diff options
-rw-r--r-- | filter/test_bgp_filtering.conf | 113 |
1 files changed, 0 insertions, 113 deletions
diff --git a/filter/test_bgp_filtering.conf b/filter/test_bgp_filtering.conf deleted file mode 100644 index 573cad46..00000000 --- a/filter/test_bgp_filtering.conf +++ /dev/null @@ -1,113 +0,0 @@ -router id 62.168.0.1; - -function net_martian() -{ - return net ~ [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, - 127.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ]; -} - -function net_local() -{ - return net ~ [ 12.10.0.0/16+, 34.10.0.0/16+ ]; -} - -function rt_import(int asn; int set peer_asns; prefix set peer_nets) -{ - if ! (net ~ peer_nets) then return false; - if ! (bgp_path.last ~ peer_asns) then return false; - if bgp_path.first != asn then return false; - if bgp_path.len > 64 then return false; - if bgp_next_hop != from then return false; - return true; -} - -function rt_import_all(int asn) -{ - if net_martian() || net_local() then return false; - if bgp_path.first != asn then return false; - if bgp_path.len > 64 then return false; - if bgp_next_hop != from then return false; - return true; -} - -function rt_import_rs(int asn) -{ - if net_martian() || net_local() then return false; - if bgp_path.len > 64 then return false; - return true; -} - -function rt_export() -{ - if proto = "static_bgp" then return true; - if source != RTS_BGP then return false; - if net_martian() then return false; - if bgp_path.len > 64 then return false; - # return bgp_next_hop ~ [ 100.1.1.1, 100.1.1.2, 200.1.1.1 ]; - return bgp_path.first ~ [ 345, 346 ]; -} - - -function rt_export_all() -{ - if proto = "static_bgp" then return true; - if source != RTS_BGP then return false; - if net_martian() then return false; - if bgp_path.len > 64 then return false; - return true; -} - -filter bgp_in_uplink_123 -{ - if ! rt_import_all(123) then reject; - accept; -} - -filter bgp_out_uplink_123 -{ - if ! rt_export() then reject; - accept; -} - - -filter bgp_in_peer_234 -{ - if ! rt_import(234, [ 234, 1234, 2345, 3456 ], - [ 12.34.0.0/16, 23.34.0.0/16, 34.56.0.0/16 ]) - then reject; - accept; -} - -filter bgp_out_peer_234 -{ - if ! rt_export() then reject; - accept; -} - -filter bgp_in_rs -{ - if ! rt_import_rs(bgp_path.last) then reject; - accept; -} - -filter bgp_out_rs -{ - if ! rt_export() then reject; - accept; -} - - -filter bgp_in_client_345 -{ - if ! rt_import(345, [ 345 ], [ 34.5.0.0/16 ]) then reject; - accept; -} - -filter bgp_out_client_345 -{ - if ! rt_export_all() then reject; - accept; -} - - - |