bird_single.conf

# 写在前面：
# 请务必阅读全部文件并根据需要修改所有 <> 项目
# 模板外修改请注意阅读手册

log syslog all;
# off it when it works well
debug protocols all;

# set your info here
define LOCAL_ASN = <your_ASN>;
define LOCAL_CIDR = <local_cidr>;
define SERVE_IP = <local_serve_ip>;
define TUNNEL_IP = <local_tunnel_ip>;

router id SERVE_IP;

ipv4 table BGP_table;
roa4 table dn11_roa4;

protocol device {}

protocol kernel {
    ipv4 {
        import none;
        export filter {
            if net = LOCAL_CIDR then reject;
            if net ~ [ 10.0.0.0/8{16,32}, 100.64.0.0/10{24,32}, 172.16.0.0/12{24,32}, 192.168.0.0/16{24,32} ] then {
                    krt_prefsrc = SERVE_IP;
                    accept;
                }
            reject;
        };
    };
}

protocol static DN11_ROA4 {
    roa4 { table dn11_roa4; };
    include "/etc/bird/dn11/dn11_roa_bird2.conf";
}

protocol static {
    ipv4 {
        table BGP_table;
        import all;
        export none;
    };
    route LOCAL_CIDR reject;
}

template bgp BGP_peers {
    local TUNNEL_IP as LOCAL_ASN;
    hold time 60;
    keepalive time 20;

    ipv4 {
        table BGP_table;
        import filter{
            if roa_check(dn11_roa4, net, bgp_path.last) != ROA_VALID then {
                print "[DN11] ROA check failed for ", net, " ASN ", bgp_path.last;
                reject;
            }
            accept;
        };
        export filter {
            if source ~ [ RTS_STATIC, RTS_BGP ] then accept;
            reject;
        };
    };
}

protocol pipe {
    table master4;
    peer table BGP_table;
    import filter {
        if source != RTS_BGP then reject;
        accept;
    };
    export none;
}

protocol bgp collect_self {
    local as LOCAL_ASN;
    neighbor 172.16.255.1 as 4211110101;
    multihop;
    ipv4 {
        add paths tx;
        table BGP_table;
        import none;
        export all;
    };
}

# add neighbour from template
protocol bgp <name> from BGP_peers {
    neighbor <peer_tunnel_ip>%<iface_name> as <peer_ASN>;
}