Ajout de la configuration bird du routeur whiskey de Gitoyen

Whiskey est un des routeurs de bordure de Gitoyen.

bird/bird.conf

@@ -0,0 +1,26 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+log syslog all;
+
+# Parametres specifiques au routeur
+include "/etc/local/bird/common/local.conf";
+
+# Filtres/Fonctions communs a tous les protocoles
+include "/etc/local/bird/bird/filters.conf";
+
+# Gestion des protocoles lies au noyau
+include "/etc/local/bird/common/kernel.conf";
+
+# Routes statiques
+include "/etc/local/bird/bird/static.conf";
+
+# OSPF (Backbone)
+include "/etc/local/bird/common/ospf.conf";
+
+# Filtres/Fonctions pour BGP
+include "/etc/local/bird/common/bgp-filters.conf";
+
+# BGP (Livraisons, Transit, Peering)
+include "/etc/local/bird/bird/bgp.conf";

bird/bird/bgp.conf

@@ -0,0 +1,173 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+#
+# iBGP (Backbone)
+#
+template bgp ibgp {
+	local as 20766;
+	next hop self;
+	import where bgp_import(20766,"core",0);
+	export where bgp_export(20766,"core"); 
+}	
+
+protocol bgp core_yankee from ibgp {
+        description "Yankee - iBGP";
+	neighbor 80.67.168.19 as 20766;
+}
+protocol bgp core_xray from ibgp {
+        description "X-Ray - iBGP";
+	neighbor 80.67.168.4 as 20766;
+}
+protocol bgp core_zoulou from ibgp {
+        description "Zoulou - iBGP";
+	neighbor 80.67.168.1 as 20766;
+}
+
+
+#
+# Membre: FDN
+#
+template bgp tpl_fdn {
+	local as 20766;
+	description "Livraison FDN";
+        import where bgp_import(65055,"member",0);
+        export where bgp_export(65055,"default");
+}
+
+protocol bgp membre_fdn1 from tpl_fdn {
+	neighbor 80.67.168.213 as 65055;
+}
+protocol bgp membre_fdn2 from tpl_fdn {
+	neighbor 80.67.168.214 as 65055;
+}
+  
+
+#
+# Membre: Grenode
+#
+template bgp tpl_grenode {
+	local as 20766;
+	description "Livraison Grenode";
+	import where bgp_import(51083,"member",40000);
+        export where bgp_export(51083,"full");
+}
+
+protocol bgp member_grenode1 from tpl_grenode {
+	neighbor 80.67.168.222 as 51083;
+}
+  
+
+#
+# Membre: Lautrenet
+#
+template bgp tpl_lautrenet {
+	local as 20766;
+	description "Livraison L'Autre.net";
+        import where bgp_import(64600,"member",0);
+        export where bgp_export(64600,"full");
+}
+
+protocol bgp membre_lautrenet1 from tpl_lautrenet {
+	neighbor 80.67.168.205 as 64600;
+}
+protocol bgp membre_lautrenet2 from tpl_lautrenet {
+	neighbor 80.67.168.206 as 64600;
+}
+  
+
+#
+# Membre: Tetaneutral
+#
+template bgp tpl_tetaneutral {
+	local as 20766;
+	description "Livraison Tetaneutral.net";
+        import where bgp_import(197422,"member",40000);
+        export where bgp_export(197422,"full");
+}
+
+protocol bgp member_tetaneutral from tpl_tetaneutral {
+	neighbor 80.67.168.245 as 197422;
+}
+  
+
+#
+# Transit: Absolight
+#
+template bgp tpl_absolight {
+	local as 20766;
+	description "Transit Absolight";
+        import where bgp_import(29608,"transit",10004);
+        export where bgp_export(29608,"members");
+}
+
+protocol bgp transit_absolight from tpl_absolight {
+	neighbor 79.143.245.137 as 29608;
+	description "Transit Absolight";
+}
+ 
+
+#
+# Peering : FranceIX
+#
+template bgp tpl_franceix_rs {
+	local as 20766;
+        import where bgp_import(51706,"peering",26000);
+        export where bgp_export(51706,"members");
+	import limit 100000;
+}
+template bgp tpl_franceix_peers {
+	local as 20766;
+        import where bgp_import(51706,"peering",26000);
+        export where bgp_export(51706,"members");
+	import limit 10000;
+}
+
+
+protocol bgp franceix_rs1 from tpl_franceix_rs {
+	neighbor 37.49.236.250 as 51706;
+	description "FranceIX Route Server 1";
+}
+protocol bgp franceix_rs2 from tpl_franceix_rs {
+	neighbor 37.49.236.251 as 51706;
+	description "FranceIX Route Server 2";
+}
+protocol bgp franceix_6939 from tpl_franceix_peers {
+	neighbor 37.49.236.10 as 6939;
+	description "FranceIX /  AS-HURRICANE";
+	import limit 100000;
+}
+protocol bgp franceix_20562 from tpl_franceix_peers {
+	neighbor 37.49.236.68 as 20562;
+	description "FranceIX /  AS-OPENPEERING-EU";
+}
+protocol bgp franceix_34019 from tpl_franceix_peers {
+	neighbor 37.49.236.71 as 34019;
+	description "FranceIX /  AS-HIVANE";
+}
+protocol bgp franceix_42473 from tpl_franceix_peers {
+	neighbor 37.49.236.85 as 42473;
+	description "FranceIX /  AS-ANEXIA";
+}
+protocol bgp franceix_197692 from tpl_franceix_peers {
+	neighbor 37.49.236.133 as 197692;
+	description "FranceIX /  AS-CONOSTIX";
+}
+protocol bgp franceix_41692 from tpl_franceix_peers {
+	neighbor 37.49.236.159 as 41692;
+	description "FranceIX /  AS-OPENCARRIER";
+}
+protocol bgp franceix_29467 from tpl_franceix_peers {
+	neighbor 37.49.236.227 as 29467;
+	description "FranceIX /  AS-LUXNETWORK";
+}
+protocol bgp franceix_197422 from tpl_franceix_peers {
+	neighbor 37.49.236.233 as 197422;
+	description "FranceIX /  Tetaneutral";
+}
+protocol bgp franceix_13335 from tpl_franceix_peers {
+	neighbor 37.49.237.49 as 13335;
+	description "FranceIX /  Cloudfare";
+}
+

bird/bird/filters.conf

@@ -0,0 +1,91 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+# Filtre pour limiter les prefix accepte sur les sessions BGP des membres et clients
+#
+# RMQ: le '+' est necessaire pour le systeme de blackhole
+#
+# TODO: Le contenu de cette function pourrait etre alimente semi-automatiquement via la DB du RIPE
+function is_net_from_member(int AS) 
+prefix set as_prefixes;
+{
+
+    case AS {
+        # Grenode
+        51083:  as_prefixes = [ 
+                        91.216.110.0/24+,       # Grenode 
+                        193.33.56.0/23+,        # Rezine
+                        89.234.140.0/24+        # Illyse
+        ];
+        # Tetaneutral
+        197422: as_prefixes = [ 
+                        80.67.182.0/24+,         # Tetaneutral
+                        89.234.156.0/23+,
+                        91.224.148.0/23+                        
+
+        ];
+        # Lautrenet
+        64600:  as_prefixes = [
+                        80.67.160.64/27+,
+                        80.67.168.96/28+
+        ];
+        # FDN
+        65055:  as_prefixes = [
+                        80.67.176.0/22+,
+                        80.67.161.0/24+,
+                        80.67.160.96/29+,
+                        80.67.160.104/30+,
+                        80.67.160.112/29+,
+                        80.67.160.120/29+,
+                        80.67.160.128/28+,
+                        80.67.165.64/26+,
+                        80.67.168.112/29+,
+                        80.67.168.120/29+,
+                        80.67.168.152/29+,
+                        80.67.168.160/29+,
+                        80.67.168.168/29+,
+                        80.67.169.0/24+,
+                        80.67.171.0/26+,
+                        80.67.173.0/27+,
+                        80.67.175.128/26+,
+                        80.67.180.0/24+
+        ];
+        else: print "is_net_from_member: The AS number is unknown"; return false;
+    }
+
+    return (net ~ as_prefixes);
+}
+
+# Prefixes rfc1918
+function is_rfc1918() {
+  return net ~ [ 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+ ];
+}
+
+# Martians route
+function is_martians() {
+  return net ~ [ 169.254.0.0/16+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32{1,32}];
+}
+
+# Routes dans Gitoyen
+function is_within_gitoyen() {
+  return net ~ [ 80.67.160.0/19{20,32} ];
+}
+
+# Routes de Gitoyen
+function is_gitoyen() {
+  return net ~ [ 80.67.160.0/19 ];
+}
+
+# Routes correspondant aux routes dans les prefix carp
+function is_within_carp() {
+  return net ~ [ 80.67.174.0/24{25,32}, 80.67.163.0/26{27,32}, 80.67.163.128/26{27,32}, 80.67.168.224/29{30,32} ];
+}
+
+
+# Route par default
+function is_default() {
+  return net ~ [ 0.0.0.0/0 ];
+}
+
+

bird/bird/static.conf

@@ -0,0 +1,40 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+#
+# Routes a annoncer
+#
+
+# Route a exporter en BGP. Ce sont les routes des prefix alloue a Gitoyen par le RIPE
+protocol static static_export_routes {
+        route 80.67.160.0/19 reject;
+        import filter {
+                bgp_community.add((20766,1));
+                accept;
+        };
+}
+
+# Annonce de la route par defaut. Celle-ci est uniquement utilisee 
+# les livraisons qui n'ont besoin que de la route par defaut. (voir les import/export)
+protocol static static_noexport_routes {
+        route 0.0.0.0/0 reject;
+}
+
+# Annonce des routes de Globenet.
+protocol static static_globenet_routes {
+        route 80.67.172.0/24 via 80.67.168.229;
+        route 80.67.164.0/26 via 80.67.168.229;
+}
+
+## Annonce des routes blackhole.
+## A priori pas necessaire car les routes blackhole sont apprises directement 
+## depuis le noyo, l'ibgp et les membres
+#protocol static backhole_routes {
+#	import filter {
+# 		bgp_community.add((20766,9999));
+#		accept;	
+#	};
+#	# Exemple a rajouter ici:
+#	# route a.b.c.d/e blackhole;
+#}

bird/bird6.conf

@@ -0,0 +1,26 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+log syslog all;
+
+# Parametres specifiques au routeur
+include "/etc/local/bird/common/local.conf";
+
+# Filtres/Fonctions communs a tous les protocoles
+include "/etc/local/bird/bird6/filters.conf";
+
+# Gestion des protocoles lies au noyau
+include "/etc/local/bird/common/kernel.conf";
+
+# Routes statiques
+include "/etc/local/bird/bird6/static.conf";
+
+# OSPF (Backbone)
+include "/etc/local/bird/common/ospf.conf";
+
+# Filtres/Fonctions pour BGP
+include "/etc/local/bird/common/bgp-filters.conf";
+
+# BGP (Livraisons, Transit, Peering)
+include "/etc/local/bird/bird6/bgp.conf";

bird/bird6/bgp.conf

@@ -0,0 +1,176 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+#
+# iBGP: Backbone
+#
+template bgp ibgp {
+	local as 20766;
+	next hop self;
+	import where bgp_import(20766,"core",0);
+        export where bgp_export(20766,"core");
+}
+
+protocol bgp core_yankee from ibgp {
+        description "Yankee - iBGP";
+	neighbor 2001:910::19 as 20766;
+}
+protocol bgp core_xray from ibgp {
+        description "X-Ray - iBGP";
+	neighbor 2001:910::4 as 20766;
+}
+protocol bgp core_zoulou from ibgp {
+        description "Zoulou - iBGP";
+	neighbor 2001:910::1 as 20766;
+}
+
+
+#
+# Membre: FDN
+#
+template bgp tpl_fdn {
+	local as 20766;
+	description "Livraison FDN";
+        import where bgp_import(65055,"member",0);
+        export where bgp_export(65055,"default");
+}
+
+protocol bgp member_fdn1 from tpl_fdn {
+	neighbor 2001:910:0:800::213 as 65055;
+}
+protocol bgp member_fdn2 from tpl_fdn {
+	neighbor 2001:910:0:800::214 as 65055;
+}
+  
+
+#
+# Membre: Grenode
+#
+template bgp tpl_grenode {
+	local as 20766;
+	description "Livraison Grenode";
+        import where bgp_import(51083,"member",40000);
+        export where bgp_export(51083,"full");
+}
+
+protocol bgp member_grenode1 from tpl_grenode {
+	neighbor 2001:910:0:116::222 as 51083;
+}
+  
+
+#
+# Membre: L'Autre.net
+#
+template bgp tpl_lautrenet {
+	local as 20766;
+	description "Livraison L'Autre.net";
+        import where bgp_import(64600,"member",0);
+        export where bgp_export(64600,"full");
+}
+
+protocol bgp member_lautrenet1 from tpl_lautrenet {
+	neighbor 2001:910:0:107::205 as 64600;
+}
+protocol bgp member_lautrenet2 from tpl_lautrenet {
+	neighbor 2001:910:0:107::206 as 64600;
+}
+  
+
+#
+# Membre: Tetaneutral
+#
+
+template bgp tpl_tetaneutral {
+	local as 20766;
+	description "Livraison Tetaneutral.net";
+        import where bgp_import(197422,"member",40000);
+        export where bgp_export(197422,"full");
+}
+
+protocol bgp member_tetaneutral from tpl_tetaneutral {
+	neighbor 2001:910:0:3011::245 as 197422;
+}
+  
+
+#
+# Transit: Absolight
+#
+template bgp tpl_absolight {
+	local as 20766;
+	description "Transit Absolight";
+        import where bgp_import(29608,"transit",10004);
+        export where bgp_export(29608,"members");
+}
+
+protocol bgp transit_absolight from tpl_absolight {
+	neighbor 2a01:678:1000:1::1 as 29608;
+	description "Transit Absolight";
+}
+ 
+
+#
+# Peering: FranceIX
+#
+
+template bgp tpl_franceix_rs {
+	local as 20766;
+        import where bgp_import(51706,"peering",26000);
+        export where bgp_export(51706,"members");
+	import limit 100000;
+}
+
+template bgp tpl_franceix_peers {
+	local as 20766;
+        import where bgp_import(51706,"peering",26000);
+        export where bgp_export(51706,"members");
+	import limit 10000;
+}
+
+protocol bgp franceix_rs1 from tpl_franceix_rs {
+	neighbor 2001:7f8:54::250 as 51706;
+       description "FranceIX Route Server 1";
+}
+protocol bgp franceix_rs2 from tpl_franceix_rs {
+	neighbor 2001:7f8:54::251 as 51706;
+       description "FranceIX Route Server 2";
+}
+
+protocol bgp franceix_6939 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::10 as 6939;
+	description "FranceIX /  AS-HURRICANE";
+	import limit 50000;
+}
+protocol bgp franceix_20562 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::68 as 20562;
+	description "FranceIX /  AS-OPENPEERING-EU";
+}
+protocol bgp franceix_34019 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::71 as 34019;
+	description "FranceIX /  AS-HIVANE";
+}
+protocol bgp franceix_42473 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::85 as 42473;
+	description "FranceIX /  AS-ANEXIA";
+}
+protocol bgp franceix_197692 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::133 as 197692;
+	description "FranceIX /  AS-CONOSTIX";
+}
+protocol bgp franceix_41692 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::159 as 41692;
+	description "FranceIX /  AS-OPENCARRIER";
+}
+protocol bgp franceix_29467 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::227 as 29467;
+	description "FranceIX /  AS-LUXNETWORK";
+}
+protocol bgp franceix_197422 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::233 as 197422;
+	description "FranceIX /  Tetaneutral";
+}
+protocol bgp franceix_13335 from tpl_franceix_peers {
+	neighbor 2001:7f8:54::1:49 as 13335;
+	description "FranceIX /  Cloudfare";
+}
+

bird/bird6/filters.conf

@@ -0,0 +1,72 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+# Filtre pour limiter les prefix accepte sur les sessions BGP des membres et clients
+#
+# RMQ: le '+' est necessaire pour le systeme de blackhole
+#
+# TODO: Le contenu de cette function pourrait etre alimente semi-automatiquement via la DB du RIPE
+function is_net_from_member(int AS) 
+prefix set as_prefixes;
+{
+
+    case AS {
+        # Grenode
+        51083:  as_prefixes = [
+                        2001:912::/36+,         # Grenode 
+                        2001:912:1000::/36+,    # Rezine
+                        2a00:5881:4000::/40+,   # Illyse Lyon
+                        2a00:5881:c000::/40+    # Illyse St-Etienne
+        ];
+        # Tetaneutral
+        197422: as_prefixes = [
+                        2a01:6600:8000::/40+    # Tetaneutral
+        ];
+        # Lautrenet
+        64600:  as_prefixes = [
+                        2001:910:2000::/48+
+        ];
+        # FDN
+        65055:  as_prefixes = [
+                        2001:910:800::/40+,
+                        2001:910:1000::/38+
+        ];
+        else: print "is_net_from_member: The AS number is unknown"; return false;
+    }
+
+    return (net ~ as_prefixes);
+}
+
+# prefix equivalent au rfc1918
+function is_rfc1918() {
+  return net ~ [ FC00::/7+ ];
+}
+
+# This function excludes weird networks
+#  rfc1918, class D, class E
+function is_martians() {
+  return net ~ [ FE80::/10+, fec0::/10+, FF00::/8+, ::/96+, 0100::/64+, 2001:10::/28+, 2001:0db8::/32+, fc00::/7+ ];
+}
+
+# Prefix dans Gitoyen
+function is_within_gitoyen() {
+  return net ~ [ 2001:910::/32{33,128} ];
+}
+
+# Prefix de Gitoyen
+function is_gitoyen() {
+  return net ~ [ 2001:910::/32 ];
+}
+
+# Prefix dans les subnets de livraison carp
+function is_within_carp() {
+  return net ~ [ 2001:910:0:4::/64{65,128}, 2001:910:0:40::/64{65,128}, 2001:910:0:41::/64{65,128}, 2001:910:0:117::/64{65,128} ];
+}
+
+
+# Route pas defaut
+function is_default() {
+  return (net ~ [ ::/0 ]);
+}
+

bird/bird6/static.conf

@@ -0,0 +1,35 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+#
+# Routes a annoncer
+#
+
+# Route a exporter en BGP. Ce sont les routes des prefix alloue a Gitoyen par le RIPE
+protocol static static_export_routes {
+        route 2001:910::/32 reject;
+        import filter {
+                bgp_community.add((20766,1));
+                accept;
+        };
+}
+
+# Annonce de la route par defaut. Celle-ci est uniquement utilisee 
+# les livraisons qui n'ont besoin que de la route par defaut. (voir les import/export)
+protocol static static_noexport_routes {
+        route ::0/0 reject;
+}
+
+## Annonce des routes blackhole.
+## A priori pas necessaire car les routes blackhole sont apprises directement 
+## depuis le noyo, l'ibgp et les membres
+#protocol static backhole_routes {
+#       import filter {
+#               bgp_community.add((20766,9999));
+#               accept; 
+#       };
+#       # Exemple a rajouter ici:
+#       # route a:b:c:d:e:f:g:h/i blackhole;
+#}
+

bird/common/bgp-filters.conf

@@ -0,0 +1,121 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+# fonction d'import BGP
+# AS: numero d'AS du partenaire
+# import_type: transit|peering|member|core
+#    transit: transitaire
+#    peering: session de peering sur un IX (incluant les RS)
+#    member:  membre de Gitoyen beneficiant du completement du reseau
+#    core:    session iBGP du backbone
+# community: numero de communaute a utiliser pour tagguer, si =0 alors pas de tag.
+function bgp_import( int AS; string import_type; int community)
+{
+    if ! (import_type = "transit" || import_type="peering" || import_type="member" || import_type="core") then {
+        print "bgp_import: parametre import_type invalide";
+        return false;
+    }
+
+    if community > 65535 then {
+        print "bgp_import: wrong community number";
+        return false;
+    }
+
+    # On n'accepte pas les routes bizarres
+    if is_default() || is_martians() || is_rfc1918() then return false;
+
+    # On n'accepte pas les routes de Gitoyen
+    if is_gitoyen() then return false;
+
+    # On n'accepte pas les routes dans le reseau de Gitoyen provenant des upstreams
+    if import_type = "peering" && import_type = "transit" then {
+        if is_within_gitoyen() then return false;
+    }
+    
+    # On n'accepte pas les routes autres que celles definies pour les membres
+    if import_type = "member" && ! is_net_from_member(AS) then return false;
+        
+    # Gestion des local pref par defaut
+    if import_type = "transit"         then bgp_local_pref=100;
+    if import_type = "peering"         then bgp_local_pref=1000;
+    if import_type = "member"          then bgp_local_pref=1500;
+
+
+    # Nettoyage des communautes (On ne garde que les communautes que Gitoyen va traiter)
+    if import_type = "transit" then  bgp_community.delete( [(20766,*)] ); 
+    if import_type = "peering" then  bgp_community.delete( [(20766,*)] ); 
+    if import_type = "membre"  then  bgp_community.filter( [(20766,9999)] ); 
+
+    # Ajout d'une communaute pour identifier la source de la route
+    if import_type != "core" && community > 0 then bgp_community.add((20766,community));
+
+    return true;
+}
+
+# fonction d'export BGP
+# AS: numero d'AS du partenaire
+# export_type: full|default|core|member)
+#    full:    envoi la full-view
+#    default: envoi uniquement la route par default
+#    members:  envoi les routes des membres uniquements
+#    core:    envoi tout ce qui est connu en bgp
+function bgp_export(int AS; string export_type)
+pair set members_export_communities;
+pair set full_export_communities;
+{
+
+    if ! (export_type = "full" || export_type="default" || export_type="core" || export_type="members") then {
+        print "bgp_export: parametre export_type invalide";
+        return false;
+    }
+
+    # On n'exporte pas les routes bizarres
+    if is_martians() || is_rfc1918() then return false;
+
+    # On n'exporte pas la route par default sauf si demandee
+    if is_default() && ! (export_type="default") then return false;
+
+    # Filtrage des exports des routes des membres
+    members_export_communities = [ 
+            (20766,1),
+            (20766,9999),
+            (20766,40000..49999),
+            (20766,50000..59999)
+    ];
+    if export_type = "members" 
+        && filter(bgp_community, members_export_communities).len = 0 then return false;
+
+    # Filtrage des exports de la full view
+    full_export_communities = [ 
+            (20766,1),
+            (20766,9999),
+            (20766,10000..19999),
+            (20766,20000..29999),
+            (20766,30000..39999),
+            (20766,40000..49999),
+            (20766,50000..59999)
+    ];
+    if export_type = "full" 
+        && filter(bgp_community, full_export_communities).len = 0 then return false;
+    
+    # Filtrage pour la route par defaut
+    if export_type = "default"
+        && ! is_default() then return false;
+
+    # Filtrage des exports pour le backbone
+    if export_type = "core" 
+        && source != RTS_BGP then return false;
+
+    # Gestion du blackhole
+    case AS {
+        # Absolight
+        29608:  if filter(bgp_community, [ (20766,9999) ]).len > 0 then bgp_community.add ((29608,65001));
+        # Tata
+        6453:   if filter(bgp_community, [ (20766,9999) ]).len > 0 then bgp_community.add ((64999,0));
+        # Ielo
+        29075:  if filter(bgp_community, [ (20766,9999) ]).len > 0 then bgp_community.add ((29075,0));
+    }
+
+    return true;
+}

bird/common/kernel.conf

@@ -0,0 +1,47 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+# Recupere les routes "connectees"
+protocol direct {
+        interface "lagg0.*";
+}
+
+protocol device {
+        scan time 5;
+}
+
+# Filtres pour le protocole kernel permettant la gestion du blackhole
+filter import_kernel {
+
+        if dest = RTD_BLACKHOLE && is_within_gitoyen() then {
+                bgp_community.add ((20766,9999));
+		accept;
+        }
+	if is_within_carp() then {
+		reject;
+	}
+        accept;
+}
+
+filter export_kernel {
+
+        if filter( bgp_community, [ (20766,9999) ]).len >0 then {
+                dest = RTD_BLACKHOLE;
+		accept;
+        }
+	if is_within_carp() then {
+		reject;
+	}
+        accept;
+}
+
+# Import/export des routes depuis/vers le noyau
+protocol kernel {
+        learn;
+        scan time 60;
+        import filter import_kernel;
+        export filter export_kernel;
+	persist;
+	#device routes;
+}

bird/common/local.conf

@@ -0,0 +1,13 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+# Preferred source for OSPF/BGP
+define my_krt_prefsrc = 80.67.168.5;
+
+# Identifiant du routeur
+router id 80.67.168.5;
+
+# Numero d'AS
+define my_as = 20766;
+

bird/common/ospf.conf

@@ -0,0 +1,48 @@
+# Gitoyen <contact@gitoyen.net>
+#
+# vim: set ts=4:sw=4
+
+# Seul les routes, non BGP et dans le reseau de Gitoyen sont exportees
+filter export_OSPF {
+
+        if source = RTS_BGP then reject;
+
+        if is_rfc1918()  then reject;
+        if is_martians() then reject;
+        if is_default()  then reject;
+        if is_within_carp() then reject;
+        if is_gitoyen()  then reject;
+
+	if is_within_gitoyen() then accept;
+
+	reject;
+}
+
+# Seul les routes dans le reseau de Gitoyen sont acceptees
+filter import_OSPF {
+        if is_rfc1918()  then reject;
+        if is_martians() then reject;
+        if is_default()  then reject;
+        if is_within_carp() then reject;
+        if is_gitoyen()  then reject;
+
+	if is_within_gitoyen() then accept;
+
+	reject;
+}
+
+
+# OSPF pour le backbone de Gitoyen
+protocol ospf {
+        import filter import_OSPF;
+        export filter export_OSPF;
+
+        area 0 {
+		stub no;
+                interface "lagg0.11" {
+                        cost 5;
+                        hello 10; retransmit 5; wait 40; dead 40;
+                };
+        };
+}
+