From 88f6215e8b34af9d17655e901d74eb09ba911af1 Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Sun, 19 May 2019 10:11:18 +0100 Subject: [PATCH] add blackhole signalling by BGP --- load-configure-compare-commit.sh | 4 +- vyos.conf.j2 | 63 ++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 2 deletions(-) diff --git a/load-configure-compare-commit.sh b/load-configure-compare-commit.sh index 5a27e0f..ce6e3f3 100644 --- a/load-configure-compare-commit.sh +++ b/load-configure-compare-commit.sh @@ -1,7 +1,7 @@ #!/bin/vbash source /opt/vyatta/etc/functions/script-template configure -load /config/config.new +load /config/config.new || exit 1 compare -commit && save +commit && save || exit 1 exit diff --git a/vyos.conf.j2 b/vyos.conf.j2 index 5a3c54f..ea0aa8c 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -230,6 +230,7 @@ protocols { neighbor {{ neighbor }} { remote-as {{ neighbor_data['remote-as'] }} {% if 'update-source' in neighbor_data %}update-source {{ neighbor_data['update-source'] }}{% endif %} + {% if 'ebgp-multihop' in neighbor_data %}ebgp-multihop {{ neighbor_data['ebgp-multihop'] }}{% endif %} {% if 'address-family' in neighbor_data %} address-family { @@ -241,6 +242,12 @@ protocols { {% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %} } {% endif %} + {% if 'route-map' in neighbor_data['address-family']['ipv4-unicast'] %} + route-map { + {% if 'export' in neighbor_data['address-family']['ipv4-unicast']['route-map'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['route-map']['export'] }}{% endif %} + {% if 'import' in neighbor_data['address-family']['ipv4-unicast']['route-map'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['route-map']['import'] }}{% endif %} + } + {% endif %} {% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %} soft-reconfiguration { {% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %} @@ -258,6 +265,12 @@ protocols { {% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %} } {% endif %} + {% if 'route-map' in neighbor_data['address-family']['ipv6-unicast'] %} + route-map { + {% if 'export' in neighbor_data['address-family']['ipv6-unicast']['route-map'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['route-map']['export'] }}{% endif %} + {% if 'import' in neighbor_data['address-family']['ipv6-unicast']['route-map'] %}import {{ neighbor_data['address-family']['ipipv6v4-unicast']['route-map']['import'] }}{% endif %} + } + {% endif %} {% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %} soft-reconfiguration { {% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %} @@ -683,6 +696,56 @@ policy { } } + prefix-list hphr-BLACKHOLE-IPv4 { + rule 1 { + prefix 0.0.0.0/0 + ge 32 + le 32 + action permit + } + } + + prefix-list6 hphr-BLACKHOLE-IPv6 { + rule 1 { + prefix ::/0 + ge 64 + le 128 + action permit + } + } + + route-map hphr-BLACKHOLE-IPv4 { + rule 1 { + match { + ip { + address { + prefix-list hphr-BLACKHOLE-IPv4 + } + } + } + action permit + set { + ip-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv4') }} + } + } + } + + route-map hphr-BLACKHOLE-IPv6 { + rule 1 { + match { + ipv6 { + address { + prefix-list hphr-BLACKHOLE-IPv6 + } + } + } + action permit + set { + ipv6-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv6') }} + } + } + } + {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list {{ prefix_list_name }} { {% if 'bgpq3' in prefix_data %}