This code in this repository is used for the following tasks:
- use the database at https://github.com/coloclue/peering to generate all IXP peering
- generate IRR filters for each peer
- generate RPKI based filters for each peer
- generate remaining BIRD configuration
- push the BIRD configs to all boxes
The 'kees' repository is the authoritative source for BIRD configurations in
the coloclue network. Any changes to the BIRD configuration on the routers
will be overwritten by the scripts in this repository.
Part of the BIRD configurations are generated by python scripts, other
parts of the BIRD configuration are manually composed and stored in the
'blobs' directory. The 'blobs' directory contains a directory for each
BIRD router, later on the peering & rpki files are copied over the a copy
of the 'blobs' to augment it with the 'dynamic' (read IRR or RPKI) portions
of the configuration. The goal is to have as much dynamic config as possible
and have the static configs per router completely empty.
$ tree
.
├── LICENSE
├── README
├── blobs
│ ├── dcg-1.router.nl.coloclue.net
│ │ ├── bird.conf <- Static config for bird (IPv4 definition on the routers)
│ │ ├── bird6.conf <- Static config for bird6 (IPv6 definition on the routers)
│ │ ├── peerings <- Filled by peering_filters
│ │ └── rpki <- Filled by rtrsub
│ ├── dcg-2.router.nl.coloclue.net
│ │ ├── bird.conf
│ │ ├── bird6.conf
│ │ ├── peerings
│ │ └── rpki
│ ├── eunetworks-2.router.nl.coloclue.net
│ │ ├── bird.conf
│ │ ├── bird6.conf
│ │ ├── blackholes <- Specific annoucements to mitigate DDoSses is placed here automatically
│ │ ├── peerings
│ │ └── rpki
│ └── eunetworks-3.router.nl.coloclue.net
│ ├── bird.conf
│ ├── bird6.conf
│ ├── peerings
│ └── rpki
├── generate-peer-config.sh <- Generates all the filters for the peers
├── gentool <- A YAML to Jinja2 template generator
├── peering_filters <- creates IRR filters & IXP peering configs
├── templates
│ ├── afi_specific_filters.j2 <- Filters where the AFI is relevant
│ ├── bird-rpki.j2 <- Template used by rtrsub
│ ├── ebgp_state.j2 <- State of the eBGP sessions, toggled by the maintenance-mode setting
│ ├── envvars.j2 <- UID and GID to run the Bird process as
│ ├── filter.j2 <- Filter for peers
│ ├── generic_filters.j2 <- Global filters where the AFI is irrelevant
│ ├── header.j2 <- File where all the generated files are included
│ ├── ibgp.j2 <- Template for the iBGP sessions
│ ├── interfaces.j2 <- Interfaces used by Bird (for instance to announce OSPF hello's on)
│ ├── members_bgp.j2 <- template for BGP sessions to members
│ ├── ospf.j2 <- OSPF definition
│ ├── peer.j2 <- Template for the BGP sessions definition to peers
│ ├── rpkiwhitelist.j2 <- Template for RPKI whitelisted prefixes
│ ├── static_routes.j2 <- Template for static routes (we use this for static routes towards members)
│ └── transit.j2 <- Template in which the BGP sessions towards our transits are defined
├── update-routers.sh
└── vars
├── dcg-1.router.nl.coloclue.net.yml
├── dcg-2.router.nl.coloclue.net.yml
├── eunetworks-2.router.nl.coloclue.net.yml
├── generic.yml
├── members_bgp.yml <- ips & prefixes of members with BGP
├── statics-dcg.yml <- static routes eunetworks
└── statics-eunetworks.yml <- static routes DCG
./generate-peer-config.sh - Generate new filters for peers, you need to run this before ./update-routers.sh push
./update-routers.sh push - To build a new config and push it to the routers, uses the filters generated by ./generate-peer-config.sh
./update-routers.sh check - To build a new config and validate it, but don't push it to the routers
rtrsub - https://github.com/job/rtrsub
jinja2 - jinja.pocoo.org
hiyapyco - https://pypi.python.org/pypi/HiYaPyCo
bgpq3 - https://github.com/snar/bgpq3
Copyright (c) 2014-2017, Job Snijders job@instituut.net
Copyright (c) 2017-2019, Network committee Coloclue routers@coloclue.net