jackhadrill
/
BIRD2-Config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

This commit is contained in:
Jack Hadrill 2022-02-13 20:47:02 +00:00
commit 398cc7a7a4
9 changed files with 375 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
AS1/bird.conf Normal file
View File

@ -0,0 +1,55 @@
# The router ID of a BGP router can theoretically be anything.
# It's common practice to set it to the IPv4 address that other routers will peer with.
router id 192.168.179.1;
# Export all learned IPv4 routes from peers into the kernel's routing table.
# This turns a BGP route server into a BGP router.
# Visible with `ip route show`.
protocol kernel
{
ipv4
{
import all;
export filter
{
if source = RTS_STATIC then reject;
krt_prefsrc = 192.168.179.1;
accept;
};
};
}
# The IPv4 routes to be announced.
protocol static
{
ipv4;
route 10.0.0.1/32 reject;
route 10.0.0.2/32 reject;
route 10.0.0.3/32 reject;
}
# Avoid hammering the kernel's routing table unnecessarily.
protocol device {
scan time 10;
}
# You can template peers.
template bgp PEER
{
# The ASN this router announces as.
local as 1;
ipv4
{
# DON'T EVER DO THIS ON THE REAL INTERNET.
# THIS IS HOW ROUTE LEAKS AND BGP HIJACKS HAPPEN.
import all;
export all;
};
}
# Peer with AS2! :-)
protocol bgp AS2 from PEER
{
# The IP address and ASN of the peer.
neighbor 192.168.179.2 as 2;
}

13
AS1/start.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
# This adds the IPs AS1 announces such that they're
# pingable from AS2 once the routes have propagated.
ip address add 10.0.0.1/32 dev lo
ip address add 10.0.0.2/32 dev lo
ip address add 10.0.0.3/32 dev lo
ip -6 address add fd00:dead:beef::1/128 dev lo
ip -6 address add fd00:dead:beef::2/128 dev lo
ip -6 address add fd00:dead:beef::3/128 dev lo
# Start bird.
bird -d -c /demo/bird.conf

96
AS2/bird.conf Normal file
View File

@ -0,0 +1,96 @@
# The router ID of a BGP router can theoretically be anything.
# It's common practice to set it to the IPv4 address that other routers will peer with.
router id 192.168.179.2;
# Export all learned IPv4 routes from peers into the kernel's routing table.
# This turns a BGP route server into a BGP router.
# Visible with `ip route show`.
protocol kernel
{
ipv4
{
import all;
export filter
{
if source = RTS_STATIC then reject;
krt_prefsrc = 192.168.179.2;
accept;
};
};
}
# Export all learned IPv6 routes from peers into the kernel's routing table.
# This turns a BGP route server into a BGP router.
# Visible with `ip -6 route show`.
protocol kernel
{
ipv6
{
import all;
export filter
{
if source = RTS_STATIC then reject;
krt_prefsrc = fd00::2;
accept;
};
};
}
# The IPv4 routes to be announced.
protocol static
{
ipv4;
route 172.16.0.1/32 reject;
route 172.16.0.2/32 reject;
route 172.16.0.3/32 reject;
}
# The IPv6 routes to be announced.
protocol static
{
ipv6;
route fd00:cafe:babe::1/128 reject;
route fd00:cafe:babe::1/128 reject;
route fd00:cafe:babe::1/128 reject;
}
# Avoid hammering the kernel's routing table unnecessarily.
protocol device {
scan time 10;
}
# You can template peers.
template bgp PEER
{
# The ASN this router announces as.
local as 2;
ipv4
{
# DON'T EVER DO THIS ON THE REAL INTERNET.
# THIS IS HOW ROUTE LEAKS AND BGP HIJACKS HAPPEN.
import all;
export all;
};
ipv6
{
# DON'T EVER DO THIS ON THE REAL INTERNET.
# THIS IS HOW ROUTE LEAKS AND BGP HIJACKS HAPPEN.
import all;
export all;
};
}
# Peer with AS1! :-)
protocol bgp AS1 from PEER
{
# The IP address and ASN of the peer.
neighbor 192.168.179.1 as 1;
}
# Peer with AS1! :-)
protocol bgp AS1 from PEER
{
# The IP address and ASN of the peer.
neighbor 192.168.179.1 as 1;
}

13
AS2/start.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
# Add the IPs AS2 announces such that they're
# pingable from AS1 once the routes have propagated.
ip address add 172.16.1/32 dev lo
ip address add 172.16.2/32 dev lo
ip address add 172.16.3/32 dev lo
ip -6 address add fd00:cafe:babe::1/128 dev lo
ip -6 address add fd00:cafe:babe::2/128 dev lo
ip -6 address add fd00:cafe:babe::3/128 dev lo
# Start bird.
bird -d -c /demo/bird.conf

BIN
BIRD on Docker.zip Normal file
View File

Binary file not shown.

BIN
BIRD.zip Normal file
View File

Binary file not shown.

14
Dockerfile Normal file
View File

@ -0,0 +1,14 @@
FROM ubuntu:20.04
EXPOSE 179/tcp
# BIRD really doesn't like to be installed in a minimal
# Ubuntu container, so some fudges are needed to get it to run.
RUN echo "path-include=/usr/share/doc/bird2/*" > /etc/dpkg/dpkg.cfg.d/include-bird
RUN mkdir -p /run/bird
RUN apt-get update && apt-get install -y bird2 && rm -rf /var/lib/apt/lists/*
# Useful debug packages. Not essential for BIRD to work.
RUN apt-get update && apt-get install -y iproute2 iputils-ping && rm -rf /var/lib/apt/lists/*
CMD ["/demo/start.sh"]

103
README.md Normal file
View File

@ -0,0 +1,103 @@
## Notes
BGP operates on port TCP 179.
This is exposed to host.
- AS1 on 17901
- AS2 on 17902
BGP requires peers to be on the same L2 network such that routes between routers can be established.
However, a lot of route collectors (people who just hoover up information about the state of the internet),
internet exchanges and ISPs expose TCP 179 publicly. Interaction with BGP can occur across the internet if
this port is left unfirewalled, but the routes it establishes will only ever be functional across a L2 network.
The configuration for BIRD 1.6 differs slightly. The main difference is that IPv4 and IPv6 operate as two
separate processes and as such are configured using separate configuration files.
To start:
```bash
$ docker-compose up -d
```
To destroy:
```bash
$ docker-compose down --rmi all
```
To interact:
```bash
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8e6ec23b0482 bgpdemo/bird "/demo/start.sh" 30 minutes ago Up 30 minutes 0.0.0.0:17901->179/tcp AS1
636ea235359c bgpdemo/bird "/demo/start.sh" 30 minutes ago Up 30 minutes 0.0.0.0:17902->179/tcp AS2
$ docker exec -it AS1 /bin/bash
$$ ip route show
default via 192.168.179.254 dev eth0
172.16.0.1 via 192.168.179.2 dev eth0 proto bird src 192.168.179.1 metric 32
172.16.0.2 via 192.168.179.2 dev eth0 proto bird src 192.168.179.1 metric 32
172.16.0.3 via 192.168.179.2 dev eth0 proto bird src 192.168.179.1 metric 32
192.168.179.0/24 dev eth0 proto kernel scope link src 192.168.179.1
$$ ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.081 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=0.150 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=0.167 ms
^C
--- 172.16.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2061ms
rtt min/avg/max/mdev = 0.081/0.132/0.167/0.037 ms
$$ birdc show protocol all
BIRD 2.0.7 ready.
Name Proto Table State Since Info
kernel1 Kernel master4 up 22:58:19.431
Channel ipv4
State: UP
Table: master4
Preference: 10
Input filter: ACCEPT
Output filter: (unnamed)
Routes: 0 imported, 3 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 9 0 6 --- 3
Export withdraws: 0 --- --- --- 0
...
```
## Configuration
### AS1
BGP port exposed on TCP 17901
ASN: `AS1`
IPv4: `192.168.179.1`
IPv6: `fd00::1`
Announced routes:
```
10.0.0.1/32
10.0.0.2/32
10.0.0.3/32
fd00:dead:beef::1/128
fd00:dead:beef::2/128
fd00:dead:beef::3/128
```
### AS2
BGP port exposed on TCP 17902
ASN: `AS2`
IPv4: `192.168.179.2`
IPv6: `fd00::2`
Announced routes:
```
172.16.0.1/32
172.16.0.2/32
172.16.0.3/32
fd00:cafe:babe::1/128
fd00:cafe:babe::2/128
fd00:cafe:babe::3/128
```

81
docker-compose.yml Normal file
View File

@ -0,0 +1,81 @@
# Versions of Docker Compose >= 3 do not support IPv6. How regressive...
version: "2.3"
# Create a new L2 network for the routers to peer over.
# The gateways are fictitious and are not used.
networks:
bgp:
enable_ipv6: true
driver: bridge
ipam:
config:
- subnet: 192.168.179.0/24
gateway: 192.168.179.254
- subnet: fd00::/64
gateway: fd00::ffff
# Create two routers to peer with each other.
services:
AS1:
build: .
image: bgpdemo/bird
container_name: AS1
# NET_ADMIN required to add IP addresses to interfaces within the container.
cap_add:
- NET_ADMIN
# Docker likes to spam ICMP redirects which breaks the fancy routing we just configured. Ignore them!
sysctls:
net.ipv4.conf.eth0.accept_redirects: 0
net.ipv6.conf.eth0.accept_redirects: 0
volumes:
- type: bind
source: ./AS1
target: /demo
# Expose the BGP port so you can mess with it. :-)
ports:
- "17901:179/tcp"
networks:
bgp:
# The addresses AS2 will peer with.
ipv4_address: 192.168.179.1
ipv6_address: fd00::1
AS2:
image: bgpdemo/bird
depends_on:
- AS1
container_name: AS2
cap_add:
- NET_ADMIN
sysctls:
net.ipv4.conf.eth0.accept_redirects: 0
net.ipv6.conf.eth0.accept_redirects: 0
volumes:
- type: bind
source: ./AS2
target: /demo
ports:
- "17902:179/tcp"
networks:
bgp:
# The addresses AS1 will peer with.
ipv4_address: 192.168.179.2
ipv6_address: fd00::2
AS3:
image: bgpdemo/bird
depends_on:
- AS1
container_name: AS2
cap_add:
- NET_ADMIN
sysctls:
net.ipv4.conf.eth0.accept_redirects: 0
net.ipv6.conf.eth0.accept_redirects: 0
volumes:
- type: bind
source: ./AS2
target: /demo
ports:
- "17902:179/tcp"
networks:
bgp:
# The addresses AS1 will peer with.
ipv4_address: 192.168.179.2
ipv6_address: fd00::2