Init

protocol/external_network.conf

@@ -0,0 +1,25 @@
+template bgp pub_transit {
+    local as LOCAL_ASN;
+    ipv6 {
+        import filter transit_import_filter(6939);
+        export filter transit_export_filter(6939);
+    }
+}
+
+template bgp pub_peer {
+    local as LOCAL_ASN;
+    
+    ipv6 {
+        import filter direct_peer_import_filter(6939);
+        export filter direct_peer_export_filter(6939);
+    }
+}
+
+template bgp pub_downstream {
+    local as LOCAL_ASN;
+
+    ipv6 {
+        import filter downstream_import_filter(6939);
+        export filter downstream_export_filter(6939);
+    }
+}

protocol/internal_network.conf

@@ -0,0 +1,21 @@
+template bgp net186 {
+    local as SELFASN;
+    
+    interpret communities off;
+
+    bfd on;
+
+    ipv6 {
+        next hop self;
+
+        gateway direct;
+
+        import filter {
+
+        };
+
+        export filter {
+
+        };
+    }
+}

protocol/kernel.conf

@@ -0,0 +1,21 @@
+protocol device {
+    scan time 5;
+}
+
+protocol kernel {
+    scan time 20;
+
+    ipv6 {
+        import none;
+        export filter {
+            # Blackhole (65535, 666)
+            if (65535, 666) ~ bgp_community then dest = RTD_BLACKHOLE;
+            # Blackhole (LOCAL_ASN, 0, 666)
+            if (LOCAL_ASN, 0, 666) ~ bgp_large_community then dest = RTD_BLACKHOLE;
+            # Only Announced (LOCAL_ASN, 0, 665)
+            if (LOCAL_ASN, 0, 665) ~ bgp_large_community then reject;
+            krt_prefsrc = ROUTER_IP;
+            accept;
+        }
+    }
+}

protocol/rpki.conf

@@ -0,0 +1,26 @@
+roa6 table pub_roa6;
+roa4 table pub_roa4;
+
+protocol rpki pub_rpki {
+    roa4 {
+        table pub_roa4;
+    };
+    roa6 {
+        table pub_roa6;
+    };
+    remote "172.65.0.2" port 8282;
+    retry keep 5;
+    refresh keep 30;
+    expire 600;
+    transport tcp;
+}
+
+function is_rpki_invalid() {
+    if (net.type = NET_IP4 && roa_check(pub_roa4, net, bgp_path.last) = ROA_INVALID ) then {
+        return true;
+    } else if (net.type = NET_IP6 && roa_check(pub_roa6, net, bgp_path.last) = ROA_INVALID) then {
+        return true;
+    } else {
+        return false;
+    }
+}