Simplify valid networks, we don't route public ip space, it's not working properly!

2025-03-15 03:43:33 +00:00 · 2017-02-01 22:53:03 +00:00 · 2017-02-01 22:53:03 +00:00 · 8dc9c06528
commit 8dc9c06528
parent 71384238f7
1 changed files with 12 additions and 125 deletions
--- a/howto/Bird.md
+++ b/howto/Bird.md
@ -108,90 +108,11 @@ define OWNIP = <GATEWAY_IP>;
 function is_self_net() {
  return net ~ [<SUBNET>+];
 }
 ```
 Generate the filter list from the monotone repository
 ```
 $ cd net.dn42.registry
 $ ruby utils/bgp-filter.rb --format bird < data/filter6.txt > /etc/bird/filter6.conf
 or
 $ curl -s https://ca.dn42.us/reg/filter6.txt | \
    awk '/^[0-9]/ && $2 ~ /permit/ {printf "%s{%s,%s}\n", $3, $4, $5}' | \
    awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n"} \
        NR > 1 {printf ",\n"} {printf "  %s", $1}
        END {printf "\n ];\n}\n"}' > /etc/bird/filter6.conf
 ```
 example filter list:
 ```
 function is_valid_network() {
  return net ~ [
-    fc00::/8{48,64}, # ULA (undefined)
+    'fd00::/8' # ULA address space as per RFC 4193
-    fd00::/8{48,64}, # ULA (defined)
+  ]
    2001:67c:20c1::/48{48,48}, # E-UTP IPv6
    2001:bf7::/32{32,128}, # Freifunk (Foerderverein Freie Netzwerke) IPv6 Range
    2001:67c:20a1::/48{48,48}, # CCC Event Network
    2001:0470:006c:01d5::/64{64,64}, # Registered IANA
    2001:0470:006d:0655::/64{64,64},
    2001:0470:1f09:172d::/64{64,64},
    2001:0470:1f0b:0592::/64{64,64},
    2001:0470:1f0b:0bca::/64{64,64},
    2001:0470:1f0b:1af5::/64{64,64},
    2001:0470:1f10:0275::/64{64,64},
    2001:0470:1f12:0004::/64{64,64},
    2001:0470:5084::/48{48,64},
    2001:0470:51c6::/48{48,64},
    2001:0470:73d3::/48{48,64},
    2001:0470:7972::/48{48,64},
    2001:0470:9949::/48{48,64},
    2001:0470:99fc::/48{48,64},
    2001:0470:9af8::/48{48,64},
    2001:0470:9ce6::/55{55,64},
    2001:0470:9f43::/48{48,64},
    2001:0470:caab::/48{48,64},
    2001:0470:cd99::/48{48,64},
    2001:0470:d4df::/48{48,64},
    2001:0470:d889:0010::/64{64,64},
    2001:0470:e3f0:000a::/64{64,64},
    2001:067c:21ec::/48{48,64},
    2001:06f8:1019:0000::/64{64,64},
    2001:06f8:118b::/48{48,64},
    2001:06f8:1194::/48{48,64},
    2001:06f8:121a::/48{48,64},
    2001:06f8:1c1b::/48{48,64},
    2001:06f8:1d14::/48{48,64},
    2001:06f8:1d26::/48{48,64},
    2001:06f8:1d53::/48{48,64},
    2001:07f0:3003::/48{48,64},
    2001:08d8:0081:05c8::/63{63,64},  
    2001:08d8:0081:05ca::/64{64,64},
    2001:15c0:1000:0100::/64{64,64},
    2001:1b60:1000:0001::/64{64,64},
    2001:41d0:0001:b6bb::/64{64,64},
    2001:41d0:0001:cd42::/64{64,64},
    2001:4dd0:fcff::/48{48,64},
    2001:4dd0:fdd3::/48{48,64},
    2001:4dd0:ff00:8710::/64{64,64},
    2604:8800:0179:4200::/56{56,64},
    2801:0000:80:8000::/50{50,64},
    2a00:1328:e101:0200::/56{56,64},
    2a00:1828:2000:0289::/64{64,64},
    2a00:1828:a013:d242::/64{64,64},
    2a00:5540:0387::/48{48,64},
    2a01:0198:022c::/48{48,64},
    2a01:0198:035a:fd13::/64{64,64},
    2a01:0198:0485::/48{48,64},
    2a01:04f8:0121:4fff::/64{64,64},
    2a01:04f8:0140:1ffd::/64{64,64},
    2a01:04f8:0d13:17c0::/64{64,64},
    2a02:0a00:e010:3c00::/56{56,64},
    2a02:0ee0:0002:0051::/64{64,64},
    2a03:2260::/30{30,64}
  ];
 }
 ```
@ -297,52 +218,18 @@ define OWNIP = <GATEWAY_IP>;
 function is_self_net() {
  return net ~ [<SUBNET>+];
 }
 ```
 Generate the filter list from the monotone repository
 ```
 $ cd net.dn42.registry
 $ ruby utils/bgp-filter.rb --format bird < data/filter.txt > /var/lib/bird/filter4.conf
 or
 $ curl -s https://ca.dn42.us/reg/filter.txt | \
    awk '/^[0-9]/ && $2 ~ /permit/ {printf "%s{%s,%s}\n", $3, $4, $5}' | \
    awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n"} \
        NR > 1 {printf ",\n"} {printf "  %s", $1}
        END {printf "\n ];\n}\n"}' > /var/lib/bird/filter4.conf
 ```
 example filter list:
 ```
 function is_valid_network() {
  return net ~ [
-    172.20.0.0/14{21,29}, # dn42 main net
+    172.20.0.0/14{21,29}, # dn42
-    172.20.0.0/24{28,32}, # dn42 Anycast range
+    172.20.0.0/24{28,32}, # dn42 Anycast
-    172.21.0.0/24{28,32}, # dn42 Anycast range
+    172.21.0.0/24{28,32}, # dn42 Anycast
-    172.22.0.0/24{28,32}, # dn42 Anycast range
+    172.22.0.0/24{28,32}, # dn42 Anycast
-    172.23.0.0/24{28,32}, # dn42 Anycast range
+    172.23.0.0/24{28,32}, # dn42 Anycast
-    192.175.48.0/24{24,32}, # AS112-prefix for reverse-dns  
+    172.31.0.0/16+,       # ChaosVPN
-    10.0.0.0/8{12,28}, # freifunk/chaosvpn
+    10.100.0.0/14+,       # ChaosVPN
-    172.31.0.0/16{22,28}, # chaosvpn
+    10.0.0.0/8{15,22}     # Freifunk.net
-    100.64.0.0/10{12,28}, # iana private range
+  ]
    195.160.168.0/23{23,28}, # ctdo
    91.204.4.0/22{22,28}, # free.de via ctdo
    193.43.220.0/23{23,28}, # durchdieluft via ctdo
    83.133.178.0/23{23,28}, # muccc kapsel
    87.106.29.254/32{32,32}, # wintix (please don' announce /32)
    85.25.246.16/28{28,32}, # leon
    46.4.248.192/27{27,32}, # welterde
    94.45.224.0/19{19,28}, # ccc event network
    151.217.0.0/16{16,28}, # ccc event network 2
    195.191.196.0/23{23,29}, # ichdasich pi space
    80.244.241.224/27{27,32}, # jchome service network
    188.40.34.241/32{32,32},
    37.1.89.192/26{26,28}, # siska
    87.98.246.19/32{32,32}
  ];
 }
 ```