Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

KEES - The Coloclue Network Automation Toolchain

alt text

This code in this repository is used for the following tasks:

- use the database at https://github.com/coloclue/peering to generate all IXP peering
- generate IRR filters for each peer
- generate RPKI based filters for each peer
- generate remaining BIRD configuration
- push the BIRD configs to all boxes

KEES IS AUTHORITATIVE:

The 'kees' repository is the authoritative source for BIRD configurations in
the coloclue network. Any changes to the BIRD configuration on the routers
will be overwritten by the scripts in this repository.

Part of the BIRD configurations are generated by python scripts, other
parts of the BIRD configuration are manually composed and stored in the
'blobs' directory.  The 'blobs' directory contains a directory for each
BIRD router, later on the peering & rpki files are copied over the a copy
of the 'blobs' to augment it with the 'dynamic' (read IRR or RPKI) portions
of the configuration. The goal is to have as much dynamic config as possible
and have the static configs per router completely empty.

Repository layout:

$ tree
.
├── LICENSE
├── README
├── blobs
│   ├── dcg-1.router.nl.coloclue.net
│   │   ├── bird.conf                  <- Static config for bird (IPv4 definition on the routers)
│   │   ├── bird6.conf                 <- Static config for bird6 (IPv6 definition on the routers)
│   │   ├── peerings                   <- Filled by peering_filters 
│   │   └── rpki                       <- Filled by rtrsub
│   ├── dcg-2.router.nl.coloclue.net
│   │   ├── bird.conf
│   │   ├── bird6.conf
│   │   ├── peerings
│   │   └── rpki
│   ├── eunetworks-2.router.nl.coloclue.net
│   │   ├── bird.conf
│   │   ├── bird6.conf
│   │   ├── blackholes                 <- Specific annoucements to mitigate DDoSses is placed here automatically
│   │   ├── peerings
│   │   └── rpki
│   └── eunetworks-3.router.nl.coloclue.net
│       ├── bird.conf
│       ├── bird6.conf
│       ├── peerings
│       └── rpki
├── generate-peer-config.sh            <- Generates all the filters for the peers
├── gentool                            <- A YAML to Jinja2 template generator
├── peering_filters                    <- creates IRR filters & IXP peering configs
├── templates
│   ├── afi_specific_filters.j2        <- Filters where the AFI is relevant
│   ├── bird-rpki.j2                   <- Template used by rtrsub
│   ├── ebgp_state.j2                  <- State of the eBGP sessions, toggled by the maintenance-mode setting
│   ├── envvars.j2                     <- UID and GID to run the Bird process as
│   ├── filter.j2                      <- Filter for peers
│   ├── generic_filters.j2             <- Global filters where the AFI is irrelevant
│   ├── header.j2                      <- File where all the generated files are included
│   ├── ibgp.j2                        <- Template for the iBGP sessions
│   ├── interfaces.j2                  <- Interfaces used by Bird (for instance to announce OSPF hello's on)
│   ├── members_bgp.j2                 <- template for BGP sessions to members
│   ├── ospf.j2                        <- OSPF definition
│   ├── peer.j2                        <- Template for the BGP sessions definition to peers
│   ├── rpkiwhitelist.j2               <- Template for RPKI whitelisted prefixes
│   ├── static_routes.j2               <- Template for static routes (we use this for static routes towards members)
│   └── transit.j2                     <- Template in which the BGP sessions towards our transits are defined
├── update-routers.sh
└── vars
    ├── dcg-1.router.nl.coloclue.net.yml
    ├── dcg-2.router.nl.coloclue.net.yml
    ├── eunetworks-2.router.nl.coloclue.net.yml
    ├── generic.yml
    ├── members_bgp.yml                <- ips & prefixes of members with BGP
    ├── statics-dcg.yml                <- static routes eunetworks
    └── statics-eunetworks.yml         <- static routes DCG

Usage:

./generate-peer-config.sh - Generate new filters for peers, you need to run this before ./update-routers.sh push
./update-routers.sh push  - To build a new config and push it to the routers, uses the filters generated by ./generate-peer-config.sh
./update-routers.sh check - To build a new config and validate it, but don't push it to the routers

Dependencies:

rtrsub - https://github.com/job/rtrsub
jinja2 - jinja.pocoo.org
hiyapyco - https://pypi.python.org/pypi/HiYaPyCo
bgpq3  - https://github.com/snar/bgpq3

To prepare a Debian machine to build Kees:

sudo apt install python3-pip bgpq3 jinja2 python-pip
sudo pip3 install rtrsub
sudo pip3 install numpy
sudo pip3 install ipaddr
sudo pip3 install pyyaml
sudo pip install jinja2
sudo pip install hiyapyco

sudo mkdir -p /opt/routefilters/
sudo mkdir -p /opt/router-staging/
sudo chown -R ${USER} /opt/routefilters/ /opt/router-staging/

And symlink in your vars/ and blobs/ directories.

Authors:

Copyright (c) 2014-2017, Job Snijders job@instituut.net

Copyright (c) 2017-2019, Network committee Coloclue routers@coloclue.net

About

KEES - The Coloclue Network Automation Toolchain

Resources

License

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •