disable multiprotocol, when not ezplicilty enabled

4 years ago · faa000153f
parent db4ff8d23a
commit faa000153f
2 changed files with 47 additions and 2 deletions
--- a/templates/bird2/bird.conf.j2
+++ b/templates/bird2/bird.conf.j2
@ -151,5 +151,50 @@ template bgp dnpeers {
    };
 }

+template bgp dnpeers_v4 {
+    local as OWNAS;
+    path metric 1;
+
+    ipv4 {
+        import filter {
+          if is_valid_network() && !is_self_net() then {
+            {% if dn42_enable_roa %}
+            if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
+              print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
+              reject;
+            } else accept;
+            {% else %}
+            accept;
+            {% endif %}
+          } else reject;
+        };
+
+        export filter { if is_valid_network() then accept; else reject; };
+        import limit 1000 action block;
+    };
+}
+
+template bgp dnpeers_v6 {
+    local as OWNAS;
+    path metric 1;
+
+    ipv6 {
+        import filter {
+          if is_valid_network_v6() && !is_self_net_v6() then {
+            {% if dn42_enable_roa %}
+            if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
+              print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
+              reject;
+            } else accept;
+            {% else %}
+            accept;
+            {% endif %}
+          } else reject;
+        };
+        export filter { if is_valid_network_v6() then accept; else reject; };
+        import limit 1000 action block;
+    };
+}
+

 include "/etc/bird/peers/*";
--- a/templates/bird2/peer.conf.j2
+++ b/templates/bird2/peer.conf.j2
@ -1,11 +1,11 @@
 {% if peer.v4 is defined and not peer.bgp4o6 is defined %}
-protocol bgp {{ peer.name }} from dnpeers {
+protocol bgp {{ peer.name }} from dnpeers{% if not peer.bgp4o6 is defined %}_v4{% endif %} {
  neighbor {{ peer.v4 }} as {{ peer.as }};
 };
 {% endif %}

 {% if peer.v6 is defined %}
-protocol bgp {{ peer.name }}_v6 from dnpeers {
+protocol bgp {{ peer.name }}_v6 from dnpeers{% if not peer.bgp4o6 is defined %}_v6{% endif %} {
  # if you use link-local ipv6 addresses for peering using the following
  neighbor {{ peer.v6 }}%{{ peer.if.name | default('dn42_' + peer.name) }} as {{ peer.as }};
 {% if peer.debug is defined %}