Merge pull request #3 from tking/master

My BIRD IPv6 filters
2024-05-11 05:54:58 +00:00 · 2016-11-21 10:45:39 +01:00
parent 197f0af408 35f59419c5
commit 4b24299fe1
1 changed files with 68 additions and 0 deletions
@@ -0,0 +1,68 @@
+# Exerpt of my BIRD IPv6 filters for the DENOG routing BCP project.
+# Author: Thomas King (king@t-king.de)
+function bgp_in_checks() int set bogon_asns; {
+        if (bgp_path.len > 60) then {
+                return false;
+        }
+        # Prefixes that are too specific: https://tools.ietf.org/html/rfc7454#section-6.1.3
+        if (net.len > 64) then {
+                return false;
+        }
+        # IPv6: https://tools.ietf.org/html/rfc7454#section-6.1.6.2
+        if (net = ::/0) then {
+                return false;
+        }
+        # Bogon ASNs
+        bogon_asns = [ 0,                      # RFC 7607
+                          23456,                  # RFC 4893 AS_TRANS
+                          64496..64511,           # RFC 5398 and documentation/example ASNs
+                          64512..65534,           # RFC 6996 Private ASNs
+                          65535,                  # RFC 6996 Last 32 bit ASN
+                          65536..65551,           # RFC 5398 and documentation/example ASNs
+                          65552..131071,          # RFC IANA reserved ASNs
+                          4200000000..4294967294, # RFC 6996 Private ASNs
+                          4294967295 ];           # RFC 6996 Last 64 bit ASN
+        if (bgp_path ~ bogon_asns) then {
+                return false;
+        }
+        # Next-Hop Self
+        if (bgp_next_hop != from) then {
+                return false;
+        }
+        # Filtering prefixes belonging to the local AS and Downstreams: https://tools.ietf.org/html/rfc7454#section-6.1.4
+        if (bgp_path.last = 31451) then {
+                return false;
+        }
+        if (net ~ [2001:67c:1550::/48+]) then {
+                return false;
+        }
+        if (net ~ [2001:67c:1550::/49+]) then {
+                return false;
+        }
+        if (net ~ [2001:67c:1550:8000::/49+]) then {
+                return false;
+        }
+        return true;
+}
+
+function bgp_in_peer1_checks() {
+        if (net = 2a01:f8::/32) then {
+                return false;
+        }
+        return true;
+}
+
+protocol bgp bgp_peer1 {
+        #disabled;
+        description "Peer1 BGP uplink";
+        local as 31451;
+        neighbor 2a01:f8:1:1:81:94:57:22 as 39912;
+        import where bgp_in_checks() && bgp_in_peer1_checks();
+        export where proto="static_bgp";
+        next hop self;
+        multihop;
+        default bgp_med 100;
+        default bgp_local_pref 10;
+        source address 2001:67c:1550::4;
+        graceful restart;
+}