BGP » Historique » Version 1
Laurent GUERBY, 20/10/2011 11:22
| 1 | 1 | Laurent GUERBY | h1. BGP |
|---|---|---|---|
| 2 | 1 | Laurent GUERBY | |
| 3 | 1 | Laurent GUERBY | Nous utilisons BIRD sous Linux comme routeur BGP |
| 4 | 1 | Laurent GUERBY | |
| 5 | 1 | Laurent GUERBY | http://bird.network.cz/ |
| 6 | 1 | Laurent GUERBY | |
| 7 | 1 | Laurent GUERBY | h1. Configuration Toulouse |
| 8 | 1 | Laurent GUERBY | |
| 9 | 1 | Laurent GUERBY | <pre> |
| 10 | 1 | Laurent GUERBY | router id 91.224.148.2; |
| 11 | 1 | Laurent GUERBY | define myas = 197422; |
| 12 | 1 | Laurent GUERBY | |
| 13 | 1 | Laurent GUERBY | |
| 14 | 1 | Laurent GUERBY | protocol device { |
| 15 | 1 | Laurent GUERBY | scan time 10; |
| 16 | 1 | Laurent GUERBY | primary "eth0" 91.224.148.3; |
| 17 | 1 | Laurent GUERBY | } |
| 18 | 1 | Laurent GUERBY | |
| 19 | 1 | Laurent GUERBY | protocol static static_bgp { |
| 20 | 1 | Laurent GUERBY | import all; |
| 21 | 1 | Laurent GUERBY | route 91.224.148.0/23 reject; |
| 22 | 1 | Laurent GUERBY | } |
| 23 | 1 | Laurent GUERBY | |
| 24 | 1 | Laurent GUERBY | |
| 25 | 1 | Laurent GUERBY | protocol kernel{ |
| 26 | 1 | Laurent GUERBY | import all; |
| 27 | 1 | Laurent GUERBY | export all; |
| 28 | 1 | Laurent GUERBY | } |
| 29 | 1 | Laurent GUERBY | |
| 30 | 1 | Laurent GUERBY | |
| 31 | 1 | Laurent GUERBY | function avoid_martians() |
| 32 | 1 | Laurent GUERBY | prefix set martians; |
| 33 | 1 | Laurent GUERBY | { |
| 34 | 1 | Laurent GUERBY | martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ]; |
| 35 | 1 | Laurent GUERBY | |
| 36 | 1 | Laurent GUERBY | # Avoid 0.0.0.0/X |
| 37 | 1 | Laurent GUERBY | if net.ip = 0.0.0.0 then return false; |
| 38 | 1 | Laurent GUERBY | |
| 39 | 1 | Laurent GUERBY | # Avoid too short and too long prefixes |
| 40 | 1 | Laurent GUERBY | if (net.len < 8) || (net.len > 24) then return false; |
| 41 | 1 | Laurent GUERBY | |
| 42 | 1 | Laurent GUERBY | # Avoid RFC1918 networks |
| 43 | 1 | Laurent GUERBY | if net ~ martians then return false; |
| 44 | 1 | Laurent GUERBY | return true; |
| 45 | 1 | Laurent GUERBY | } |
| 46 | 1 | Laurent GUERBY | |
| 47 | 1 | Laurent GUERBY | filter bgp_OUT { |
| 48 | 1 | Laurent GUERBY | if (net ~ [91.224.148.0/23]) then accept; |
| 49 | 1 | Laurent GUERBY | else reject; |
| 50 | 1 | Laurent GUERBY | } |
| 51 | 1 | Laurent GUERBY | |
| 52 | 1 | Laurent GUERBY | |
| 53 | 1 | Laurent GUERBY | protocol bgp TOUIX { |
| 54 | 1 | Laurent GUERBY | local as myas; |
| 55 | 1 | Laurent GUERBY | neighbor 91.213.236.1 as 47184; |
| 56 | 1 | Laurent GUERBY | preference 200; |
| 57 | 1 | Laurent GUERBY | import where avoid_martians(); |
| 58 | 1 | Laurent GUERBY | export filter bgp_OUT; |
| 59 | 1 | Laurent GUERBY | } |
| 60 | 1 | Laurent GUERBY | |
| 61 | 1 | Laurent GUERBY | protocol bgp JAGUAR { |
| 62 | 1 | Laurent GUERBY | local as myas; |
| 63 | 1 | Laurent GUERBY | neighbor 31.172.233.1 as 30781; |
| 64 | 1 | Laurent GUERBY | preference 50; |
| 65 | 1 | Laurent GUERBY | import where avoid_martians(); |
| 66 | 1 | Laurent GUERBY | export filter bgp_OUT; |
| 67 | 1 | Laurent GUERBY | } |
| 68 | 1 | Laurent GUERBY | |
| 69 | 1 | Laurent GUERBY | protocol bgp TETANEUTRAL { |
| 70 | 1 | Laurent GUERBY | local as myas; |
| 71 | 1 | Laurent GUERBY | neighbor 91.224.148.2 as myas; |
| 72 | 1 | Laurent GUERBY | preference 100; |
| 73 | 1 | Laurent GUERBY | import where avoid_martians(); |
| 74 | 1 | Laurent GUERBY | export all; |
| 75 | 1 | Laurent GUERBY | } |
| 76 | 1 | Laurent GUERBY | </pre> |