Statistics
| Branch: | Revision:

iof-bird-daemon / filter / test_bgp_filtering.conf @ 9b0a0ba9

History | View | Annotate | Download (2.17 KB)

1
router id 62.168.0.1;
2

    
3
function net_martian()
4
{
5
  return net ~ [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 
6
    127.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ];
7
}
8

    
9
function net_local()
10
{
11
  return net ~ [ 12.10.0.0/16+, 34.10.0.0/16+ ];
12
}
13

    
14
function rt_import(int asn; int set peer_asns; prefix set peer_nets)
15
{
16
  if ! (net ~ peer_nets) then return false;
17
  if ! (bgp_path.last ~ peer_asns) then return false;
18
  if bgp_path.first != asn then return false;
19
  if bgp_path.len > 64 then return false;
20
  if bgp_next_hop != from then return false;
21
  return true;
22
}
23

    
24
function rt_import_all(int asn)
25
{
26
  if net_martian() || net_local() then return false;
27
  if bgp_path.first != asn then return false;
28
  if bgp_path.len > 64 then return false;
29
  if bgp_next_hop != from then return false;
30
  return true;
31
}
32

    
33
function rt_import_rs(int asn)
34
{
35
  if net_martian() || net_local() then return false;
36
  if bgp_path.len > 64 then return false;
37
  return true;
38
}
39

    
40
function rt_export()
41
{
42
  if proto = "static_bgp" then return true;
43
  if source != RTS_BGP then return false;
44
  if net_martian() then return false;
45
  if bgp_path.len > 64 then return false;
46
  # return bgp_next_hop ~ [ 100.1.1.1, 100.1.1.2, 200.1.1.1 ];
47
  return bgp_path.first ~ [ 345, 346 ];
48
}
49

    
50

    
51
function rt_export_all()
52
{
53
  if proto = "static_bgp" then return true;
54
  if source != RTS_BGP then return false;
55
  if net_martian() then return false;
56
  if bgp_path.len > 64 then return false;
57
  return true;
58
}
59

    
60
filter bgp_in_uplink_123
61
{
62
  if ! rt_import_all(123) then reject;
63
  accept;
64
}
65

    
66
filter bgp_out_uplink_123
67
{
68
  if ! rt_export() then reject;
69
  accept;
70
}
71

    
72

    
73
filter bgp_in_peer_234
74
{
75
  if ! rt_import(234, [ 234, 1234, 2345, 3456 ],
76
        [ 12.34.0.0/16, 23.34.0.0/16, 34.56.0.0/16 ])
77
  then reject;
78
  accept;
79
}
80

    
81
filter bgp_out_peer_234
82
{
83
  if ! rt_export() then reject;
84
  accept;
85
}
86

    
87
filter bgp_in_rs
88
{
89
  if ! rt_import_rs(bgp_path.last) then reject;
90
  accept;
91
}
92

    
93
filter bgp_out_rs
94
{
95
  if ! rt_export() then reject;
96
  accept;
97
}
98

    
99

    
100
filter bgp_in_client_345
101
{
102
  if ! rt_import(345, [ 345 ], [ 34.5.0.0/16 ]) then reject;
103
  accept;
104
}
105

    
106
filter bgp_out_client_345
107
{
108
  if ! rt_export_all() then reject;
109
  accept;
110
}
111

    
112

    
113