BGP » Historique » Version 12
Laurent GUERBY, 03/01/2012 08:09
1 | 1 | Laurent GUERBY | h1. BGP |
---|---|---|---|
2 | 1 | Laurent GUERBY | |
3 | 1 | Laurent GUERBY | Nous utilisons BIRD sous Linux comme routeur BGP |
4 | 1 | Laurent GUERBY | |
5 | 1 | Laurent GUERBY | http://bird.network.cz/ |
6 | 1 | Laurent GUERBY | |
7 | 3 | Laurent GUERBY | h1. Evolutions de la conf BGP |
8 | 3 | Laurent GUERBY | |
9 | 3 | Laurent GUERBY | * http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html |
10 | 3 | Laurent GUERBY | |
11 | 5 | Laurent GUERBY | TODO: |
12 | 6 | Laurent GUERBY | * mise en place d'un gestionaire de version style git au moins pour documentation |
13 | 5 | Laurent GUERBY | * Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste) |
14 | 5 | Laurent GUERBY | * Atelier ? |
15 | 7 | Laurent GUERBY | ** Laurent GUERBY |
16 | 9 | Raphaël Durand | ** Solarus |
17 | 10 | Raphaël Durand | ** Ajouter son nom... |
18 | 4 | Laurent GUERBY | |
19 | 2 | Laurent GUERBY | h1. Liens |
20 | 2 | Laurent GUERBY | |
21 | 2 | Laurent GUERBY | * http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt |
22 | 11 | Laurent GUERBY | * http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf |
23 | 12 | Laurent GUERBY | * AS4 http://www.rfc-editor.org/rfc/rfc4893.txt |
24 | 2 | Laurent GUERBY | |
25 | 1 | Laurent GUERBY | h1. Configuration Toulouse |
26 | 1 | Laurent GUERBY | |
27 | 1 | Laurent GUERBY | <pre> |
28 | 1 | Laurent GUERBY | router id 91.224.148.2; |
29 | 1 | Laurent GUERBY | define myas = 197422; |
30 | 1 | Laurent GUERBY | |
31 | 1 | Laurent GUERBY | |
32 | 1 | Laurent GUERBY | protocol device { |
33 | 1 | Laurent GUERBY | scan time 10; |
34 | 1 | Laurent GUERBY | primary "eth0" 91.224.148.3; |
35 | 1 | Laurent GUERBY | } |
36 | 1 | Laurent GUERBY | |
37 | 1 | Laurent GUERBY | protocol static static_bgp { |
38 | 1 | Laurent GUERBY | import all; |
39 | 1 | Laurent GUERBY | route 91.224.148.0/23 reject; |
40 | 1 | Laurent GUERBY | } |
41 | 1 | Laurent GUERBY | |
42 | 1 | Laurent GUERBY | |
43 | 1 | Laurent GUERBY | protocol kernel{ |
44 | 1 | Laurent GUERBY | import all; |
45 | 1 | Laurent GUERBY | export all; |
46 | 1 | Laurent GUERBY | } |
47 | 1 | Laurent GUERBY | |
48 | 1 | Laurent GUERBY | |
49 | 1 | Laurent GUERBY | function avoid_martians() |
50 | 1 | Laurent GUERBY | prefix set martians; |
51 | 1 | Laurent GUERBY | { |
52 | 1 | Laurent GUERBY | martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ]; |
53 | 1 | Laurent GUERBY | |
54 | 1 | Laurent GUERBY | # Avoid 0.0.0.0/X |
55 | 1 | Laurent GUERBY | if net.ip = 0.0.0.0 then return false; |
56 | 1 | Laurent GUERBY | |
57 | 1 | Laurent GUERBY | # Avoid too short and too long prefixes |
58 | 1 | Laurent GUERBY | if (net.len < 8) || (net.len > 24) then return false; |
59 | 1 | Laurent GUERBY | |
60 | 1 | Laurent GUERBY | # Avoid RFC1918 networks |
61 | 1 | Laurent GUERBY | if net ~ martians then return false; |
62 | 1 | Laurent GUERBY | return true; |
63 | 1 | Laurent GUERBY | } |
64 | 1 | Laurent GUERBY | |
65 | 1 | Laurent GUERBY | filter bgp_OUT { |
66 | 1 | Laurent GUERBY | if (net ~ [91.224.148.0/23]) then accept; |
67 | 1 | Laurent GUERBY | else reject; |
68 | 1 | Laurent GUERBY | } |
69 | 1 | Laurent GUERBY | |
70 | 1 | Laurent GUERBY | |
71 | 1 | Laurent GUERBY | protocol bgp TOUIX { |
72 | 1 | Laurent GUERBY | local as myas; |
73 | 1 | Laurent GUERBY | neighbor 91.213.236.1 as 47184; |
74 | 1 | Laurent GUERBY | preference 200; |
75 | 1 | Laurent GUERBY | import where avoid_martians(); |
76 | 1 | Laurent GUERBY | export filter bgp_OUT; |
77 | 1 | Laurent GUERBY | } |
78 | 1 | Laurent GUERBY | |
79 | 1 | Laurent GUERBY | protocol bgp JAGUAR { |
80 | 1 | Laurent GUERBY | local as myas; |
81 | 1 | Laurent GUERBY | neighbor 31.172.233.1 as 30781; |
82 | 1 | Laurent GUERBY | preference 50; |
83 | 1 | Laurent GUERBY | import where avoid_martians(); |
84 | 1 | Laurent GUERBY | export filter bgp_OUT; |
85 | 1 | Laurent GUERBY | } |
86 | 1 | Laurent GUERBY | |
87 | 1 | Laurent GUERBY | protocol bgp TETANEUTRAL { |
88 | 1 | Laurent GUERBY | local as myas; |
89 | 1 | Laurent GUERBY | neighbor 91.224.148.2 as myas; |
90 | 1 | Laurent GUERBY | preference 100; |
91 | 1 | Laurent GUERBY | import where avoid_martians(); |
92 | 1 | Laurent GUERBY | export all; |
93 | 1 | Laurent GUERBY | } |
94 | 1 | Laurent GUERBY | </pre> |