From 6a66ccd8ca6c0126c6cff18756554c92e84590d4 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Mon, 26 Jul 2021 22:22:35 +0200
Subject: [PATCH] [bird] Filter exported routes to avoid announcing a full view

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 host_vars/routeur-daniel.adm.crans.org/bird.yml      | 6 ++++++
 host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml | 4 ++++
 host_vars/routeur-jack.adm.crans.org/bird.yml        | 6 ++++++
 host_vars/routeur-sam.adm.crans.org/bird.yml         | 6 ++++++
 roles/bird/templates/bird/bird.conf.j2               | 5 ++++-
 roles/bird/templates/bird/bird6.conf.j2              | 5 ++++-
 6 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/host_vars/routeur-daniel.adm.crans.org/bird.yml b/host_vars/routeur-daniel.adm.crans.org/bird.yml
index b356f4e4..f4b34d23 100644
--- a/host_vars/routeur-daniel.adm.crans.org/bird.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/bird.yml
@@ -17,6 +17,8 @@ loc_bird:
         remote:
           as: 212424
           address: 138.195.159.249
+        allow_export_prefixes:
+          - 185.230.76.0/22+
       - name: aurore
         allow_local_as: 1
         local:
@@ -25,6 +27,8 @@ loc_bird:
         remote:
           as: 43619
           address: 185.230.79.254
+        allow_export_prefixes:
+          - 185.230.76.0/22+
   ipv6:
     id: 185.230.79.253
     binds:
@@ -40,3 +44,5 @@ loc_bird:
         remote:
           as: 43619
           address: 2a0c:700:28::2
+        allow_export_prefixes:
+          - 2a0c:700::/32+
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
index 389a67a9..f8a8c03e 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
@@ -14,6 +14,8 @@ loc_bird:
         remote:
           as: 8218
           address: 158.255.113.72
+        allow_export_prefixes:
+          - 185.230.76.0/22+
   ipv6:
     id: 185.230.79.62
     binds:
@@ -28,3 +30,5 @@ loc_bird:
         remote:
           as: 8218
           address: 2001:1b48:2:103::bb:1
+        allow_export_prefixes:
+          - 2a0c:700::/32+
diff --git a/host_vars/routeur-jack.adm.crans.org/bird.yml b/host_vars/routeur-jack.adm.crans.org/bird.yml
index b356f4e4..f4b34d23 100644
--- a/host_vars/routeur-jack.adm.crans.org/bird.yml
+++ b/host_vars/routeur-jack.adm.crans.org/bird.yml
@@ -17,6 +17,8 @@ loc_bird:
         remote:
           as: 212424
           address: 138.195.159.249
+        allow_export_prefixes:
+          - 185.230.76.0/22+
       - name: aurore
         allow_local_as: 1
         local:
@@ -25,6 +27,8 @@ loc_bird:
         remote:
           as: 43619
           address: 185.230.79.254
+        allow_export_prefixes:
+          - 185.230.76.0/22+
   ipv6:
     id: 185.230.79.253
     binds:
@@ -40,3 +44,5 @@ loc_bird:
         remote:
           as: 43619
           address: 2a0c:700:28::2
+        allow_export_prefixes:
+          - 2a0c:700::/32+
diff --git a/host_vars/routeur-sam.adm.crans.org/bird.yml b/host_vars/routeur-sam.adm.crans.org/bird.yml
index b356f4e4..f4b34d23 100644
--- a/host_vars/routeur-sam.adm.crans.org/bird.yml
+++ b/host_vars/routeur-sam.adm.crans.org/bird.yml
@@ -17,6 +17,8 @@ loc_bird:
         remote:
           as: 212424
           address: 138.195.159.249
+        allow_export_prefixes:
+          - 185.230.76.0/22+
       - name: aurore
         allow_local_as: 1
         local:
@@ -25,6 +27,8 @@ loc_bird:
         remote:
           as: 43619
           address: 185.230.79.254
+        allow_export_prefixes:
+          - 185.230.76.0/22+
   ipv6:
     id: 185.230.79.253
     binds:
@@ -40,3 +44,5 @@ loc_bird:
         remote:
           as: 43619
           address: 2a0c:700:28::2
+        allow_export_prefixes:
+          - 2a0c:700::/32+
diff --git a/roles/bird/templates/bird/bird.conf.j2 b/roles/bird/templates/bird/bird.conf.j2
index c046180f..b5cd4332 100644
--- a/roles/bird/templates/bird/bird.conf.j2
+++ b/roles/bird/templates/bird/bird.conf.j2
@@ -51,6 +51,9 @@ protocol bgp {{ bgp.name }} {
 {% endif %}
 	neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }};
 	import all;
-	export all;
+	export filter {
+		if ( net ~ [ {{ bgp.allow_export_prefixes|join(', ') }} ] ) then accept;
+		reject;
+	};
 }
 {% endfor %}
diff --git a/roles/bird/templates/bird/bird6.conf.j2 b/roles/bird/templates/bird/bird6.conf.j2
index 22e276d8..6c30ef11 100644
--- a/roles/bird/templates/bird/bird6.conf.j2
+++ b/roles/bird/templates/bird/bird6.conf.j2
@@ -50,6 +50,9 @@ protocol bgp {{ bgp.name }} {
 {% endif %}
 	neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }};
 	import all;
-	export all;
+	export filter {
+		if ( net ~ [ {{ bgp.allow_export_prefixes|join(', ') }} ] ) then accept;
+		reject;
+	};
 }
 {% endfor %}
-- 
GitLab