firewall: consolidate IPv4 and IPv6 address families for BGP

2025-03-26 01:46:28 +01:00 · 2025-03-26 01:46:28 +01:00 · cafa938da3
parent 8a0113ea49
commit cafa938da3
2 changed files with 8 additions and 16 deletions
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@ -77,10 +77,12 @@ router bgp {{ asn.asn }} vrf outside
 {% endfor %}

  address-family ipv4 unicast
+    neighbor peerlink.4 activate
    neighbor peerlink.4 soft-reconfiguration inbound
    neighbor peerlink.4 route-map peer.4->me in
    neighbor peerlink.4 route-map me->peer.4 out

+    neighbor firewall activate
    neighbor firewall allowas-in 1
    neighbor firewall default-originate
    neighbor firewall soft-reconfiguration inbound
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@ -40,26 +40,14 @@ router bgp {{ asn.asn }}
  neighbor {{ iface.name }}.4 bfd profile fast
 {% endfor %}

-  address-family ipv4 unicast
+{% for family in ['ipv4', 'ipv6'] %}
+  address-family {{ family }} unicast
+{% if family == 'ipv4' %}
 {% for network in nat %}
    network {{ network }}
 {% endfor %}

-    redistribute connected route-map loopback
-    maximum-paths 16
-
-    neighbor outside soft-reconfiguration inbound
-    neighbor outside route-map outside->default in
-    neighbor outside route-map default->outside out
-
-    neighbor inside allowas-in origin
-    neighbor inside default-originate
-    neighbor inside soft-reconfiguration inbound
-    neighbor inside route-map inside->default in
-    neighbor inside route-map default->inside out
-  exit-address-family
-
-  address-family ipv6 unicast
+{% endif %}
    redistribute connected route-map loopback
    maximum-paths 16

@ -76,6 +64,8 @@ router bgp {{ asn.asn }}
    neighbor inside route-map default->inside out
  exit-address-family

+{% endfor %}
+
 # Prefix lists.
 ip prefix-list default permit 0.0.0.0/0
 ipv6 prefix-list default permit ::/0