From f1ca03bf8ac2316234ec59fd082e502fceb874a5 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 26 Aug 2022 17:27:28 +0300
Subject: [PATCH] =?utf8?q?BIRD=20=D0=BF=D1=80=D0=BE=D1=81=D1=82=D0=BE?=
 =?utf8?q?=D1=82=D0=B0=20=D0=BA=D0=BE=D0=BD=D1=84=D0=B8=D0=B3=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Ð¡ Ð½Ð°ÑÑÑÐ¾Ð¹ÐºÐ¾Ð¹ BIRD-Ð° (982b29ed90d9c1e8e39ebb4398e0a4b0f26ad927) Ñ Ð¼ÐµÐ½Ñ
Ð¸Ð·Ð½Ð°ÑÐ°Ð»ÑÐ½Ð¾ Ð±ÑÐ»Ð¸ Ð¼ÑÑÐ»Ð¸ Ð¾ ÑÐ¾Ð¼, ÑÑÐ¾ ÐºÐ°Ðº-ÑÐ¾ Ð¼Ð½Ð¾Ð³Ð¾Ð²Ð°ÑÐ¾ ÑÑÑÐ¾ÑÐµÐº Ð² ÐµÐ³Ð¾
ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¾Ð½Ð½Ð¾Ð¼ ÑÐ°Ð¹Ð»Ðµ Ð´Ð»Ñ ÑÐ°ÐºÐ¾Ð¹ Ð¿ÑÐ¾ÑÑÐ¾Ð¹ Ð·Ð°Ð´Ð°ÑÐ¸ ÐºÐ°Ðº Ñ Ð¼ÐµÐ½Ñ. ÐÐ¾ Ð²
Ð´Ð¾ÐºÑÐ¼ÐµÐ½ÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÐ¾ÑÐ¾ Ð¾Ð¿Ð¸ÑÐ°Ð½Ð° ÐµÐ³Ð¾ Ð°ÑÑÐ¸ÑÐµÐºÑÑÑÐ° Ð¸ Ð²ÑÑ Ð²ÑÑÐ°Ð»Ð¾ Ð½Ð° ÑÐ²Ð¾Ð¸ Ð¼ÐµÑÑÐ° Ð¸
Ð¿ÑÐ¸ÑÐ»Ð¾ Ð¿Ð¾Ð½Ð¸Ð¼Ð°Ð½Ð¸Ðµ Ð¿Ð¾ÑÐµÐ¼Ñ kernel Ð¸ direct ÑÐ²Ð»ÑÑÑÑÑ Ð¿ÑÐ¾ÑÐ¾ÐºÐ¾Ð»Ð°Ð¼Ð¸ ÑÐ¾ÑÐ½Ð¾ ÑÐ°Ðº
Ð¶Ðµ Ð½Ð°ÑÐ°Ð²Ð½Ðµ Ñ BGP Ð¸ Ð¾ÑÑÐ°Ð»ÑÐ½ÑÐ¼Ð¸. Ð Ð¾ÑÐ¾Ð±Ð¾ ÑÐ¾ Ð½Ð¸ÑÐµÐ³Ð¾ Ð»Ð¸ÑÐ½ÐµÐ³Ð¾ ÑÐ¶Ðµ Ð¸ Ð½Ðµ Ð²Ð¸Ð´Ð½Ð¾
Ð² Ð½ÑÐ¼.

ÐÐ¾Ð¼Ð¼ÐµÐ½ÑÐ°ÑÐ¸Ð¹ Ð¾ range ÑÐ½Ð¾Ð²Ð° Ð¿Ð¾Ð´ÑÐ¾Ð»ÐºÐ½ÑÐ» ÑÐ°Ð·Ð¾Ð±ÑÐ°ÑÑÑÑ Ð¿Ð¾ÑÐµÐ¼Ñ Ð¾Ð½ Ñ Ð¼ÐµÐ½Ñ Ð½Ðµ
ÑÑÐ°Ð±Ð¾ÑÐ°Ð» Ð¸ Ð¾ÐºÐ°Ð·Ð°Ð»Ð¾ÑÑ ÑÑÐ¾ Ñ Ð¼ÐµÐ½Ñ Ð¿ÑÐ¾ÑÑÐ¾ Ð½ÐµÐ´Ð¾ÑÑÐ°ÑÐ¾ÑÐ½Ð¾ ÑÐ²ÐµÐ¶Ð°Ñ Ð²ÐµÑÑÐ¸Ñ Ð´ÐµÐ¼Ð¾Ð½Ð°
Ð±ÑÐ»Ð°. Ð¡ range-ÐµÐ¼ Ð¼Ð¾Ð¶Ð½Ð¾ Ð¸Ð·Ð±Ð°Ð²Ð¸ÑÑÑÑ Ð¾Ñ ÑÐ²Ð½Ð¾ Ð·Ð°Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ link-local Ð°Ð´ÑÐµÑÐ° Ð½Ð°
ÑÑÐ¾ÑÐ¾Ð½Ðµ "ÐºÐ»Ð¸ÐµÐ½ÑÐ¾Ð²". Ð Ð¸ÑÐ¾Ð³Ðµ ÑÑÐ½Ð½ÐµÐ»ÑÐ½ÑÐµ Ð¸Ð½ÑÐµÑÑÐµÐ¹ÑÑ Ð½Ð° ÐºÐ»Ð¸ÐµÐ½ÑÐ°Ñ Ð´ÐµÐ»Ð°ÑÑÑÑ
Ð¿ÑÐ¾ÑÑÐ¾ ÑÐºÐ°Ð·ÑÐ²Ð°Ñ Ð°Ð²ÑÐ¾Ð¼Ð°ÑÐ¸ÑÐµÑÐºÐ¾Ðµ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ðµ link-local-Ð°:
    ifconfig iface inet6 -ifdisabled auto_linklocal

ÐÐ¾Ð½ÑÐ¸Ð³ Ð½Ð° Ð¼Ð¾ÑÐ¼ NUC ÑÐµÐ¹ÑÐ°Ñ Ð²ÑÐ³Ð»ÑÐ´Ð¸Ñ ÑÐ°Ðº:

    protocol kernel {
      ipv6 {
        import none;
        export filter {
          if proto = "direct1" then reject;
          accept;
        };
      };
      learn;
    }

    protocol direct direct1 {
      ipv6;
      interface "lo0";
    }

    define our_as = 4200000000;

    template bgp gwpeers {
      local as our_as;
      neighbor fe80::1 as our_as;
      direct;
      ipv6 {
        import all;
        export filter {
          if net ~ [2000::/3+] then accept;
          reject;
        };
      };
    }

    protocol bgp gwwg from gwpeers {
      interface "wg0";
    }

    protocol bgp gwipsec from gwpeers {
      interface "gif0";
    }

Ð Ð½Ð° ÑÐµÑÐ²ÐµÑÐµ ÑÐ°Ðº:

    [...]
    protocol direct direct1 {
      ipv6;
      interface "lo0";
      interface "igb_lan";
    }

    template bgp peers {
      local as our_as;
      local fe80::1;
      neighbor range fe80::/64 as our_as;
      direct;
      passive on;
      ipv6 {
        import all;
        export filter {
          if net ~ [2000::/3+] then accept;
          reject;
        };
      };
    }

    protocol bgp nukewg from peers {
      interface "wg0";
    }

    protocol bgp nukeipsec from peers {
      interface "gif_nuke";
    }

    protocol bgp beta from peers {
      interface "gif_beta";
    }
-- 
2.48.1