From 57300cef9a611331b7d8eea4b197da69a922b183 Mon Sep 17 00:00:00 2001 From: Fisher Darling Date: Sun, 30 Oct 2022 17:32:35 +0100 Subject: [PATCH] small typos --- projects/alamesh/setting_up_bird.md | 32 +++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/projects/alamesh/setting_up_bird.md b/projects/alamesh/setting_up_bird.md index c5c8c89..9af52b1 100644 --- a/projects/alamesh/setting_up_bird.md +++ b/projects/alamesh/setting_up_bird.md @@ -1,16 +1,16 @@ # Setting up BIRD -BIRD, or the "BIRD Internet Routing Daemon", is a daemon that turns a dump linux box into a fully fledged router that +BIRD, or the "BIRD Internet Routing Daemon", is a daemon that turns a dumb linux box into a fully fledged router that can support many different routing protocols. It speaks those protocols with other routers and builds a dynamic routing table that is then sent to the kernel (which does the actual packet forwarding). -This doc tracks my learnings from install and using bird on a cheap, $4/month DO droplet. +This doc tracks my learnings from installing and setting up bird on a cheap, $4/month DO droplet. Actually using it +with another router will come in an edit or separate post. # My Network I'm not trying to to any sort of dynamic routing yet, but here's what I have working right now. My current network is -the entire `0200::/7` address space (all addresses prefixed with `0x2` and `0x00`). - +the entire `0200::/7` address space (all addresses prefixed with `0x02` and `0x0[01]`). ``` ┌──────────┐ wg tunnel @@ -52,7 +52,7 @@ I moved my bin to `/usr/local/bin/bird` after having some weird env issues. ~~Now we need to create a user with `CAP_NET_*` privileges that bird can run as~~. We actually don't need to do that immediately. We can use `-u` to drop to a user like `nobody` and bird will only give itself the privileges that it -needs. +needs. We may want a specific bird user in the future. # Configuration @@ -62,7 +62,7 @@ chosen to use a local config file under `~/.bird/bird.conf`. You can give bird t dn42 has a [great guide](https://dn42.eu/howto/Bird) on using bird (with peers!). I'm going to copy the configuration structure from that page here and attempt to add more commentary. -The guide requires a few pieces of information (what we'll need to decide on): +The guide requires a few pieces of information that we'll need to discuss: * ``: your [Autonomous System Number](https://en.wikipedia.org/wiki/Autonomous_system_(Internet)) * ``: your gateway ip, the internal `0200::/7` address that the router will run on. @@ -73,9 +73,8 @@ The guide requires a few pieces of information (what we'll need to decide on): > Most of this information should be located in (and authenticated through) a git repo. If we do it with git, then > updating bird should simply be a `git pull` and then running a cli tool to generate the config and reload bird. We need -> to find a balance between magic and understanding of what's happening. Maybe a tool that can describe what's going on -> at any level of detail would be enough? - +> to find a balance between magic and understanding of what's happening. Maybe a tool that automates it but describes +> what's going on is enough? Now for the actual configuration. We're going to be using IPv6 only. If we did v4 we would need a separate set of rules files, subnets, ips, etc. @@ -83,6 +82,9 @@ files, subnets, ips, etc. The first file is the root `bird.conf`. This is what we point bird to when starting the daemon. I will try to comment every line and block with my understanding of what it means. +The bird conf file format is a structured tree of blocks with some simple syntax. A `protocol` is the base unit of work +in bird. Protocols describe how to interact with the kernel, BGP, static route, etc. + ## bird.conf ``` @@ -105,7 +107,7 @@ include "/etc/bird/local6.conf # # Again, not really a protocol but ¯\_(ツ)_/¯ -# Comment from dn42. +# Comment from dn42's guide: /* krt_prefsrc defines the source address for outgoing connections. On Linux, this causes the "src" attribute of a route to be set. @@ -221,8 +223,10 @@ define OWNIP = ; # Now for some helper functions (filters) that we use in the config above: -# Returns if the `net` special variable (what the route is actually talking about, could be prefix), -# is in our own subnet. The `+` after the subnet is shorthand for "every possible address in this subnet". +# Returns if the `net` special variable (what the route is actually +# talking about, could be prefix. generally some kind of address), +# is in our own subnet. The `+` after the subnet is shorthand for +# "every possible address in this subnet". # # `a ~ b` means "a is in b". function is_self_net() { @@ -264,4 +268,6 @@ when we get there (large outage lol). Now I need to actually test this with another router. I'll most likely setup another VPS or ask someone else to spin something up. -I need to determine a fake AS number, subnets, etc. \ No newline at end of file +I need to determine a fake AS number, subnets, etc, and then I'll report back if it works or not. To test the bird +configuration, I plan to connect lykos to a different router running on a different subnet, and then ssh into hyperion +from lykos. The routes should "just work" (right lol). \ No newline at end of file