nixos-module/container/bird: advertise upstream local subnet into ospf

2022-01-11 20:00:07 +01:00 · 2022-01-11 20:00:07 +01:00 · 53cd892531
parent 3c44eeaab1
commit 53cd892531
1 changed files with 20 additions and 0 deletions
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@ -69,6 +69,26 @@ in
      protocol device {
        scan time 10;
      }
+      ${lib.optionalString isUpstream ''
+        # Import address ranges of upstream interfaces so that
+        # internal traffic to local public services take no detours
+        # if the default router takes another upstream gateway.
+        protocol direct {
+          ipv4 {
+            # No RFC6598
+            import where net !~ 100.64.0.0/10
+              # No RFC1918
+              && net !~ 10.0.0.0/8
+              && net !~ 172.16.0.0/12
+              && net !~ 192.168.0.0/16;
+          };
+          ipv6;
+          interface ${lib.concatMapStringsSep ", " (iface:
+            ''"${iface}"''
+          )(builtins.attrNames upstreamInterfaces)};
+          check link yes;
+        }
+      ''}

      ${lib.optionalString (builtins.match "anon.*" hostName != null) ''
        # BIRD routing table for Wireguard transport