modules/bgp/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

{ config, lib, pkgs, ... }:

{
  networking.interfaces.lo = {
    ipv4.addresses = [
      {
        address = "217.163.29.14";
        prefixLength = 32;
      }
      { # dns
        address = "45.76.88.149";
        prefixLength = 32;
      }
      { # cdn
        address = "209.250.238.254";
        prefixLength = 32;
      }
    ];
    ipv6.addresses = [
      {
        address = "2a0f:9400:8020::200";
        prefixLength = 128;
      }
      {
        address = "2a0f:9400:8020::100";
        prefixLength = 128;
      }
      {
        address = "2a0f:9400:8020::";
        prefixLength = 48;
      }
    ];
  };

  services.frr = {
    bgpd.enable = true;
    config = ''
    router bgp 64716
        bgp router-id ${config.deploy.host}
        bgp ebgp-requires-policy
        no bgp default ipv4-unicast
        no bgp network import-check

        neighbor V4 peer-group
        neighbor V4 remote-as 64515
        neighbor V4 ebgp-multihop 2
        neighbor 169.254.169.254 peer-group V4
        neighbor 169.254.169.254 password IpXzIJIsJxABeNdi4mPBbt7XD

        neighbor V6 peer-group
        neighbor V6 remote-as 64515
        neighbor V6 ebgp-multihop 2
        neighbor 2001:19f0:ffff::1 peer-group V6
        neighbor 2001:19f0:ffff::1 password IpXzIJIsJxABeNdi4mPBbt7XD
        !
        address-family ipv4 unicast
        network 209.250.238.254/32
        network 45.76.88.149/32
        neighbor V4 activate
        neighbor V4 route-map IMPORT in
        neighbor V4 route-map EXPORT out
        neighbor V6 activate
        neighbor V6 route-map IMPORT in
        neighbor V6 route-map EXPORT out
        exit-address-family
        !
        address-family ipv6 unicast
        network 2a0f:9400:8020::/48
        neighbor V4 activate
        neighbor V4 route-map IMPORT in
        neighbor V4 route-map EXPORT out
        neighbor V6 activate
        neighbor V6 route-map IMPORT in
        neighbor V6 route-map EXPORT out
        exit-address-family
        !
        ip prefix-list internal seq 5 permit 209.250.238.254/32
        ip prefix-list internal seq 10 permit 45.76.88.149/32
        ipv6 prefix-list external seq 5 permit 2a0f:9400:8020::/48
        !
        route-map EXPORT deny 100
        !
        route-map EXPORT permit 2
        match ipv6 address prefix-list external
        !
        route-map EXPORT permit 1
        match ip address prefix-list internal
        !
        route-map IMPORT deny 1
        !
    '';
  };

  services.prometheus.exporters.frr = {
    enable = false;
    enabledCollectors = [ "BGP" ];
    disabledCollectors = [ "OSPFv4" "BFD" "Route" ];
  };
}