Import/Pipe default route export pattern

Fri Nov 1 13:54:25 CET 2024

Hello,

we have some hosts that are part of the same AS, but cannot receive IGP
routes due to networking isolation. The are usually IPv6 only, but
sometimes they have an IPv4 address assigned to the loopback interface
and would like to access the IPv4 Internet via IPv6 routes.

So far, nothing special, IPv4-over-IPv6 works fine in bird. My questions
goes into the direction of

     "how do you handle this case the best way"?

How we solve it at the moment is not particularly elegant:

- Store the IPv4 default route in a separate table "defroute4" on
  regular-router1
- Have a separate table "vpnXYZ" that is dedicated for exchanging routes
  with the IPv6-only-separated host vpnXYZ
- Export the IPv4 default route using pipe from defroute4 to vpnXYZ
- Use vpnXYZ table inside the peering with the vpnXYZ host
- We want the routes that we receive from vpnXYZ to go into
  master4/master6 tables

It seems a bit too complicated and I'd have expected something like an
"import table" and "export table" statement in the bird channel
configuration, WHICH DOES EXIST, but seems not to be designed to have a
different import and export table :-(

In code this currently looks as follows:

--------------------------------------------------------------------------------
ipv6 table defroute6;
ipv4 table defroute4;

protocol static defroute_v6 {
    ipv6 {
        table defroute6;
    };

    route ::/0 unreachable;
}

protocol static defroute_v4 {
    ipv4 {
        table defroute4;
    };

    route 0.0.0.0/0 unreachable;
}

ipv4 table t_vpn_14778195;

protocol pipe def_to_vpn_14778195 {
  table defroute4;             # import TO here
  peer table t_vpn_14778195;   # export TO this

  import none;
  export filter v4default;
}

protocol pipe vpn_14778195_to_master {
  table t_vpn_14778195;             # import TO here
  peer table master4;               # export TO this

  import none;
  export filter from_vpn14778195;
}

protocol bgp incoming_vpn14778195 {
    local as myas;
    direct;

    neighbor 2a0a:e5c0:2d:10::... as 213081;

    ipv6 {
      import filter from_vpn14778195;
      export filter v4default;
    };

    ipv4 {
      import filter from_vpn14778195;
      export filter v4default;
      extended next hop on;
                next hop self;
      table t_vpn_14778195;

    };
}
--------------------------------------------------------------------------------

Does anyone have a better / shorter / more elegant version to solve this issue?

BR,

Nico

-- 
Sustainable and modern Infrastructures by ungleich.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20241101/1f325d05/attachment.sig>