forked from job/rtrsub
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbird-minimal.j2
30 lines (25 loc) · 905 Bytes
/
bird-minimal.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{#
Static RPKI based Origin Validatoin for BIRD
function reject_rpki_invalid() - no explicit arguments
to be applied on each and every EBGP session
#}
roa table ROAS {
{% for roa in roa_list|sort(attribute='origin') -%}
{{ " " }}roa {{ roa['prefix'] }} max {{ roa['maxlen'] }} as {{ roa['origin'] }};
{% endfor -%}
}
function reject_rpki_invalid()
{
case roa_check(ROAS, net, bgp_path.last_nonaggregated) {
ROA_VALID:
/* add rfc8097 marker to routes for which a valid matching ROA exists */
bgp_ext_community.add((unknown 0x4300, 0, 0));
ROA_INVALID:
print "Reject: RPKI ROA check failed for ", net, " ", bgp_path, " protocol: ", proto;
bgp_ext_community.add((unknown 0x4300, 0, 2));
reject;
else:
/* add rfc8097 marker to routes for which no covering ROA exists */
bgp_ext_community.add((unknown 0x4300, 0, 1));
}
}