Changes in 4b494e5: add bird example

				howto/Bird.md
			
          @@ -21,8 +21,151 @@ To specify the source address, you use the `krt_prefsrc` attribute, for instance

           # Example advanced configurations

          -Paste your own config template here.

          +* Replace `<AS>` with your Autonomous System Number

          +* Replace `<GATEWAY_IP>` with your gateway ip (the internal dn42 ip address you use on the host, where dn42 is running)

          +* Replace `<SUBNET>` with your registered dn42 subnet, which you allocated on [nixnodes](https://io.nixnodes.net/)

          +* Replace `<PEER_IP>` with the ip of your peer who is connected with your using your favorite vpn protocol (openvpn, ipsec, tinc, ...)

          +* Replace `<PEER_AS>` the Autonomous System Number of your peer

          +* Replace `<PEER_NAME>` a self chosen name for your peer

          -## External links

          +```

          +# /etc/bird/bird.conf

          +# Device status

          +protocol device {

          +  scan time 10; # recheck every 10 seconds

          +}

          -http://danrimal.net/doku.php?id=wiki:bgp:bird:sample_configs2

          \ No newline at end of file

          +protocol static {

          +  # Static routes to announce your own range(s) in dn42

          +  route <SUBNET> reject;

          +};

          +

          +# filter helpers

          +#################

          +

          +function is_freifunk() {

          +  return net ~ [ 10.0.0.0/8+ ];

          +}

          +

          +function is_dn42()     {

          +  return net ~ [

          +    37.1.89.160/29+,      # siska

          +    46.4.248.192/27+,     # welterde

          +    46.19.90.48/28+,      # planet cyborg

          +    46.19.90.96/28+,      # planet cyborg

          +    80.244.241.224/27+,   # jchome service network

          +    85.25.246.16/28+,     # Leon Weber

          +    87.106.29.254/32,     # wintix

          +    91.204.4.0/22+,       # free.de via ctdo

          +    94.45.224.0/19+,      # ccc event network

          +    172.22.0.53/32,       # dns

          +    172.22.0.0/15{15,30}, # official subnet for dn42

          +    172.23.0.0/16{15,30}, # official subnet for dn42

          +    178.33.32.123/32,     # Martin89

          +    178.63.170.40/32,     # jomat

          +    188.40.34.241/32,     # jomat

          +    192.175.48.0/24+,     # AS112-prefix for reverse-dns

          +    193.43.220.0/23+,     # durchdieluft via ctdo

          +    195.16.84.40/29+,     # siska

          +    195.160.168.0/23+,    # ctdo

          +    195.191.196.0/23+     # ichdasich pi-space

          +  ];

          +}

          +

          +function is_chaosvpn() {

          +  return net ~ [

          +    10.4.0.0/16+,        # Allocated for ChaosVPN. Ready for distribution, currently not used

          +    10.32.0.0/16+,       # Allocated for ChaosVPN. Ready for distribution, currently not used

          +    10.42.16.0/20+,      # legacy

          +    10.100.0.0/14+,      # us hackerspaces range

          +    10.104.0.0/14+,      # Warzone, currently not used

          +    172.31.0.0/16+,      # In use by European hackerspaces

          +    83.133.178.0/23+,    # kapsel - CCC Munich

          +    172.26.0.0/15+,      # KBU Freifunk

          +    176.9.52.58/32+,     # haegar_vlad

          +    178.33.2.240/28+,    # o_g

          +    193.103.159.0/24+,   # haegar_vlad

          +    193.103.160.0/23+,   # haegar_vlad

          +    212.12.50.208/29+,   # ccchh

          +    213.238.61.128/26+   # mc.fly

          +  ];

          +}

          +

          +# local configuration

          +######################

          +

          +# keeping router specific in a seperate file, 

          +# so this configuration can be reused on multiple routers in your network

          +include "/etc/bird/local4.conf";

          +

          +# Kernel routing tables

          +########################

          +

          +/*

          +    krt_prefsrc defines the source address for outgoing connections.

          +    On Linux, this causes the "src" attribute of a route to be set.

          +    

          +    Without this option outgoing connections would use the peering IP which

          +    would cause packet loss if some peering disconnects but the interface

          +    is still available. (The route would still exist and thus route through

          +    the TUN/TAP interface but the VPN daemon would simply drop the packet.)

          +*/

          +protocol kernel {

          +  scan time 20;

          +  device routes;

          +  import none;

          +  export filter {

          +    krt_prefsrc = OWNIP;

          +    accept;

          +  };

          +};

          +# DN42

          +#######

          +

          +template bgp dnpeers {

          +  local as OWNAS;

          +  # metric is the number of hops between us and the peer

          +  path metric 1;

          +  # this lines allows debugging filter rules

          +  # filtered routes can be looked up in birdc using the "show route filtered" command

          +  import keep filtered;

          +  import filter {

          +    # accept every subnet, except our own advertised subnet

          +    # filtering is important, because some guys try to advertise routes like 0.0.0.0

          +    if (is_dn42() || is_freifunk() || is_chaosvpn()) && !is_self_net() then {

          +      accept;

          +    }

          +    reject;

          +  };

          +  export filter {

          +    # here we export the hole net

          +    if is_dn42() || is_freifunk() || is_chaosvpn() then {

          +      accept;

          +    }

          +    reject;

          +  };

          +  route limit 10000;

          +  source address OWNIP;

          +};

          +

          +include "/etc/bird/peers4/*";

          +```

          +

          +```

          +#/etc/bird/local4.conf

          +router id 172.23.75.1;

          +

          +define OWNAS =  <AS>;

          +define OWNIP = <GATEWAY_IP>;

          +

          +function is_self_net() {

          +  return net ~ [<SUBNET>+];

          +}

          +```

          +

          +```

          +# /etc/bird/peers4/<PEER_NAME>

          +protocol bgp <PEER_NAME> from dnpeers {

          +  neighbor <PEERING_IP> as <PEER_AS>;

          +};

          +```

          \ No newline at end of file

...	...	@@ -21,8 +21,151 @@ To specify the source address, you use the `krt_prefsrc` attribute, for instance
21	21
22	22	# Example advanced configurations
23	23
24		-Paste your own config template here.
	24	+* Replace `<AS>` with your Autonomous System Number
	25	+* Replace `<GATEWAY_IP>` with your gateway ip (the internal dn42 ip address you use on the host, where dn42 is running)
	26	+* Replace `<SUBNET>` with your registered dn42 subnet, which you allocated on [nixnodes](https://io.nixnodes.net/)
	27	+* Replace `<PEER_IP>` with the ip of your peer who is connected with your using your favorite vpn protocol (openvpn, ipsec, tinc, ...)
	28	+* Replace `<PEER_AS>` the Autonomous System Number of your peer
	29	+* Replace `<PEER_NAME>` a self chosen name for your peer
25	30
26		-## External links
	31	+```
	32	+# /etc/bird/bird.conf
	33	+# Device status
	34	+protocol device {
	35	+ scan time 10; # recheck every 10 seconds
	36	+}
27	37
28		-http://danrimal.net/doku.php?id=wiki:bgp:bird:sample_configs2
...	...	\ No newline at end of file
	0	+protocol static {
	1	+ # Static routes to announce your own range(s) in dn42
	2	+ route <SUBNET> reject;
	3	+};
	4	+
	5	+# filter helpers
	6	+#################
	7	+
	8	+function is_freifunk() {
	9	+ return net ~ [ 10.0.0.0/8+ ];
	10	+}
	11	+
	12	+function is_dn42() {
	13	+ return net ~ [
	14	+ 37.1.89.160/29+, # siska
	15	+ 46.4.248.192/27+, # welterde
	16	+ 46.19.90.48/28+, # planet cyborg
	17	+ 46.19.90.96/28+, # planet cyborg
	18	+ 80.244.241.224/27+, # jchome service network
	19	+ 85.25.246.16/28+, # Leon Weber
	20	+ 87.106.29.254/32, # wintix
	21	+ 91.204.4.0/22+, # free.de via ctdo
	22	+ 94.45.224.0/19+, # ccc event network
	23	+ 172.22.0.53/32, # dns
	24	+ 172.22.0.0/15{15,30}, # official subnet for dn42
	25	+ 172.23.0.0/16{15,30}, # official subnet for dn42
	26	+ 178.33.32.123/32, # Martin89
	27	+ 178.63.170.40/32, # jomat
	28	+ 188.40.34.241/32, # jomat
	29	+ 192.175.48.0/24+, # AS112-prefix for reverse-dns
	30	+ 193.43.220.0/23+, # durchdieluft via ctdo
	31	+ 195.16.84.40/29+, # siska
	32	+ 195.160.168.0/23+, # ctdo
	33	+ 195.191.196.0/23+ # ichdasich pi-space
	34	+ ];
	35	+}
	36	+
	37	+function is_chaosvpn() {
	38	+ return net ~ [
	39	+ 10.4.0.0/16+, # Allocated for ChaosVPN. Ready for distribution, currently not used
	40	+ 10.32.0.0/16+, # Allocated for ChaosVPN. Ready for distribution, currently not used
	41	+ 10.42.16.0/20+, # legacy
	42	+ 10.100.0.0/14+, # us hackerspaces range
	43	+ 10.104.0.0/14+, # Warzone, currently not used
	44	+ 172.31.0.0/16+, # In use by European hackerspaces
	45	+ 83.133.178.0/23+, # kapsel - CCC Munich
	46	+ 172.26.0.0/15+, # KBU Freifunk
	47	+ 176.9.52.58/32+, # haegar_vlad
	48	+ 178.33.2.240/28+, # o_g
	49	+ 193.103.159.0/24+, # haegar_vlad
	50	+ 193.103.160.0/23+, # haegar_vlad
	51	+ 212.12.50.208/29+, # ccchh
	52	+ 213.238.61.128/26+ # mc.fly
	53	+ ];
	54	+}
	55	+
	56	+# local configuration
	57	+######################
	58	+
	59	+# keeping router specific in a seperate file,
	60	+# so this configuration can be reused on multiple routers in your network
	61	+include "/etc/bird/local4.conf";
	62	+
	63	+# Kernel routing tables
	64	+########################
	65	+
	66	+/*
	67	+ krt_prefsrc defines the source address for outgoing connections.
	68	+ On Linux, this causes the "src" attribute of a route to be set.
	69	+
	70	+ Without this option outgoing connections would use the peering IP which
	71	+ would cause packet loss if some peering disconnects but the interface
	72	+ is still available. (The route would still exist and thus route through
	73	+ the TUN/TAP interface but the VPN daemon would simply drop the packet.)
	74	+*/
	75	+protocol kernel {
	76	+ scan time 20;
	77	+ device routes;
	78	+ import none;
	79	+ export filter {
	80	+ krt_prefsrc = OWNIP;
	81	+ accept;
	82	+ };
	83	+};
	84	+# DN42
	85	+#######
	86	+
	87	+template bgp dnpeers {
	88	+ local as OWNAS;
	89	+ # metric is the number of hops between us and the peer
	90	+ path metric 1;
	91	+ # this lines allows debugging filter rules
	92	+ # filtered routes can be looked up in birdc using the "show route filtered" command
	93	+ import keep filtered;
	94	+ import filter {
	95	+ # accept every subnet, except our own advertised subnet
	96	+ # filtering is important, because some guys try to advertise routes like 0.0.0.0
	97	+ if (is_dn42() \|\| is_freifunk() \|\| is_chaosvpn()) && !is_self_net() then {
	98	+ accept;
	99	+ }
	100	+ reject;
	101	+ };
	102	+ export filter {
	103	+ # here we export the hole net
	104	+ if is_dn42() \|\| is_freifunk() \|\| is_chaosvpn() then {
	105	+ accept;
	106	+ }
	107	+ reject;
	108	+ };
	109	+ route limit 10000;
	110	+ source address OWNIP;
	111	+};
	112	+
	113	+include "/etc/bird/peers4/*";
	114	+```
	115	+
	116	+```
	117	+#/etc/bird/local4.conf
	118	+router id 172.23.75.1;
	119	+
	120	+define OWNAS = <AS>;
	121	+define OWNIP = <GATEWAY_IP>;
	122	+
	123	+function is_self_net() {
	124	+ return net ~ [<SUBNET>+];
	125	+}
	126	+```
	127	+
	128	+```
	129	+# /etc/bird/peers4/<PEER_NAME>
	130	+protocol bgp <PEER_NAME> from dnpeers {
	131	+ neighbor <PEERING_IP> as <PEER_AS>;
	132	+};
	133	+```
...	...	\ No newline at end of file