forked from hswaw/hscloud
bgpwtf: add static v6 routes via bird
A customer was missing a static v6 route via their router. Since we don't want to add them to networking.interfaces.routes.* (as this restarts the whole scripted network stack in NixOS), we add them to bird. This requires implementing hscloud.routing.static. Change-Id: I0a205ed1e1f17a86de43aaf72ab6c2694a069112
This commit is contained in:
parent
e77f7717d4
commit
d9a6365f8b
3 changed files with 106 additions and 51 deletions
|
@ -167,19 +167,23 @@ in rec {
|
|||
v6.default = { table = "aggregate"; address = "::"; prefixLength = 0; };
|
||||
};
|
||||
hscloud.routing.pipe = let
|
||||
copySourcesToKernel = sources: table: {
|
||||
copySourcesToKernel = sources: table: extra: {
|
||||
table = "master";
|
||||
peerTable = table;
|
||||
filterIn = ''
|
||||
${extra}
|
||||
${concatStringsSep "\n" (map (v: "if source = RTS_${v} then accept;") sources)}
|
||||
reject;
|
||||
'';
|
||||
};
|
||||
in {
|
||||
v4."internet_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "internet";
|
||||
v4."aggregate_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "aggregate";
|
||||
v6."internet_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "internet";
|
||||
v6."aggregate_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "aggregate";
|
||||
v4."internet_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "internet" "";
|
||||
v4."aggregate_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "aggregate" "";
|
||||
v6."internet_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "internet" "";
|
||||
v6."aggregate_to_kernel" = copySourcesToKernel ["BGP" "OSPF"] "aggregate" ''
|
||||
# Static v6 routes for customers.
|
||||
if proto ~ "static_static_ipv6_customer_*" then accept;
|
||||
'';
|
||||
};
|
||||
|
||||
hscloud.routing.ospf.v6.main = {
|
||||
|
|
|
@ -14,6 +14,50 @@ with lib;
|
|||
let
|
||||
cfg = config.hscloud.routing;
|
||||
|
||||
staticType = af: let
|
||||
v4 = af == "ipv4";
|
||||
v6 = af == "ipv6";
|
||||
pretty = if v4 then "IPv4" else "IPv6";
|
||||
in with types; mkOption {
|
||||
type = attrsOf (submodule {
|
||||
options = {
|
||||
table = mkOption {
|
||||
type = nullOr str;
|
||||
description = "BIRD table to which session should be connected.";
|
||||
};
|
||||
address = mkOption {
|
||||
type = str;
|
||||
description = "Address part of prefix to announce.";
|
||||
};
|
||||
prefixLength = mkOption {
|
||||
type = int;
|
||||
description = "Prefix length to announce.";
|
||||
};
|
||||
via = mkOption {
|
||||
type = str;
|
||||
description = "Target address for static route.";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
description = "${pretty} static routes to inject into a table.";
|
||||
};
|
||||
|
||||
staticRender = af: n: v: let
|
||||
name = "static_static_${af}_${n}";
|
||||
ip = if af == "ipv4" then "4" else "6";
|
||||
in ''
|
||||
protocol static ${name} {
|
||||
${af} {
|
||||
table ${v.table}${ip};
|
||||
import all;
|
||||
export none;
|
||||
};
|
||||
|
||||
route ${v.address}/${toString v.prefixLength} via ${v.via};
|
||||
}
|
||||
'';
|
||||
|
||||
originateType = af: let
|
||||
v4 = af == "ipv4";
|
||||
v6 = af == "ipv6";
|
||||
|
@ -351,6 +395,10 @@ in {
|
|||
v4 = originateType "ipv4";
|
||||
v6 = originateType "ipv6";
|
||||
};
|
||||
static = {
|
||||
v4 = staticType "ipv4";
|
||||
v6 = staticType "ipv6";
|
||||
};
|
||||
pipe = {
|
||||
v4 = pipeType "ipv4";
|
||||
v6 = pipeType "ipv6";
|
||||
|
@ -430,6 +478,8 @@ in {
|
|||
${concatStringsSep "\n" (mapAttrsToList (bgpSessionRender "ipv6") cfg.bgpSessions.v6)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (originateRender "ipv4") cfg.originate.v4)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (originateRender "ipv6") cfg.originate.v6)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (staticRender "ipv4") cfg.static.v4)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (staticRender "ipv6") cfg.static.v6)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (pipeRender "ipv4") cfg.pipe.v4)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (pipeRender "ipv6") cfg.pipe.v6)}
|
||||
${concatStringsSep "\n" (mapAttrsToList (ospfRender "ipv4") cfg.ospf.v4)}
|
||||
|
|
|
@ -1,49 +1,50 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMAzhuiT4RC8VbAQf/dgcFRI145r2/uIszqB6q0yTbR4co4iEQ6u8c+MTeC7Xp
|
||||
B+G6ZOzfzWQFhjlf85w93gNJLVuLFfg/7NJAzvJxsev4yWkwfzP3zewVvHaq/jHo
|
||||
CEWA1xkGps+LR4AzrQF+jFvFKyen/Q3twRBu9zRKPKuoe0p6ppsi598wp5GhkCaU
|
||||
7QHHRJEAPdk6s80un1aF7lIjz8OZlMq+a/gKPYD9+UmiGG/pDV/opdQMU5LscPCM
|
||||
wRe97n1GxzPnX9pVZbhPewB+qHUF5W+deJ3iN17arg6eQfc8qSM7e8EAkf0/H5aj
|
||||
5+K0m0M41iV+3qVJb93L0KRe5GIlywiqrHJkUvXoG4UBDANcG2tp6fXqvgEH/12S
|
||||
VF8cspQDmmSMogk71Vr8I9mdcg9xOZaRAeDoZqew0gdgylKKtKOWBeO5smjmOi1Q
|
||||
IB4FYfUwlZ6QUcTG7ZL26TPkHfyz+DWP/dMaTCo8eFstgRcty0U8IVpb3se0zFAI
|
||||
urgoBvBKJjaBJqak9WfOGoMV6pw5UcfRLQZV2QkUza4ieSB7PbcodnX98VKQpe5d
|
||||
I1nC5vYb/UzCc3E2yzHaZbll8RqFaXGlWIG1GVj/CPyuknsbtwd4ayRmK5zKmubd
|
||||
aXK+wqRqKvkUUl0zw+ieEvfdExiTJOzrDSETV+6r7EVstpxFgl1KNryiuEzQ9YGr
|
||||
m0gT0cXMkBvbyEUJfQGFAgwDodoT8VqRl4UBD/4hbYes1onfdmvrcqJb6qTpEQV7
|
||||
Sqa64u0q/3WtPmQUvMGRUeWkj8XfiIhs26jaLet2bV0XGfeM7Qh8ocJ0cprjfm/p
|
||||
CkFnw8T8DWhRj5CYVQduW2chOMyyGNSe2QLfRhsSBNDtrE7jSSrH42oTLJLA4jlH
|
||||
uZ5h0TqqeQguNXdU/sG+Y1kwakcF7btdpTo3b3ZcYMcCbmjDE/i76mGYblKZVHgn
|
||||
kop1iJOL9mv/Xjhd9++vJ2HEXdnAk6ELSZxF9URBL4M2GSKnOetZXfqhvnVkF3He
|
||||
0LcSZ0i/opymXAur9OYdoufPRZFgS1neghws9lRUp62ig4gpRlMHI/LAvWQ/YGbb
|
||||
Cc63LjRpBhxWQy8PZegB02Vwty7rUJVRtXXy3CTUmJuJmJDmOulHMqJhkCHuyGVt
|
||||
3zQBiMHPpVirGDWLHCKYBa9oZSLN/SyvmD+VP4ROZHzDAsTqwABuPfEz4d+y4Erm
|
||||
mxOPUfqS441WaaPTjezCpXsJrskRRps1UNBJp5Zmx+TOFFueqqIRmCASkURiqI5F
|
||||
fIGGIEp1O3AayhVVuEiwuKCUGIEcvJhd/nZl6pLZCP2GJWcKrAkEBd6B7GyeqY/k
|
||||
Eu/Y4/tkoyoUEnybPSD7OvG2V/pbFd6iqDG3l7hwbSuzuUozQ750d0nfudbJkhyY
|
||||
r4m7pkTHMt3Tx306roUCDAPiA8lOXOuz7wEP/0Y/3YPuNZRhtfUbKbaCpLXsD4oT
|
||||
OdgEWFealaXfn0uOy33YBLWLPdtuvyOh+zj5Rl6ll3fyV3jQ1KHEVyL32stLVTag
|
||||
Z/i9JxJ5DYunMqhmkx3K+SUEzHeD1lz2yLznnllNeiDUOFWpu+tErz5qBa5dDQUQ
|
||||
S7nP8SXCQwrpsUvKQZ4Ac1ARjX83GyToMI4ID/G+2yRQCmQQvZ+PGk5gjTvwJ8sC
|
||||
ljC0qJ8lQt+3XYOFjt9Yc+N94bqINgE5Pv/68jvCs5KeuR9gShA1VhkwZ2Qz/yki
|
||||
zT272PttGpz+39/euRIe18+mh+iwx7ra9dVP6+i4OUcy8T1sTYhL/Bzg8ZXgopj/
|
||||
7cIDfUWD4adt2+ZVtnpuLJaQpZbWquPp1R7eC4D1xhibkzluKKU8WDo3DHDtDvXP
|
||||
GoINbDxnyejuvLsvriKWk3QMRa9e0xnYpPQAZX6wCin5Twt3FVPjTzcVI4NoeMRP
|
||||
2GUFJG+cAI0TaQxaapQ/RUcM/+NgK5XoqJzTGOfvxrx7WA8IBjUx+RRB6mrKPbUS
|
||||
s2xo3l+cDrv4ncipK32+StBun1Ng68ty5dplSkrVnm6ZuOOf2j+H+//H1+UyNa1U
|
||||
1ASknTSR4aG5wPrq/Go1TNgiRNvlkdUPKqqOlI900PSFMnC++g623LBA9bShJtvx
|
||||
DuyS5J/7keXpBWER0ukBLlH13vqbfswDWOdTX3p9T1evxUZ6bjDwzGO0Ut0Hdv2o
|
||||
FyEZTj1szmYI+UnSfI1dy8Ca+86A/KwMXVtSmUK4p+2kIUIx8FgtPWOdJzog/BhS
|
||||
UAqgoMN/g9x/FMoHu83ECsHlNPPELnW6UpFPyrhxI2EtaqsDP5JTRy0R61kMG4e9
|
||||
3HA6zwy+BsZ4tJqi7fXPhsClppITPfhMREfngG3Pj+TOF0EEbi1dxX3p8u6NO53p
|
||||
kd/Orv2IcCdNxTnVxzwkHdVeM16Vn5F9a9yK3OKbMKKqesj0C8tNgLIzSE6UXYF2
|
||||
a0IKjvCaqGPBcGeFEibqKHW/hlpiXL6lMrEuA0RkpNlUG+dvXpOfIbgGmOB63yZT
|
||||
0roGX4gU8LWIWT+8D3eR1iTtOxs+Ve2KfHI0upsIg2pAWXuhag6v9H/tlxblcc/K
|
||||
lZCM8wYbsPr0koRKuokFD0WZOVx5HYGE5Dn3JZ4zTCV0KTo3I0LBuJ1t3OMeQBVr
|
||||
64bsm3cCkfZcAZHDNt7BXJqjw9dF/of6GWyWivdOPnzi71js77q9whS1Fatto4hk
|
||||
ZbsSR38Dhewu2p9VLurk4rpg1PcBAiaGKvGbXTuKQL3Ia9I9CU3X4ay6GunR4PAI
|
||||
Dqeaxv+xZZN6MWC+jyTb9NnOsLLaqABK5QcSiYn2AcGUO3QwNBaovkm58UEtiBsD
|
||||
MZ/1vrhwOkOdDIh5spJJKXwYpBUivr/XLaQ=
|
||||
=b7js
|
||||
hQEMAzhuiT4RC8VbAQf+La/HpIwKtvmb8ZNhG9lDxmAxibz3G1WgDS5SMMuP3BnO
|
||||
IK+sOR5MOfae+Cry82f4Nlg24cJDe4963vNq0g+MiLnGpxmLHb+plQxkf5S2yU55
|
||||
+dKwa/usTJZLa97yqsh8+vdfAnA+C3BaLhhDOO5sgZkArpgMGQ6trUsn+6vmhAmZ
|
||||
LLw0rlQjz/IvLu8WW8RqZL17ruXOov4qF0NB6yroZAN4j5spGpq65J2puAZb+rI3
|
||||
ZGTm8ie6zb7IlW8RWG96TWk48KcYgLnivxVJwll+zn9Mb0g2AzJWyN7bOy1t1wHs
|
||||
yYz5xyB8H/Nqhv2dLfHUtXjQF9uh0ivWewWgzzggjIUBDANcG2tp6fXqvgEH/iz7
|
||||
OYsZ+Mj42CYjNntwauHCfmGrvSJwVgco+hzfNmAT2wCHwoZKdktLq1oUuyRrPPwK
|
||||
nSe/L249Q7Ick47Lk+NrCIjCFsz03ZzTrEeuY3Yav5m9hzifwLJaeTDy+A+jde2D
|
||||
zg3gxuAeaaXfrFmKXwfhpf5/t2LCVFtmdmMg+1ButhgWKMDJL6wQVX5EZjHF6PU0
|
||||
n2X+XkXFa807FrZ4sI29pxEmakKtFQHsPlP9G2ydBrz2EmcrSgN+uKorAqEtwUBJ
|
||||
zuT7Qg4Ewb2hcPTOR4xLV/DCY80IQyWKEcSj1Hjtes3OA5osDlJWeZvoNUFlXSli
|
||||
Wc8S087+7fqmRIohU7+FAgwDodoT8VqRl4UBD/9OivAOdH/LxU0WpT7Bofcyw6iA
|
||||
QQZ9kN5SLAY6S9pT274QwHkF/sQGt90Gjq0kIMjm4gc5Cx4kAYoT59Ep/R6HmHC7
|
||||
u7D+GuByyiSgAa/YEk3tIAI6/gOeVx5BbG6QNL+ysI8XgRrpRWaEfz8OOpBIALgC
|
||||
oBSKBaqxApCejkdO4K3P+lT3jJQ2uOT1i72eBhKOpBA1Vz4BWM/w9HFkhw37sWXc
|
||||
i34yrlXdldVpJxbKXMyg4f5hz9OrDCTkLce/dwlZpFGFF+JArFLJ2iLytlFOlTDX
|
||||
g5yZLSfziw/B5q1mBevJoSFRgZys3z8xmVD/ETS+1DehJjQsLKo/QlpLqx2dj2qd
|
||||
9R5OVGMc2s9YmEAee5aoy8z+egZwo0n48Y10LKwro4XCev2ozy73m3nx7uydIwI6
|
||||
jl4qYk6qYASJVK9qrBeB//chxrATLS2PgJqO4oKl8EBvmWeUYR4qaOE/p8QlcLLQ
|
||||
Vm5Fm+iITPsSNZgK3AGI0S8CoRLPi/o3C5VvAlEt+bfEuTpR8zzeZLfDqOJ94kOp
|
||||
4vKaoQTRzHk8itMkdMeBNBAIGh7fEMqiu3kqtlMunp74uKoY/uzh2rhjBzE7quKB
|
||||
x3gTgAPnGTiIFvP1ZaNMjsW9OCsOU2Fkv9syLrpkMuGOfCOLSULQG3GYxG4kybzo
|
||||
8w6SQ/y/fDermA+6+YUCDAPiA8lOXOuz7wEP/AmhfKpJoizMTULib/Xf7+A9x34K
|
||||
eeLsLPnoRZFdO2pTv7ZtNryOmzVPsXjiuwgO9ULrW31WDeb9KNmLk9JyWji6iED1
|
||||
wbbSkFT0yzsMD1BjmxNdd9WHK55sxvtX+yH2MHLIepLXAU0emfIBsW9kMuJ01965
|
||||
JlCV+TtYJnUGARoLCBnUzvk1VpjnwD3ed0E5atrwk0kRNIPoM1N2DAIxaIua4CX1
|
||||
XCylBgMuNW/D86lLpCMHE3LA1FPqNyFe7eyspWGwkDTRK/YZbq6zUGXrNhftK2vV
|
||||
8CA0E2dKIbi+TsrvJVb2X5T3Mf4EsTd2oqclVGWttfbXYs5Rv0vf63Z01VsiWL7A
|
||||
sSZJlfVnCuKYvZnB3Am1vZtlk6mHqQRJ3DZM0vp/AkjZ5x6rPwy8wRaKpVD06yZO
|
||||
N3h4XLsidnteUZBbamQEKjfZoo0zw27TG+gqT+MGIaQWieuCMBm5amiwUJvRsfH0
|
||||
S/M50nuikiXl67xEd+vNYGiacH2tfOorUKzoAebEM2EkB3xb97kU3X+OyImre1S6
|
||||
Gs5TC1QH6dtd6yKQAPoQZtK0EQI6B+Rw+zH9IAQgPz5C9oUgRd62GJzgonYOJzFH
|
||||
jzOARKKSRen+bsrm3jldfJ4sPl6sRWRHWVLsWh4AJYK8iAqhu88dYOc1nksslmGn
|
||||
fOV80T8Acty1wshO0ukB34maKPBSF+rs1oJ/IHmqXHfx5mfjsdof56tgAyQ/rIUE
|
||||
ulpDR8ytvoviXzH550Ydf3w+bFrEPHkEq0IBXi31BpM7PUiN1xryibdY81ukAjSS
|
||||
KRQV5RFS6lwdJOGAFkE0gJ7xES8P7FiC+wKHE78WdvNm0trZiiaJNrMebkitw6K4
|
||||
rJMpZj0mhCtKryYmz3L857QFYeUJ9M95Y4/Ib6aM7dn/fJMOeUOVtv0wESQ44dwQ
|
||||
CPDjfQdBXrshRWOYMZBsJjI0J0oBc0BRrbHo60LNixqL36CKWyCRNKNVKyZfv23G
|
||||
sBeoSpFOHxiiATzlgobufJyhwgU4k8idMt8+lMl783FN/0gRYs14ziYdKNYP2ctG
|
||||
Bci38D19tWoLidIuyR9l96IGWmzxey/wQI6UaRFFQR5Y9Po40WCq6XZIbeT3wDRF
|
||||
0ynTxlQ0TP6802iglC93S26tLL3QN/nF22gOxKIEC/tGMtv1vJRWfC1svPitDMD+
|
||||
Y91xJS+rnzzcEMeDvZmgA5JRGn4YCL0RK1AWgMmQB1zBmPEXpIpFGjQiWF/s2Cg4
|
||||
l21wEMmVO8mTVk2Rygaf6wvyf2TmblGPTbb2zfrq7lKtrYFR34oIB9FY9nqJoqDz
|
||||
g2OZhq59qIjTgbvPjkPdvqqi0Vg7CQ4zBz+zhOLrb5U0NPHvMtvwZn1bW4dzSFQr
|
||||
IBIk63tVMLrfMvNScOAviyK7QoHOhHXElSofTBSUtlMBAE8vusHE/mYic92BVlsu
|
||||
TofitNVONyJHKst3jKVU68O3pWHp2+7CyA8gzf6ieH33UQU=
|
||||
=1q6K
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
Loading…
Reference in a new issue