modules/bgp/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

{ config, lib, pkgs, ... }:

{
  networking.interfaces.lo = {
    ipv4.addresses = [
      {
        address = "217.163.29.14";
        prefixLength = 32;
      }
      {
        address = "209.250.238.254";
        prefixLength = 32;
      }
    ];
    ipv6.addresses = [
      {
        address = "2a0f:9400:8020::200";
        prefixLength = 128;
      }
      {
        address = "2a0f:9400:8020::100";
        prefixLength = 128;
      }
      {
        address = "2a0f:9400:8020::";
        prefixLength = 48;
      }
    ];
  };

  services.frr = {
    bgp = {
      enable = true;
      config = ''
        router bgp 64716
          bgp router-id ${config.deploy.host}
          bgp ebgp-requires-policy
          no bgp default ipv4-unicast
          no bgp network import-check

          neighbor V4 peer-group
          neighbor V4 remote-as 64515
          neighbor V4 ebgp-multihop 2
          neighbor 169.254.169.254 peer-group V4
          neighbor 169.254.169.254 password IpXzIJIsJxABeNdi4mPBbt7XD

          neighbor V6 peer-group
          neighbor V6 remote-as 64515
          neighbor V6 ebgp-multihop 2
          neighbor 2001:19f0:ffff::1 peer-group V6
          neighbor 2001:19f0:ffff::1 password IpXzIJIsJxABeNdi4mPBbt7XD
          !
          address-family ipv4 unicast
            network 209.250.238.254/32
            network 217.163.29.14/32
            neighbor V4 activate
            neighbor V4 route-map IMPORT in
            neighbor V4 route-map EXPORT out
            neighbor V6 activate
            neighbor V6 route-map IMPORT in
            neighbor V6 route-map EXPORT out
          exit-address-family
          !
          address-family ipv6 unicast
            network 2a0f:9400:8020::/48
            neighbor V4 activate
            neighbor V4 route-map IMPORT in
            neighbor V4 route-map EXPORT out
            neighbor V6 activate
            neighbor V6 route-map IMPORT in
            neighbor V6 route-map EXPORT out
          exit-address-family
          !
          ip prefix-list internal seq 5 permit 209.250.238.254/32
          ip prefix-list internal seq 10 permit 217.163.29.14/32
          ipv6 prefix-list external seq 5 permit 2a0f:9400:8020::/48
          !
          route-map EXPORT deny 100
          !
          route-map EXPORT permit 2
            match ipv6 address prefix-list external
          !
          route-map EXPORT permit 1
            match ip address prefix-list internal
          !
          route-map IMPORT deny 1
          !
      '';
    };
  };
}