bird: add learn + explicit static blackhole protocols
Build flock Image / build (push) Has been cancelled
Build flock Image / build (push) Has been cancelled
BIRD2's protocol kernel does not import kernel routes by default; the import filter on the channel is just for what BIRD has already learned. Added `learn;` so the kernel-installed blackholes (from the agent's SummaryRoutes) are picked up. Also added explicit `protocol static static6/static4` with one `route <cidr> blackhole;` per NodeConfig CIDR. This is belt-and- suspenders: even if `learn` doesn't capture the kernel blackhole, BIRD has the route directly and exports it via the BGP filter. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
@@ -43,17 +43,30 @@ protocol device { scan time 10; }
|
|||||||
protocol direct { interface "lo"; }
|
protocol direct { interface "lo"; }
|
||||||
|
|
||||||
protocol kernel kernel6 {
|
protocol kernel kernel6 {
|
||||||
|
learn;
|
||||||
ipv6 {
|
ipv6 {
|
||||||
import all;
|
import all;
|
||||||
export all;
|
export all;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
protocol kernel kernel4 {
|
protocol kernel kernel4 {
|
||||||
|
learn;
|
||||||
ipv4 {
|
ipv4 {
|
||||||
import all;
|
import all;
|
||||||
export all;
|
export all;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol static static6 {
|
||||||
|
ipv6;
|
||||||
|
{{range $cidr := .CIDR6}}route {{$cidr}} blackhole;
|
||||||
|
{{end}}
|
||||||
|
}
|
||||||
|
protocol static static4 {
|
||||||
|
ipv4;
|
||||||
|
{{range $cidr := .CIDR4}}route {{$cidr}} blackhole;
|
||||||
|
{{end}}
|
||||||
|
}
|
||||||
{{range $i, $p := .Peers}}{{if eq $p.Family "v6"}}
|
{{range $i, $p := .Peers}}{{if eq $p.Family "v6"}}
|
||||||
protocol bgp upstream6_{{$i}} {
|
protocol bgp upstream6_{{$i}} {
|
||||||
local as {{$.LocalASN}};
|
local as {{$.LocalASN}};
|
||||||
|
|||||||
Reference in New Issue
Block a user