--- # Copyright 2016, Logan Vig # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Based on the default Calico BIRD template at # https://github.com/projectcalico/felix/blob/master/etc/bird/calico-bird.conf.template # BGP peer configuration for Calico by default will attempt to configure peering # sessions with the host's default gateway over IPv4/IPv6. This is just one # example of the various BGP peering configurations that could be used here # and should be customized further to match the deployer's upstream BGP # configuration. Calico has documented some example BGP topologies at: # http://docs.projectcalico.org/master/reference/private-cloud/l2-interconnect-fabric # http://docs.projectcalico.org/master/reference/private-cloud/l3-interconnect-fabric # Set to your iBGP ASN bird_bgp_asn: 65000 bird_bgp_ipv4_peer_ip: "{{ ansible_default_ipv4['gateway'] }}" #calculate the first address in the subnet since the IPv6 "gateway" may be a #link local address that we cannot peer to. bird_bgp_ipv6_peer_ip: >- {% if ansible_default_ipv6['address'] is defined and ansible_default_ipv6['prefix'] is defined %} {{ ((ansible_default_ipv6['address'] ~ '/' ~ ansible_default_ipv6['prefix']) | ipaddr('network') ~ '/' ~ ansible_default_ipv6['prefix'] ) | ipaddr('net') | ipaddr(1) | ipaddr('address') }} {% endif %} bird_ipv4_protocols: kernel: | learn; persist; scan time 2; graceful restart; device: | scan time 2; direct: | interface "-dummy0", "dummy1", "eth*", "em*", "en*"; bgp: UPLINK: | description "Connection to BGP route reflector"; local as {{ bird_bgp_asn }}; neighbor {{ bird_bgp_ipv4_peer_ip }} as {{ bird_bgp_asn }}; hold time 15; graceful restart; check link; direct; gateway direct; export filter export_bgp; next hop self; bird_ipv6_protocols: kernel: | learn; persist; scan time 2; graceful restart; device: | scan time 2; direct: | interface "-dummy0", "dummy1", "eth*", "em*", "en*"; bgp: UPLINK: | description "Connection to BGP route reflector"; local as {{ bird_bgp_asn }}; neighbor {{ bird_bgp_ipv6_peer_ip }} as {{ bird_bgp_asn }}; hold time 15; graceful restart; check link; direct; gateway direct; export filter export_bgp; next hop self; #configure bird to advertise subnets bound to these interface wildcards bird_advertise_interfaces: - 'tap*' - 'cali*' - 'dummy1' bird_ipv4_filters: export_bgp: | if ( {% for i in bird_advertise_interfaces %}(ifname ~ "{{ i }}"){% if not loop.last %} || {% endif %}{% endfor %} ) then { if net != 0.0.0.0/0 then accept; } reject; bird_ipv6_filters: export_bgp: | if ( {% for i in bird_advertise_interfaces %}(ifname ~ "{{ i }}"){% if not loop.last %} || {% endif %}{% endfor %} ) then { if net != ::/0 then accept; } reject;