howto/Bird.md
... ...
@@ -21,155 +21,7 @@ In case you are running Debian Jessie and this is not working for you, try repla
21 21
* Replace `<PEER_AS>` the Autonomous System Number of your peer (only the digits)
22 22
* Replace `<PEER_NAME>` a self chosen name for your peer
23 23
24
-### IPV4
25
-
26
-```
27
-# /etc/bird/bird.conf
28
-# Device status
29
-protocol device {
30
- scan time 10; # recheck every 10 seconds
31
-}
32
-
33
-protocol static {
34
- # Static routes to announce your own range(s) in dn42
35
- route <SUBNET> reject;
36
- import all;
37
- export none;
38
-};
39
-
40
-# local configuration
41
-######################
42
-
43
-# keeping router specific in a seperate file,
44
-# so this configuration can be reused on multiple routers in your network
45
-include "/etc/bird/local4.conf";
46
-
47
-# filter helpers
48
-#################
49
-
50
-include "/etc/bird/filter4.conf";
51
-
52
-# Kernel routing tables
53
-########################
54
-
55
-/*
56
- krt_prefsrc defines the source address for outgoing connections.
57
- On Linux, this causes the "src" attribute of a route to be set.
58
-
59
- Without this option outgoing connections would use the peering IP which
60
- would cause packet loss if some peering disconnects but the interface
61
- is still available. (The route would still exist and thus route through
62
- the TUN/TAP interface but the VPN daemon would simply drop the packet.)
63
-*/
64
-protocol kernel {
65
- scan time 20;
66
- device routes;
67
- import none;
68
- export filter {
69
- if source = RTS_STATIC then reject;
70
- krt_prefsrc = OWNIP;
71
- accept;
72
- };
73
-};
74
-# DN42
75
-#######
76
-
77
-template bgp dnpeers {
78
- local as OWNAS;
79
- # metric is the number of hops between us and the peer
80
- path metric 1;
81
- # this lines allows debugging filter rules
82
- # filtered routes can be looked up in birdc using the "show route filtered" command
83
- import keep filtered;
84
- import filter {
85
- # accept every subnet, except our own advertised subnet
86
- # filtering is important, because some guys try to advertise routes like 0.0.0.0
87
- if is_valid_network() && !is_self_net() then {
88
- accept;
89
- }
90
- reject;
91
- };
92
- export filter {
93
- # here we export the whole net
94
- if is_valid_network() then {
95
- accept;
96
- }
97
- reject;
98
- };
99
- import limit 10000 action block;
100
- #source address OWNIP;
101
-};
102
-
103
-include "/etc/bird/peers4/*";
104
-```
105
-
106
-```
107
-#/etc/bird/local4.conf
108
-# should be a unique identifier, <GATEWAY_IP> is what most people use.
109
-router id <GATEWAY_IP>;
110
-
111
-define OWNAS = <AS>;
112
-define OWNIP = <GATEWAY_IP>;
113
-
114
-function is_self_net() {
115
- return net ~ [<SUBNET>+];
116
-}
117
-```
118
-
119
-Generate the filter list from the monotone repository
120
-
121
-```
122
-$ cd net.dn42.registry
123
-$ ruby utils/bgp-filter.rb --format bird < data/filter.txt > /etc/bird/filter4.conf
124
-
125
-or
126
-
127
-$ curl -sk https://dn42.us/git/dn42/registry/plain/data/filter.txt | \
128
- awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n" } \
129
- /^[0-9]/ && $2 ~ /permit/ {printf " %s{%s,%s},\n", $3, $4, $5};' | \
130
- sed "$ s/,$/\n ];\n}/" > /etc/bird/filter4.conf
131
-
132
-```
133
-
134
-example filter list:
135
-
136
-```
137
-function is_valid_network() {
138
- return net ~ [
139
- 172.22.0.0/15{22,28}, # dn42 main net0
140
- 172.20.0.0/16{21,28}, # dn42 main net1
141
- 172.22.0.0/23{28,32}, # dn42 Anycast range
142
- 172.23.0.0/24{28,32}, # dn42 Anycast range
143
- 192.175.48.0/24{24,32}, # AS112-prefix for reverse-dns
144
- 10.0.0.0/8{12,28}, # freifunk/chaosvpn
145
- 172.31.0.0/16{22,28}, # chaosvpn
146
- 100.64.0.0/10{12,28}, # iana private range
147
- 195.160.168.0/23{23,28}, # ctdo
148
- 91.204.4.0/22{22,28}, # free.de via ctdo
149
- 193.43.220.0/23{23,28}, # durchdieluft via ctdo
150
- 83.133.178.0/23{23,28}, # muccc kapsel
151
- 87.106.29.254/32{32,32}, # wintix (please don' announce /32)
152
- 85.25.246.16/28{28,32}, # leon
153
- 46.4.248.192/27{27,32}, # welterde
154
- 94.45.224.0/19{19,28}, # ccc event network
155
- 151.217.0.0/16{16,28}, # ccc event network 2
156
- 195.191.196.0/23{23,29}, # ichdasich pi space
157
- 80.244.241.224/27{27,32}, # jchome service network
158
- 188.40.34.241/32{32,32},
159
- 37.1.89.192/26{26,28}, # siska
160
- 87.98.246.19/32{32,32}
161
- ];
162
-}
163
-```
164
-
165
-```
166
-# /etc/bird/peers4/<PEER_NAME>
167
-protocol bgp <PEER_NAME> from dnpeers {
168
- neighbor <PEERING_IP> as <PEER_AS>;
169
-};
170
-```
171
-
172
-### IPV6
24
+### IPv6
173 25
174 26
```
175 27
#/etc/bird/bird6.conf
... ...
@@ -329,6 +181,156 @@ function is_valid_network() {
329 181
}
330 182
```
331 183
184
+### IPv4
185
+
186
+```
187
+# /etc/bird/bird.conf
188
+# Device status
189
+protocol device {
190
+ scan time 10; # recheck every 10 seconds
191
+}
192
+
193
+protocol static {
194
+ # Static routes to announce your own range(s) in dn42
195
+ route <SUBNET> reject;
196
+ import all;
197
+ export none;
198
+};
199
+
200
+# local configuration
201
+######################
202
+
203
+# keeping router specific in a seperate file,
204
+# so this configuration can be reused on multiple routers in your network
205
+include "/etc/bird/local4.conf";
206
+
207
+# filter helpers
208
+#################
209
+
210
+include "/etc/bird/filter4.conf";
211
+
212
+# Kernel routing tables
213
+########################
214
+
215
+/*
216
+ krt_prefsrc defines the source address for outgoing connections.
217
+ On Linux, this causes the "src" attribute of a route to be set.
218
+
219
+ Without this option outgoing connections would use the peering IP which
220
+ would cause packet loss if some peering disconnects but the interface
221
+ is still available. (The route would still exist and thus route through
222
+ the TUN/TAP interface but the VPN daemon would simply drop the packet.)
223
+*/
224
+protocol kernel {
225
+ scan time 20;
226
+ device routes;
227
+ import none;
228
+ export filter {
229
+ if source = RTS_STATIC then reject;
230
+ krt_prefsrc = OWNIP;
231
+ accept;
232
+ };
233
+};
234
+# DN42
235
+#######
236
+
237
+template bgp dnpeers {
238
+ local as OWNAS;
239
+ # metric is the number of hops between us and the peer
240
+ path metric 1;
241
+ # this lines allows debugging filter rules
242
+ # filtered routes can be looked up in birdc using the "show route filtered" command
243
+ import keep filtered;
244
+ import filter {
245
+ # accept every subnet, except our own advertised subnet
246
+ # filtering is important, because some guys try to advertise routes like 0.0.0.0
247
+ if is_valid_network() && !is_self_net() then {
248
+ accept;
249
+ }
250
+ reject;
251
+ };
252
+ export filter {
253
+ # here we export the whole net
254
+ if is_valid_network() then {
255
+ accept;
256
+ }
257
+ reject;
258
+ };
259
+ import limit 10000 action block;
260
+ #source address OWNIP;
261
+};
262
+
263
+include "/etc/bird/peers4/*";
264
+```
265
+
266
+```
267
+#/etc/bird/local4.conf
268
+# should be a unique identifier, <GATEWAY_IP> is what most people use.
269
+router id <GATEWAY_IP>;
270
+
271
+define OWNAS = <AS>;
272
+define OWNIP = <GATEWAY_IP>;
273
+
274
+function is_self_net() {
275
+ return net ~ [<SUBNET>+];
276
+}
277
+```
278
+
279
+Generate the filter list from the monotone repository
280
+
281
+```
282
+$ cd net.dn42.registry
283
+$ ruby utils/bgp-filter.rb --format bird < data/filter.txt > /etc/bird/filter4.conf
284
+
285
+or
286
+
287
+$ curl -sk https://dn42.us/git/dn42/registry/plain/data/filter.txt | \
288
+ awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n" } \
289
+ /^[0-9]/ && $2 ~ /permit/ {printf " %s{%s,%s},\n", $3, $4, $5};' | \
290
+ sed "$ s/,$/\n ];\n}/" > /etc/bird/filter4.conf
291
+
292
+```
293
+
294
+example filter list:
295
+
296
+```
297
+function is_valid_network() {
298
+ return net ~ [
299
+ 172.22.0.0/15{22,28}, # dn42 main net0
300
+ 172.20.0.0/16{21,28}, # dn42 main net1
301
+ 172.22.0.0/23{28,32}, # dn42 Anycast range
302
+ 172.23.0.0/24{28,32}, # dn42 Anycast range
303
+ 192.175.48.0/24{24,32}, # AS112-prefix for reverse-dns
304
+ 10.0.0.0/8{12,28}, # freifunk/chaosvpn
305
+ 172.31.0.0/16{22,28}, # chaosvpn
306
+ 100.64.0.0/10{12,28}, # iana private range
307
+ 195.160.168.0/23{23,28}, # ctdo
308
+ 91.204.4.0/22{22,28}, # free.de via ctdo
309
+ 193.43.220.0/23{23,28}, # durchdieluft via ctdo
310
+ 83.133.178.0/23{23,28}, # muccc kapsel
311
+ 87.106.29.254/32{32,32}, # wintix (please don' announce /32)
312
+ 85.25.246.16/28{28,32}, # leon
313
+ 46.4.248.192/27{27,32}, # welterde
314
+ 94.45.224.0/19{19,28}, # ccc event network
315
+ 151.217.0.0/16{16,28}, # ccc event network 2
316
+ 195.191.196.0/23{23,29}, # ichdasich pi space
317
+ 80.244.241.224/27{27,32}, # jchome service network
318
+ 188.40.34.241/32{32,32},
319
+ 37.1.89.192/26{26,28}, # siska
320
+ 87.98.246.19/32{32,32}
321
+ ];
322
+}
323
+```
324
+
325
+```
326
+# /etc/bird/peers4/<PEER_NAME>
327
+protocol bgp <PEER_NAME> from dnpeers {
328
+ neighbor <PEERING_IP> as <PEER_AS>;
329
+};
330
+```
331
+
332
+
333
+
332 334
# Bird communities
333 335
334 336
Communities can be used to prioritize traffic based on different flags, in DN42 we are using communities to prioritize based on latency, bandwidth and encryption. It is really easy to get started with communities and we encourage all of you to get the basic configuration done and to mark your peerings with the correct flags for improved routing.