log syslog all; log "/var/log/bird.debug" all; timeformat protocol iso long; router id 176.126.243.164; define LOCAL_V6 = [ 2a00:1098:6b:400::/56+ ]; define LOCAL_V4 = [ 176.126.243.164/32, 46.235.229.111/32 ]; protocol device {} protocol direct { # ipv4 { # table master4; # import all; # }; ipv6 { table master6; import all; }; } # Kernel IPv6, FIB 0 protocol kernel kernel6 { kernel table 0; # learn; ipv6 { table master6; import none; export filter { if (4242421495,5,1) ~ bgp_large_community then reject; if (source ~ [ RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC, RTS_BGP ]) then accept; reject; }; }; } # Kernel IPv6, FIB 1 (LF VPN peers) ipv6 table fib1; protocol kernel kernel6fib1 { kernel table 1; ipv6 { table fib1; import none; export all; }; } # Kernel IPv4, FIB 0 protocol kernel kernel4 { kernel table 0; # learn; ipv4 { table master4; import none; export filter { if (4242421495,5,1) ~ bgp_large_community then reject; if (source ~ [ RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC, RTS_BGP ]) then accept; reject; }; }; } # IPv6 static routes protocol static static6 { ipv6 { table master6; import filter { bgp_large_community.add((4242421495, 1, 1)); # internal origin bgp_large_community.add((4242421495, 2, 1)); # rose origin bgp_large_community.add((4242421495, 3, 1)); # UK origin accept; }; }; route 2000::/3 via fe80::1%igb0; route 64:ff9b::/96 via fe80::1%igb0; route 2a00:1098:6b:400::/56 blackhole { bgp_large_community.add((4242421495, 4, 2)); # export to IBGP }; # hyacinth - no OSPF # route fd00:0:0:1::12/128 via fe80::2%'wg.hyacinth'; # VMs route 2a00:1098:6b:400::2/128 via fe80::2%'vmnet.lily'; # route 2a00:1098:6b:400::3/128 via fe80::2%'vmnet.nightshad'; route 2a00:1098:6b:400::8/128 via fe80::2%'vmnet.cgit'; route 2a00:1098:6b:400::9/128 via fe80::2%'vmnet.amaryllis'; route fd13:480d:2ffa:2::1/128 via fe80::2%'vmnet.freebsd14'; route fd13:480d:2ffa:2::6/128 via fe80::2%'vmnet.freebsd15'; route fd13:480d:2ffa:2::4/128 via fe80::2%'vmnet.ref15m'; route fd13:480d:2ffa:2::5/128 via fe80::2%'vmnet.ref15q'; route fd13:480d:2ffa:2::2/128 via fe80::2%'vmnet.ref14m'; route fd13:480d:2ffa:2::3/128 via fe80::2%'vmnet.ref14q'; route fd13:480d:2ffa:2::d/128 via fe80::2%'vmnet.tansy'; route fd00:0:0:1::10/128 via fe80::2%'vmnet.lily'; route fd13:480d:2ffa:2::7/128 via fe80::2%'vm.daisy'; } # IPv6 static routes in fib 1 protocol static static6fib1 { ipv6 { table fib1; }; route 2000::/3 via fe80::1%igb0; } # IPv4 static routes protocol static static4 { ipv4 { table master4; import filter { bgp_large_community.add((4242421495, 1, 1)); # internal origin bgp_large_community.add((4242421495, 2, 1)); # rose origin bgp_large_community.add((4242421495, 3, 1)); # UK origin accept; }; }; route 0.0.0.0/0 via fe80::1%igb0; route 176.126.243.164/32 blackhole { bgp_large_community.add((4242421495, 4, 2)); # export to IBGP bgp_large_community.add((4242421495, 5, 1)); # do not install to FIB }; # VMs route 46.235.229.111/32 via fe80::2%'vmnet.nightshad' { bgp_large_community.add((4242421495, 4, 2)); # export to IBGP }; } protocol bfd { interface "*" { interval 500ms; multiplier 5; }; multihop { interval 1s; multiplier 5; }; } protocol ospf v3 core { ipv6 { export filter { if net = 2a00:1098:6b:400::/56 then { ospf_metric1 = 100; accept; } if net ~ fd00::/8 then { ospf_metric1 = 100; accept; } reject; }; }; area 0 { interface "lo1" { stub yes; }; interface "bridge0.500" { stub yes; }; interface "wg.willow" { type ptp; bfd yes; authentication cryptographic; password "..." { algorithm hmac sha256; }; }; interface "wg.amaranth" { type ptp; bfd yes; authentication cryptographic; password "..." { algorithm hmac sha256; }; }; interface "wg.hyacinth" { type ptp; bfd no; authentication cryptographic; password "..." { algorithm hmac sha256; }; }; }; }