first working configuration with service vrf

3b2825fb · Karl Grube · 928a962d · 3b2825fb · 3b2825fb · 3b2825fb
Commit 3b2825fb authored 1 year ago by Karl Grube
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -10,4 +10,5 @@ kresd_user: "{% if ansible_os_family == 'Debian' %}knot-resolver{% else %}kresd{

 anycast_ips: "{{ dns_anycast_ips + dns64_anycast_ips}}"
 dns_anycast_ips: []
-dns64_anycast_ips: []
+
+dns64_enabled: False
--- a/templates/frr_conf.j2
+++ b/templates/frr_conf.j2
@@ -27,19 +27,23 @@ router bgp {{bgp_asn}}{% if use_service_vrf == True %} vrf service
 {%   endif %}
 {% endfor %}
 address-family ipv4 unicast
-  redistribute connected route-map service_interfaces
  neighbor upstream activate
  neighbor upstream prefix-list all in
 {% if use_service_vrf == True %}
-  neighbor upstream route-map service_interfaces out
+  neighbor upstream prefix-list all out
+  import vrf default
+{% else %}
+  redistribute connected route-map lo 
 {% endif %}
 !
 address-family ipv6 unicast
-  redistribute connected route-map service_interfaces
  neighbor upstream activate
  neighbor upstream prefix-list all in
 {% if use_service_vrf == True %}
-  neighbor upstream route-map service_interfaces out
+  neighbor upstream prefix-list all out
+  import vrf default
+{% else %}
+  redistribute connected route-map lo 
 {% endif %}
 exit-address-family
 exit
@@ -47,7 +51,10 @@ exit
 {% if use_service_vrf == True %} 
 router bgp {{bgp_asn}}
 address-family ipv4 unicast
-  import vrf service
+  redistribute connected route-map lo 
+ exit-address-family
+ address-family ipv6 unicast
+  redistribute connected route-map lo 
 exit-address-family
 exit
 !
@@ -57,10 +64,10 @@ ip prefix-list all seq 10 permit any
 ipv6 prefix-list all seq 10 permit any
 ipv6 prefix-list none seq 10 deny any
 {% for interface in service_interfaces %}
-route-map service_interfaces permit {{loop.index*10}}
- match interface {{interface}}
+route-map lo permit {{loop.index*10}}
+ match interface lo
 {%   if loop.last %}
-route-map service_interfaces permit {{loop.index*10+10}}
+route-map lo deny {{loop.index*10+10}}
 {%   endif %}
 exit
 {% endfor %}
--- a/templates/kresd_conf.j2
+++ b/templates/kresd_conf.j2
 net.listen({ {% for address in dns_anycast_ips + dns64_anycast_ips %}'{{address}}',{% endfor %}'::1','127.0.0.1' }, 53, { freebind = true })
 net.listen({'::','0.0.0.0'}, 853, { kind = 'tls' })
--net.outgoing_v4('{{kresd_outgoing_ipv4}}')
--net.outgoing_v6('{{kresd_outgoing_ipv6}}')
+net.outgoing_v4('{{kresd_outgoing_ipv4}}')
+net.outgoing_v6('{{kresd_outgoing_ipv6}}')

 user( '{{kresd_user}}','{{kresd_user}}')
 -- trust_anchors.file = 'root.keys'
@@ -20,16 +20,9 @@ modules = {
  'stats',    -- Track internal statistics
 {% endif %}
  predict = { window = 15, period = 6*(60/15) },
+{% if dns64_enabled == True %}
  'dns64', -- use dns64
+{% endif %}
  --http = { host='localhost', port=8053 },
 }

-policy.add(
-	policy.net_match(
-		{
-{% for ip in dns_anycast_ips %}
-	{ '{{ip}}', policy.FLAGS('DNS64_DISABLE') },
-{% endfor %}
-		}
-	)
-)