Enable policy routing on carbon

2020-12-17 03:39:17 +01:00 · 2020-12-17 03:39:17 +01:00 · 288307a4f6
commit 288307a4f6
parent 87e4a629d8
1 changed files with 54 additions and 4 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@ -51,6 +51,20 @@
    };
  };

+  petabyte.policyrouting = {
+    enable = true;
+    rules6 = [
+      { rule = "from all to fd00:152:152::/48 lookup 1000"; prio = 10000; } # OSPF
+      { rule = "from fd00:152:152::/48 lookup 2000"; prio = 10000; } # BGP
+      { rule = "from all to fd00:152:152::/48 unreachable"; prio = 20000; }
+    ];
+    rules4 = [
+      { rule = "from all to 10.152.0.0/16 lookup 1000"; prio = 10000; } # OSPF
+      { rule = "from 10.152.0.0/16 lookup 2000"; prio = 10000; } # BGP
+      { rule = "from all to 10.152.0.0/16 unreachable"; prio = 20000; }
+    ];
+  };
+
  services.bird2.enable = true;
  services.bird2.config = ''
  router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
@ -80,7 +94,8 @@
    };
  }

-  protocol kernel kernel_6 {
+  protocol kernel kernel_ospf6 {
+    kernel table 1000;
    ipv6 {
      table ospf6;
      export filter {
@ -91,7 +106,8 @@
    };
  }

-  protocol kernel kernel_4 {
+  protocol kernel kernel_ospf4 {
+    kernel table 1000;
    ipv4 {
      table ospf4;
      export filter {
@ -102,6 +118,30 @@
    };
  }

+  protocol kernel kernel_bgp6 {
+    kernel table 2000;
+    ipv6 {
+      table bgp6;
+      export filter {
+        krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
+        accept;
+      };
+      import none;
+    };
+  }
+
+  protocol kernel kernel_bgp4 {
+    kernel table 2000;
+    ipv4 {
+      table bgp4;
+      export filter {
+        krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
+        accept;
+      };
+      import none;
+    };
+  }
+
  protocol ospf v3 ospf_6 {
    ipv6 {
      table ospf6;
@ -136,6 +176,7 @@
    source address ${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
    ipv6 {
      table bgp6;
+      igp table ospf6;
      next hop self;
      import keep filtered;
      import all;
@ -149,6 +190,7 @@
    source address ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
    ipv4 {
      table bgp4;
+      igp table ospf4;
      next hop self;
      import keep filtered;
      import all;
@ -156,14 +198,22 @@
    };
  }

-  protocol bgp bgp_nonat from ibgp6 {
+  protocol bgp bgp_nonat6 from ibgp6 {
    neighbor fd00:152:152:103::1 as 4200002574;
  }

-  protocol bgp bgp_porter from ibgp6 {
+  protocol bgp bgp_nonat4 from ibgp4 {
+    neighbor 10.152.103.1 as 4200002574;
+  }
+
+  protocol bgp bgp_porter6 from ibgp6 {
    neighbor fd00:152:152:102::1 as 4200002574;
  }

+  protocol bgp bgp_porter4 from ibgp4 {
+    neighbor 10.152.102.1 as 4200002574;
+  }
+
  protocol device {
    scan time 10;
  }