wiki.ohea.xyz/wiki
11
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

small typos

Browse Source
This commit is contained in:
Fisher Darling
2022-10-30 17:32:35 +01:00
parent f458cbc8b2
commit 57300cef9a
1 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
projects/alamesh/setting_up_bird.md
+19 -13
View File
@@ -1,16 +1,16 @@
# Setting up BIRD # Setting up BIRD
BIRD, or the "BIRD Internet Routing Daemon", is a daemon that turns a dump linux box into a fully fledged router that BIRD, or the "BIRD Internet Routing Daemon", is a daemon that turns a dumb linux box into a fully fledged router that
can support many different routing protocols. It speaks those protocols with other routers and builds a dynamic routing can support many different routing protocols. It speaks those protocols with other routers and builds a dynamic routing
table that is then sent to the kernel (which does the actual packet forwarding). table that is then sent to the kernel (which does the actual packet forwarding).
This doc tracks my learnings from install and using bird on a cheap, $4/month DO droplet. This doc tracks my learnings from installing and setting up bird on a cheap, $4/month DO droplet. Actually using it
with another router will come in an edit or separate post.
# My Network # My Network
I'm not trying to to any sort of dynamic routing yet, but here's what I have working right now. My current network is I'm not trying to to any sort of dynamic routing yet, but here's what I have working right now. My current network is
the entire `0200::/7` address space (all addresses prefixed with `0x2` and `0x00`). the entire `0200::/7` address space (all addresses prefixed with `0x02` and `0x0[01]`).
``` ```
┌──────────┐ wg tunnel ┌──────────┐ wg tunnel
@@ -52,7 +52,7 @@ I moved my bin to `/usr/local/bin/bird` after having some weird env issues.
~~Now we need to create a user with `CAP_NET_*` privileges that bird can run as~~. We actually don't need to do that ~~Now we need to create a user with `CAP_NET_*` privileges that bird can run as~~. We actually don't need to do that
immediately. We can use `-u` to drop to a user like `nobody` and bird will only give itself the privileges that it immediately. We can use `-u` to drop to a user like `nobody` and bird will only give itself the privileges that it
needs. needs. We may want a specific bird user in the future.
# Configuration # Configuration
@@ -62,7 +62,7 @@ chosen to use a local config file under `~/.bird/bird.conf`. You can give bird t
dn42 has a [great guide](https://dn42.eu/howto/Bird) on using bird (with peers!). I'm going to copy the configuration dn42 has a [great guide](https://dn42.eu/howto/Bird) on using bird (with peers!). I'm going to copy the configuration
structure from that page here and attempt to add more commentary. structure from that page here and attempt to add more commentary.
The guide requires a few pieces of information (what we'll need to decide on): The guide requires a few pieces of information that we'll need to discuss:
* `<AS>`: your [Autonomous System Number](https://en.wikipedia.org/wiki/Autonomous_system_(Internet)) * `<AS>`: your [Autonomous System Number](https://en.wikipedia.org/wiki/Autonomous_system_(Internet))
* `<GATEWAY_IP>`: your gateway ip, the internal `0200::/7` address that the router will run on. * `<GATEWAY_IP>`: your gateway ip, the internal `0200::/7` address that the router will run on.
@@ -73,9 +73,8 @@ The guide requires a few pieces of information (what we'll need to decide on):
> Most of this information should be located in (and authenticated through) a git repo. If we do it with git, then > Most of this information should be located in (and authenticated through) a git repo. If we do it with git, then
> updating bird should simply be a `git pull` and then running a cli tool to generate the config and reload bird. We need > updating bird should simply be a `git pull` and then running a cli tool to generate the config and reload bird. We need
> to find a balance between magic and understanding of what's happening. Maybe a tool that can describe what's going on > to find a balance between magic and understanding of what's happening. Maybe a tool that automates it but describes
> at any level of detail would be enough? > what's going on is enough?
Now for the actual configuration. We're going to be using IPv6 only. If we did v4 we would need a separate set of rules Now for the actual configuration. We're going to be using IPv6 only. If we did v4 we would need a separate set of rules
files, subnets, ips, etc. files, subnets, ips, etc.
@@ -83,6 +82,9 @@ files, subnets, ips, etc.
The first file is the root `bird.conf`. This is what we point bird to when starting the daemon. I will try to comment The first file is the root `bird.conf`. This is what we point bird to when starting the daemon. I will try to comment
every line and block with my understanding of what it means. every line and block with my understanding of what it means.
The bird conf file format is a structured tree of blocks with some simple syntax. A `protocol` is the base unit of work
in bird. Protocols describe how to interact with the kernel, BGP, static route, etc.
## bird.conf ## bird.conf
``` ```
@@ -105,7 +107,7 @@ include "/etc/bird/local6.conf
# #
# Again, not really a protocol but ¯\_(ツ)_/¯ # Again, not really a protocol but ¯\_(ツ)_/¯
# Comment from dn42. # Comment from dn42's guide:
/* /*
krt_prefsrc defines the source address for outgoing connections. krt_prefsrc defines the source address for outgoing connections.
On Linux, this causes the "src" attribute of a route to be set. On Linux, this causes the "src" attribute of a route to be set.
@@ -221,8 +223,10 @@ define OWNIP = <GATEWAY_IP>;
# Now for some helper functions (filters) that we use in the config above: # Now for some helper functions (filters) that we use in the config above:
# Returns if the `net` special variable (what the route is actually talking about, could be prefix), # Returns if the `net` special variable (what the route is actually
# is in our own subnet. The `+` after the subnet is shorthand for "every possible address in this subnet". # talking about, could be prefix. generally some kind of address),
# is in our own subnet. The `+` after the subnet is shorthand for
# "every possible address in this subnet".
# #
# `a ~ b` means "a is in b". # `a ~ b` means "a is in b".
function is_self_net() { function is_self_net() {
@@ -264,4 +268,6 @@ when we get there (large outage lol).
Now I need to actually test this with another router. I'll most likely setup another VPS or ask someone else to spin Now I need to actually test this with another router. I'll most likely setup another VPS or ask someone else to spin
something up. something up.
I need to determine a fake AS number, subnets, etc. I need to determine a fake AS number, subnets, etc, and then I'll report back if it works or not. To test the bird
configuration, I plan to connect lykos to a different router running on a different subnet, and then ssh into hyperion
from lykos. The routes should "just work" (right lol).