|
|
@ -151,5 +151,50 @@ template bgp dnpeers {
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
template bgp dnpeers_v4 {
|
|
|
|
|
|
|
|
local as OWNAS;
|
|
|
|
|
|
|
|
path metric 1;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ipv4 {
|
|
|
|
|
|
|
|
import filter {
|
|
|
|
|
|
|
|
if is_valid_network() && !is_self_net() then {
|
|
|
|
|
|
|
|
{% if dn42_enable_roa %}
|
|
|
|
|
|
|
|
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
|
|
|
|
|
|
|
|
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
|
|
|
|
|
|
|
|
reject;
|
|
|
|
|
|
|
|
} else accept;
|
|
|
|
|
|
|
|
{% else %}
|
|
|
|
|
|
|
|
accept;
|
|
|
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
} else reject;
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
export filter { if is_valid_network() then accept; else reject; };
|
|
|
|
|
|
|
|
import limit 1000 action block;
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
template bgp dnpeers_v6 {
|
|
|
|
|
|
|
|
local as OWNAS;
|
|
|
|
|
|
|
|
path metric 1;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ipv6 {
|
|
|
|
|
|
|
|
import filter {
|
|
|
|
|
|
|
|
if is_valid_network_v6() && !is_self_net_v6() then {
|
|
|
|
|
|
|
|
{% if dn42_enable_roa %}
|
|
|
|
|
|
|
|
if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
|
|
|
|
|
|
|
|
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
|
|
|
|
|
|
|
|
reject;
|
|
|
|
|
|
|
|
} else accept;
|
|
|
|
|
|
|
|
{% else %}
|
|
|
|
|
|
|
|
accept;
|
|
|
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
} else reject;
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
export filter { if is_valid_network_v6() then accept; else reject; };
|
|
|
|
|
|
|
|
import limit 1000 action block;
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
include "/etc/bird/peers/*";
|
|
|
|
include "/etc/bird/peers/*";
|