BIRD - Internet Routing Daemon

Installation

apt install bird

Konfiguation

Inhalt von /etc/bird/bird.conf.

# This file is managed by Salt, do not edit.

# Change this into your BIRD router ID. It's a world-wide unique identification
# of your router, usually one of router's IPv4 addresses.
# Unsere externe feste IPv4-Adresse: {{ pillar['network']['primary']['address'] }}
router id {{ pillar['network']['primary']['address'] }};

# Our Autonomous System Number from Freifunk Rheinland
define myas = {{ pillar['bird']['myas'] }};

# Functions
function net_icannv4() {
    return net ~ [ 185.66.193.96/31+ ];
}

function net_default() {
    return net ~ [ 0.0.0.0/0 ];
}

# The Device protocol is not a real routing protocol. It doesn't generate any
# routes and it only serves as a module for getting information about network
# interfaces from the kernel.
protocol device {
    scan time 10;
}

# The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD's
# routing tables with the OS kernel.
protocol kernel {
    kernel table 61;
    scan time 10;
    import none;
    export filter {
        if net_default() then accept;
        reject;
    };
};

# Static Routes for bgp Public IPv4 from Freifunk Rheinland
protocol static {
    route 185.66.193.96/32 reject;
}

# Templates for bgp
template bgp upstream {
    local as myas;
    import filter {
        if net_default() then accept;
        reject;
    };
    export filter {
        if net_icannv4() then accept;
        reject;
    };
};

# Logging
log "/var/log/bird.log" all;
log syslog all;

# Include Freifunk Rheinland Upstream
include "/etc/bird/ffrl_{{ grains['host'] }}_upstream.conf";

Inhalt von /etc/bird/bird6.conf.

# This file is managed by Salt, do not edit.

# Change this into your BIRD router ID. It's a world-wide unique identification
# of your router, usually one of router's IPv4 addresses.
# Unsere externe feste IPv4-Adresse: {{ pillar['network']['primary']['address'] }}
router id {{ pillar['network']['primary']['address'] }};

# Our Autonomous System Number from Freifunk Rheinland
define myas = {{ pillar['bird']['myas'] }};

# Functions
function net_ffrl() {
    return net ~ [ 2a03:2260:3010::/48+ ];
}

function ip6_default() {
    return net ~ [ ::/0 ];
}

# The Device protocol is not a real routing protocol. It doesn't generate any
# routes and it only serves as a module for getting information about network
# interfaces from the kernel.
protocol device {
    scan time 10;
}

# The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD's
# routing tables with the OS kernel.
protocol kernel {
    kernel table 61;
    scan time 10;
    import none;
    export filter {
        if ip6_default() then accept;
        reject;
    };
};

# Static Routes for bgp Public IPv6 from Freifunk Rheinland
protocol static {
    route 2a03:2260:11f::/48 reject;
}

# Templates for bgp
template bgp ffrl_upstream {
    local as myas;
    import where ip6_default();
    export where net_ffrl();
    direct;
}

# Logging
log "/var/log/bird.log" all;
log syslog all;

# Include Freifunk Rheinland IPv6 Upstream
include "/etc/bird/ffrl_{{ grains['host'] }}_upstream6.conf";

TODO: Upstream Konfiguration einbinden.

Salt State File

bird.sls

# BIRD - Internet Routing Daemon

{% set bird = salt['grains.filter_by']({
  'Debian': {'pkg': 'bird', 'srv': 'bird'},
}, default='Debian') %}

{% set bird6 = salt['grains.filter_by']({
  'Debian': {'srv': 'bird6'},
}, default='Debian') %}

{% if pillar['exit']['type'] == 'gre' %}

{{ bird.pkg }}:
  pkg.installed:
    - name: {{ bird.pkg }}
  service.running:
    - name: {{ bird.srv }}
    - enable: True

/etc/bird/bird.conf:
  file.managed:
    - name: /etc/bird/bird.conf
    - source: salt://gateway/etc/bird/bird.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 644
    - listen_in:
      - service: {{ bird.srv }}

/etc/bird/ffrl_{{ grains['host'] }}_upstream.conf:
  file.managed:
    - name: /etc/bird/ffrl_{{ grains['host'] }}_upstream.conf
    - source: salt://gateway/etc/bird/ffrl_{{ grains['host'] }}_upstream.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 644
    - listen_in:
      - service: {{ bird.srv }}

{{ bird6.srv }}:
  service.running:
    - name: {{ bird6.srv }}
    - enable: True
    - require:
      - pkg: {{ bird.pkg }}

/etc/bird/bird6.conf:
  file.managed:
    - name: /etc/bird/bird6.conf
    - source: salt://gateway/etc/bird/bird6.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 644
    - listen_in:
      - service: {{ bird6.srv }}

/etc/bird/ffrl_{{ grains['host'] }}_upstream6.conf:
  file.managed:
    - name: /etc/bird/ffrl_{{ grains['host'] }}_upstream6.conf
    - source: salt://gateway/etc/bird/ffrl_{{ grains['host'] }}_upstream6.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 644
    - listen_in:
      - service: {{ bird.srv }}

{% else %}

{{ bird.pkg }}:
  pkg.removed:
    - pkg: {{ bird.pkg }}

/etc/bird:
  file.absent:
    - name: /etc/bird

{% endif %}