all; # originate here
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r0 {
|
||||
table t_r0;
|
||||
local 2001:db8:0:3::11 as 65010;
|
||||
neighbor 2001:db8:0:3::ff as 65000;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r0 {
|
||||
table t_bgp;
|
||||
peer table t_r0;
|
||||
import where proto = "ebgp_r0";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R20
|
||||
#
|
||||
|
||||
table t_r20;
|
||||
|
||||
protocol static originate_to_r20 {
|
||||
table t_r20;
|
||||
import all; # originate here
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r20 {
|
||||
table t_r20;
|
||||
local 2001:db8:10:6::11 as 65010;
|
||||
neighbor 2001:db8:10:6::20 as 65020;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r20 {
|
||||
table t_bgp;
|
||||
peer table t_r20;
|
||||
import where proto = "ebgp_r20";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# iBGP
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r12 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import none;
|
||||
export all;
|
||||
local 2001:db8:10::11 as 65010;
|
||||
neighbor 2001:db8:10::12 as 65010;
|
||||
}
|
||||
|
||||
|
||||
protocol bgp ibgp_r10 {
|
||||
table t_bgp;
|
||||
igp table master;
|
||||
import all;
|
||||
export all;
|
||||
local 2001:db8:10::11 as 65010;
|
||||
neighbor 2001:db8:10::10 as 65010;
|
||||
}
|
||||
|
||||
|
|
|
@ -3,3 +3,30 @@
|
|||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
||||
|
|
|
@ -1,24 +1,25 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.40.32.11/32 dev lo
|
||||
up ip addr add 2001:db8:10:6::b dev lo
|
||||
down ip addr del 2001:db8:10:6::b dev lo
|
||||
down ip addr del 10.40.32.11/32 dev lo
|
||||
up ip addr add 2001:db8:10::11/128 dev lo
|
||||
down ip addr del 2001:db8:10::11/128 dev lo
|
||||
|
||||
auto vlan48
|
||||
iface vlan48 inet manual
|
||||
up ip link set up dev vlan48
|
||||
up ip addr add 10.40.48.1/21 brd + dev vlan48
|
||||
up ip addr add 2001:db8:10:30::1/117 dev vlan48
|
||||
down ip addr del 2001:db8:10:30::1/117 dev vlan48
|
||||
down ip addr del 10.40.48.1/21 dev vlan48
|
||||
down up link set down dev vlan48
|
||||
auto lan
|
||||
iface lan inet manual
|
||||
up ip link set up dev lan
|
||||
up ip addr add 2001:db8:10:2::11/120 dev lan
|
||||
down ip addr del 2001:db8:10:2::11/120 dev lan
|
||||
down ip link set down dev lan
|
||||
|
||||
auto vlan33
|
||||
iface vlan33 inet manual
|
||||
up ip link set up dev vlan33
|
||||
up ip addr add 10.40.33.2/26 brd + dev vlan33
|
||||
up ip addr add 2001:db8:10:21::2/120 dev vlan33
|
||||
down ip addr del 2001:db8:10:21::2/120 dev vlan33
|
||||
down ip addr del 10.40.33.2/26 dev vlan33
|
||||
down up link set down dev vlan33
|
||||
auto ebgp_r0
|
||||
iface ebgp_r0 inet manual
|
||||
up ip link set up dev ebgp_r0
|
||||
up ip addr add 2001:db8:0:3::11/120 dev ebgp_r0
|
||||
down ip addr del 2001:db8:0:3::11/120 dev ebgp_r0
|
||||
down ip link set down dev ebgp_r0
|
||||
|
||||
auto ebgp_r20
|
||||
iface ebgp_r20 inet manual
|
||||
up ip link set up dev ebgp_r20
|
||||
up ip addr add 2001:db8:10:6::11/120 dev ebgp_r20
|
||||
down ip addr del 2001:db8:10:6::11/120 dev ebgp_r20
|
||||
down ip link set down dev ebgp_r20
|
||||
|
|
|
@ -31,3 +31,10 @@ lxc.net.1.veth.pair = r12.36
|
|||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:28:24:01
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = lan
|
||||
lxc.net.0.veth.pair = r12.2
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
router id 10.40.32.12;
|
||||
router id 10.0.0.12;
|
||||
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
@ -15,20 +15,31 @@ protocol device {
|
|||
protocol ospf {
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8:10:6::c/128;
|
||||
interface "vlan33" {
|
||||
};
|
||||
interface "vlan36" {
|
||||
stub;
|
||||
stubnet 2001:db8:10::12/128;
|
||||
interface "lan" {
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
#
|
||||
# iBGP R10
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8:10::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# iBGP
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r10 {
|
||||
local 2001:db8:10:6::c as 65033;
|
||||
neighbor 2001:db8:10:6::a as 65033;
|
||||
import all;
|
||||
export none;
|
||||
local 2001:db8:10::12 as 65010;
|
||||
neighbor 2001:db8:10::10 as 65010;
|
||||
}
|
||||
|
||||
protocol bgp ibgp_r11 {
|
||||
import all;
|
||||
export none;
|
||||
local 2001:db8:10::12 as 65010;
|
||||
neighbor 2001:db8:10::11 as 65010;
|
||||
}
|
||||
|
|
|
@ -3,3 +3,30 @@
|
|||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
||||
|
|
|
@ -1,24 +1,11 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.40.32.12/32 dev lo
|
||||
up ip addr add 2001:db8:10:6::c dev lo
|
||||
down ip addr del 2001:db8:10:6::c dev lo
|
||||
down ip addr del 10.40.32.12/32 dev lo
|
||||
up ip addr add 2001:db8:10::12/128 dev lo
|
||||
down ip addr del 2001:db8:10::12/128 dev lo
|
||||
|
||||
auto vlan36
|
||||
iface vlan36 inet manual
|
||||
up ip link set up dev vlan36
|
||||
up ip addr add 10.40.36.1/24 brd + dev vlan36
|
||||
up ip addr add 2001:db8:10:24::1/120 dev vlan36
|
||||
down ip addr del 2001:db8:10:24::1/120 dev vlan36
|
||||
down ip addr del 10.40.36.1/24 dev vlan36
|
||||
down up link set down dev vlan36
|
||||
|
||||
auto vlan33
|
||||
iface vlan33 inet manual
|
||||
up ip link set up dev vlan33
|
||||
up ip addr add 10.40.33.3/26 brd + dev vlan33
|
||||
up ip addr add 2001:db8:10:21::3/120 dev vlan33
|
||||
down ip addr del 2001:db8:10:21::3/120 dev vlan33
|
||||
down ip addr del 10.40.33.3/26 dev vlan33
|
||||
down up link set down dev vlan33
|
||||
auto lan
|
||||
iface lan inet manual
|
||||
up ip link set up dev lan
|
||||
up ip addr add 2001:db8:10:2::12/120 dev lan
|
||||
down ip addr del 2001:db8:10:2::12/120 dev lan
|
||||
down ip link set down dev lan
|
||||
|
|
|
@ -15,3 +15,10 @@ lxc.arch = amd64
|
|||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/R2/rootfs
|
||||
lxc.uts.name = R2
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = lan
|
||||
lxc.net.0.veth.pair = r2.1
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
router id 10.9.99.2;
|
||||
router id 10.0.0.2;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
|
@ -13,18 +13,33 @@ protocol device {
|
|||
}
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1082" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1050" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
};
|
||||
};
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8::2/128;
|
||||
interface "lan" {
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# iBGP
|
||||
#
|
||||
|
||||
protocol bgp ibgp_r0 {
|
||||
import all;
|
||||
export none;
|
||||
local 2001:db8::2 as 65000;
|
||||
neighbor 2001:db8::ff as 65000;
|
||||
}
|
||||
|
||||
protocol bgp ibgp_r1 {
|
||||
import all;
|
||||
export none;
|
||||
local 2001:db8::2 as 65000;
|
||||
neighbor 2001:db8::1 as 65000;
|
||||
}
|
||||
|
|
|
@ -3,3 +3,30 @@
|
|||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.9.99.2/32 dev lo
|
||||
down ip addr del 10.9.99.2/32 dev lo
|
||||
up ip addr add 2001:db8::2/128 dev lo
|
||||
down ip addr del 2001:db8::2/128 dev lo
|
||||
|
||||
auto lan
|
||||
iface lan inet manual
|
||||
up ip link set up dev lan
|
||||
up ip addr add 2001:db8:0:1::2/120 dev lan
|
||||
down ip addr del 2001:db8:0:1::2/120 dev lan
|
||||
down ip link set down dev lan
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.net.0.type = veth
|
||||
#lxc.net.0.link = vlan10
|
||||
lxc.net.0.name = vlan10
|
||||
lxc.net.0.veth.pair = birdbase.10
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/R20/rootfs
|
||||
lxc.uts.name = R20
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = ebgp_r1
|
||||
lxc.net.0.veth.pair = r20.5
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = ebgp_r11
|
||||
lxc.net.1.veth.pair = r20.6
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
|
@ -0,0 +1,103 @@
|
|||
router id 10.0.0.20;
|
||||
|
||||
log "/var/log/bird/bird6.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
# BIRD ignores the IPv6 lo because it has no link local address
|
||||
stubnet 2001:db8:20::20/128;
|
||||
interface "ebgp_r1" {
|
||||
stub;
|
||||
};
|
||||
interface "ebgp_r11" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol static {
|
||||
import all;
|
||||
route 2001:db8:20::/48 blackhole;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# BGP table
|
||||
#
|
||||
|
||||
# Use this routing table to gather external routes received via BGP which we
|
||||
# want push to the kernel via our master table and to other routers in our AS
|
||||
# via iBGP or even to other routers outside our AS again (transit), which can
|
||||
# be connected here or to a router elsewhere on the border of our AS.
|
||||
|
||||
table t_bgp;
|
||||
|
||||
protocol pipe p_master_to_bgp {
|
||||
table master;
|
||||
peer table t_bgp;
|
||||
import all; # default
|
||||
export none; # default
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R1
|
||||
#
|
||||
|
||||
table t_r1;
|
||||
|
||||
protocol static originate_to_r1 {
|
||||
table t_r1;
|
||||
import all; # originate here
|
||||
route 2001:db8:20::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r1 {
|
||||
table t_r1;
|
||||
local 2001:db8:0:5::20 as 65020;
|
||||
neighbor 2001:db8:0:5::1 as 65000;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r1 {
|
||||
table t_bgp;
|
||||
peer table t_r1;
|
||||
import where proto = "ebgp_r1";
|
||||
export none;
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
# eBGP R11
|
||||
#
|
||||
|
||||
table t_r11;
|
||||
|
||||
protocol static originate_to_r11 {
|
||||
table t_r11;
|
||||
import all; # originate here
|
||||
route 2001:db8:20::/48 blackhole;
|
||||
}
|
||||
|
||||
protocol bgp ebgp_r11 {
|
||||
table t_r11;
|
||||
local 2001:db8:10:6::20 as 65020;
|
||||
neighbor 2001:db8:10:6::11 as 65010;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol pipe p_bgp_to_r11 {
|
||||
table t_bgp;
|
||||
peer table t_r11;
|
||||
import where proto = "ebgp_r11";
|
||||
export none;
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
2001:db8::ff lo.r0 r0
|
||||
2001:db8:0:1::ff lan.r0
|
||||
2001:db8:0:3::ff ebgp_r11.r0
|
||||
|
||||
2001:db8:10::10 lo.r10 r10
|
||||
2001:db8:10:2::10 lan.r10
|
||||
2001:db8:10:4::10 ebgp_r1.r10
|
||||
|
||||
2001:db8:10::11 lo.r11 r11
|
||||
2001:db8:10:2::11 lan.r11
|
||||
2001:db8:0:3::11 ebgp_r0.r11
|
||||
2001:db8:10:6::11 ebgp_r20.r11
|
||||
|
||||
2001:db8:10::12 lo.r12 r12
|
||||
2001:db8:10:2::12 lan.r12
|
||||
|
||||
2001:db8::1 lo.r1 r1
|
||||
2001:db8:0:1::1 lan.r1
|
||||
2001:db8:10:4::1 ebgp_r10.r1
|
||||
2001:db8:0:5::1 ebgp_r20.r1
|
||||
|
||||
2001:db8:20::20 lo.r20 r20
|
||||
2001:db8:0:5::20 ebgp_r1.r20
|
||||
2001:db8:10:6::20 ebgp_r11.r20
|
||||
|
||||
2001:db8::2 lo.r2 r2
|
||||
2001:db8:0:1::2 lan.r2
|
|
@ -0,0 +1,18 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 2001:db8:20::20/128 dev lo
|
||||
down ip addr del 2001:db8:20::20/128 dev lo
|
||||
|
||||
auto ebgp_r1
|
||||
iface ebgp_r1 inet manual
|
||||
up ip link set up dev ebgp_r1
|
||||
up ip addr add 2001:db8:0:5::20/120 dev ebgp_r1
|
||||
down ip addr del 2001:db8:0:5::20/120 dev ebgp_r1
|
||||
down ip link set down dev ebgp_r1
|
||||
|
||||
auto ebgp_r11
|
||||
iface ebgp_r11 inet manual
|
||||
up ip link set up dev ebgp_r11
|
||||
up ip addr add 2001:db8:10:6::20/120 dev ebgp_r11
|
||||
down ip addr del 2001:db8:10:6::20/120 dev ebgp_r11
|
||||
down ip link set down dev ebgp_r11
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
Loading…
Reference in New Issue