nixos-module/container/bird: bgp fixups
This commit is contained in:
parent
8869681b28
commit
f2bb5a2735
|
@ -51,8 +51,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
bgp = {
|
bgp = {
|
||||||
allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];
|
|
||||||
upstreamTable = "vpn_table";
|
upstreamTable = "vpn_table";
|
||||||
|
allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];
|
||||||
|
# IPv6 ::/0 via wireguard tunnel
|
||||||
|
allowedUpstreams6 = [];
|
||||||
peers.${config.site.net.core.subnets6.dn42} = {
|
peers.${config.site.net.core.subnets6.dn42} = {
|
||||||
type = "upstream";
|
type = "upstream";
|
||||||
name = "up";
|
name = "up";
|
||||||
|
|
|
@ -353,8 +353,10 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
bgp = {
|
bgp = {
|
||||||
allowedUpstreams = [ "upstream3" "upstream4" "freifunk" ];
|
|
||||||
upstreamTable = "vpn_table";
|
upstreamTable = "vpn_table";
|
||||||
|
allowedUpstreams = [ "upstream3" "upstream4" "freifunk" ];
|
||||||
|
# IPv6 ::/0 via wireguard tunnel
|
||||||
|
allowedUpstreams6 = [];
|
||||||
peers.${config.site.net.core.subnets6.dn42} = {
|
peers.${config.site.net.core.subnets6.dn42} = {
|
||||||
asn = config.site.hosts.upstream3.bgp.asn;
|
asn = config.site.hosts.upstream3.bgp.asn;
|
||||||
type = "upstream";
|
type = "upstream";
|
||||||
|
|
|
@ -166,23 +166,43 @@ in
|
||||||
preference = preference + 200;
|
preference = preference + 200;
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
${lib.optionalString (nets4 != []) ''
|
export filter {
|
||||||
export where net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}") nets4} ];
|
if net ~ [ ${config.site.net.core.subnet4} ] then {
|
||||||
''}
|
reject;
|
||||||
|
}
|
||||||
|
${lib.optionalString (nets4 != []) ''
|
||||||
|
if net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}+") nets4} ] then {
|
||||||
|
accept;
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
reject;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
ipv6 {
|
ipv6 {
|
||||||
import filter {
|
import filter {
|
||||||
preference = preference + 200;
|
preference = preference + 200;
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
${lib.optionalString (nets6 != []) ''
|
export filter {
|
||||||
export where net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}") nets6} ];
|
if net ~ [ ${lib.concatStringsSep ", " (builtins.attrValues config.site.net.core.subnets6)} ] then {
|
||||||
''}
|
reject;
|
||||||
|
}
|
||||||
|
${lib.optionalString (nets6 != []) ''
|
||||||
|
if net ~ [ ${lib.concatMapStringsSep ", " (n: "${n}+") nets6} ] then {
|
||||||
|
accept;
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
reject;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
template bgp bgp_rr_client {
|
template bgp bgp_rr_client {
|
||||||
local as ${toString hostConf.bgp.asn};
|
local as ${toString hostConf.bgp.asn};
|
||||||
direct;
|
direct;
|
||||||
|
connect delay time 1;
|
||||||
|
connect retry time 3;
|
||||||
|
error wait time 1 5;
|
||||||
|
error forget time 5;
|
||||||
|
|
||||||
ipv4 {
|
ipv4 {
|
||||||
next hop self on;
|
next hop self on;
|
||||||
|
@ -260,6 +280,10 @@ in
|
||||||
local as ${toString hostConf.bgp.asn};
|
local as ${toString hostConf.bgp.asn};
|
||||||
neighbor ${config.site.net.core.hosts6.dn42.${upstream}} as ${toString hostConf.bgp.asn};
|
neighbor ${config.site.net.core.hosts6.dn42.${upstream}} as ${toString hostConf.bgp.asn};
|
||||||
direct;
|
direct;
|
||||||
|
connect delay time 1;
|
||||||
|
connect retry time 3;
|
||||||
|
error wait time 1 5;
|
||||||
|
error forget time 5;
|
||||||
|
|
||||||
ipv4 {
|
ipv4 {
|
||||||
${if (upstream4Order ? ${upstream})
|
${if (upstream4Order ? ${upstream})
|
||||||
|
@ -329,8 +353,7 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
instance = {
|
instance = {
|
||||||
ipv4 = "ZW4_${hostNameEscaped}";
|
ipv4 = "bgp_up";
|
||||||
ipv6 = "ZW6_${hostNameEscaped}";
|
|
||||||
};
|
};
|
||||||
checkService = addressFamily: {
|
checkService = addressFamily: {
|
||||||
description = "Check connectivity for ${addressFamily}";
|
description = "Check connectivity for ${addressFamily}";
|
||||||
|
@ -369,6 +392,6 @@ in
|
||||||
};
|
};
|
||||||
in lib.mkIf isUpstream {
|
in lib.mkIf isUpstream {
|
||||||
check-upstream-ipv4 = checkService "ipv4";
|
check-upstream-ipv4 = checkService "ipv4";
|
||||||
check-upstream-ipv6 = checkService "ipv6";
|
#check-upstream-ipv6 = checkService "ipv6";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue