Add policy based routing
This commit is contained in:
parent
9f8282e83b
commit
87e4a629d8
@ -66,6 +66,20 @@
|
|||||||
|
|
||||||
networking.firewall.allowedUDPPorts = [ 51337 ];
|
networking.firewall.allowedUDPPorts = [ 51337 ];
|
||||||
|
|
||||||
|
petabyte.policyrouting = {
|
||||||
|
enable = true;
|
||||||
|
rules6 = [
|
||||||
|
{ rule = "from all to fd00:152:152::/48 lookup 1000"; prio = 10000; } # OSPF
|
||||||
|
{ rule = "from fd00:152:152::/48 lookup 2000"; prio = 10000; } # BGP
|
||||||
|
{ rule = "from all to fd00:152:152::/48 unreachable"; prio = 20000; }
|
||||||
|
];
|
||||||
|
rules4 = [
|
||||||
|
{ rule = "from all to 10.152.0.0/16 lookup 1000"; prio = 10000; } # OSPF
|
||||||
|
{ rule = "from 10.152.0.0/16 lookup 2000"; prio = 10000; } # BGP
|
||||||
|
{ rule = "from all to 10.152.0.0/16 unreachable"; prio = 20000; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.bird2.enable = true;
|
services.bird2.enable = true;
|
||||||
services.bird2.config = ''
|
services.bird2.config = ''
|
||||||
router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
||||||
@ -110,6 +124,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
protocol kernel kernel_ospf6 {
|
protocol kernel kernel_ospf6 {
|
||||||
|
kernel table 1000;
|
||||||
ipv6 {
|
ipv6 {
|
||||||
table ospf6;
|
table ospf6;
|
||||||
export filter {
|
export filter {
|
||||||
@ -121,6 +136,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
protocol kernel kernel_ospf4 {
|
protocol kernel kernel_ospf4 {
|
||||||
|
kernel table 1000;
|
||||||
ipv4 {
|
ipv4 {
|
||||||
table ospf4;
|
table ospf4;
|
||||||
export filter {
|
export filter {
|
||||||
@ -131,6 +147,30 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol kernel kernel_bgp6 {
|
||||||
|
kernel table 2000;
|
||||||
|
ipv6 {
|
||||||
|
table bgp6;
|
||||||
|
export filter {
|
||||||
|
krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import none;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol kernel kernel_bgp4 {
|
||||||
|
kernel table 2000;
|
||||||
|
ipv4 {
|
||||||
|
table bgp4;
|
||||||
|
export filter {
|
||||||
|
krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import none;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
protocol ospf v3 ospf_6 {
|
protocol ospf v3 ospf_6 {
|
||||||
ipv6 {
|
ipv6 {
|
||||||
table ospf6;
|
table ospf6;
|
||||||
@ -165,6 +205,7 @@
|
|||||||
source address ${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
|
source address ${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
|
||||||
ipv6 {
|
ipv6 {
|
||||||
table bgp6;
|
table bgp6;
|
||||||
|
igp table ospf6;
|
||||||
next hop self;
|
next hop self;
|
||||||
import keep filtered;
|
import keep filtered;
|
||||||
import all;
|
import all;
|
||||||
@ -178,6 +219,7 @@
|
|||||||
source address ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
source address ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
||||||
ipv4 {
|
ipv4 {
|
||||||
table bgp4;
|
table bgp4;
|
||||||
|
igp table ospf4;
|
||||||
next hop self;
|
next hop self;
|
||||||
import keep filtered;
|
import keep filtered;
|
||||||
import all;
|
import all;
|
||||||
@ -185,14 +227,22 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
protocol bgp bgp_carbon from ibgp6 {
|
protocol bgp bgp_carbon6 from ibgp6 {
|
||||||
neighbor fd00:152:152:104::1 as 4200002574;
|
neighbor fd00:152:152:104::1 as 4200002574;
|
||||||
}
|
}
|
||||||
|
|
||||||
protocol bgp bgp_porter from ibgp6 {
|
protocol bgp bgp_carbon4 from ibgp4 {
|
||||||
|
neighbor 10.152.104.1 as 4200002574;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol bgp bgp_porter6 from ibgp6 {
|
||||||
neighbor fd00:152:152:102::1 as 4200002574;
|
neighbor fd00:152:152:102::1 as 4200002574;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol bgp bgp_porter4 from ibgp4 {
|
||||||
|
neighbor 10.152.102.1 as 4200002574;
|
||||||
|
}
|
||||||
|
|
||||||
protocol device {
|
protocol device {
|
||||||
scan time 10;
|
scan time 10;
|
||||||
}
|
}
|
||||||
|
@ -58,6 +58,20 @@
|
|||||||
|
|
||||||
networking.firewall.allowedUDPPorts = [ 50138 51337 ];
|
networking.firewall.allowedUDPPorts = [ 50138 51337 ];
|
||||||
|
|
||||||
|
petabyte.policyrouting = {
|
||||||
|
enable = true;
|
||||||
|
rules6 = [
|
||||||
|
{ rule = "from all to fd00:152:152::/48 lookup 1000"; prio = 10000; } # OSPF
|
||||||
|
{ rule = "from fd00:152:152::/48 lookup 2000"; prio = 10000; } # BGP
|
||||||
|
{ rule = "from all to fd00:152:152::/48 unreachable"; prio = 20000; }
|
||||||
|
];
|
||||||
|
rules4 = [
|
||||||
|
{ rule = "from all to 10.152.0.0/16 lookup 1000"; prio = 10000; } # OSPF
|
||||||
|
{ rule = "from 10.152.0.0/16 lookup 2000"; prio = 10000; } # BGP
|
||||||
|
{ rule = "from all to 10.152.0.0/16 unreachable"; prio = 20000; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.bird2.enable = true;
|
services.bird2.enable = true;
|
||||||
services.bird2.config = ''
|
services.bird2.config = ''
|
||||||
router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
||||||
@ -77,7 +91,8 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
protocol kernel kernel_6 {
|
protocol kernel kernel_ospf6 {
|
||||||
|
kernel table 1000;
|
||||||
ipv6 {
|
ipv6 {
|
||||||
table ospf6;
|
table ospf6;
|
||||||
export filter {
|
export filter {
|
||||||
@ -88,7 +103,8 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
protocol kernel kernel_4 {
|
protocol kernel kernel_ospf4 {
|
||||||
|
kernel table 1000;
|
||||||
ipv4 {
|
ipv4 {
|
||||||
table ospf4;
|
table ospf4;
|
||||||
export filter {
|
export filter {
|
||||||
@ -99,6 +115,30 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol kernel kernel_bgp6 {
|
||||||
|
kernel table 2000;
|
||||||
|
ipv6 {
|
||||||
|
table bgp6;
|
||||||
|
export filter {
|
||||||
|
krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import none;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol kernel kernel_bgp4 {
|
||||||
|
kernel table 2000;
|
||||||
|
ipv4 {
|
||||||
|
table bgp4;
|
||||||
|
export filter {
|
||||||
|
krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import none;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
protocol ospf v3 ospf_6 {
|
protocol ospf v3 ospf_6 {
|
||||||
ipv6 {
|
ipv6 {
|
||||||
table ospf6;
|
table ospf6;
|
||||||
@ -141,6 +181,7 @@
|
|||||||
source address ${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
|
source address ${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address };
|
||||||
ipv6 {
|
ipv6 {
|
||||||
table bgp6;
|
table bgp6;
|
||||||
|
igp table ospf6;
|
||||||
next hop self;
|
next hop self;
|
||||||
import keep filtered;
|
import keep filtered;
|
||||||
import all;
|
import all;
|
||||||
@ -154,6 +195,7 @@
|
|||||||
source address ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
source address ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };
|
||||||
ipv4 {
|
ipv4 {
|
||||||
table bgp4;
|
table bgp4;
|
||||||
|
igp table ospf4;
|
||||||
next hop self;
|
next hop self;
|
||||||
import keep filtered;
|
import keep filtered;
|
||||||
import all;
|
import all;
|
||||||
@ -161,14 +203,22 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
protocol bgp bgp_carbon from ibgp6 {
|
protocol bgp bgp_carbon6 from ibgp6 {
|
||||||
neighbor fd00:152:152:104::1 as 4200002574;
|
neighbor fd00:152:152:104::1 as 4200002574;
|
||||||
}
|
}
|
||||||
|
|
||||||
protocol bgp bgp_nonat from ibgp6 {
|
protocol bgp bgp_carbon4 from ibgp4 {
|
||||||
|
neighbor 10.152.104.1 as 4200002574;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol bgp bgp_nonat6 from ibgp6 {
|
||||||
neighbor fd00:152:152:103::1 as 4200002574;
|
neighbor fd00:152:152:103::1 as 4200002574;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol bgp bgp_nonat4 from ibgp4 {
|
||||||
|
neighbor 10.152.103.1 as 4200002574;
|
||||||
|
}
|
||||||
|
|
||||||
protocol device {
|
protocol device {
|
||||||
scan time 10;
|
scan time 10;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user