April 20, 2025 14:54 · February 16, 2025 11:59 · February 10, 2025 16:17 · November 28, 2024 16:06 · November 27, 2024 13:52 · October 25, 2024 08:03
 [edit policy-options]
 +   prefix-list DC1-aggregate {
 +       10.10.0.0/23;
 +   }
 [edit policy-options]
 +   policy-statement ISP-B-out-v4 {
 +       term conditional-announcement {
 +           from {
 +               prefix-list DC1-aggregate;
 +               condition conditional-announcement;
 #!/usr/bin/env bash

 # Find IPv4 prefixes which have non-unique origin AS number, i.e. the rightmost AS number.

 get_origin_asn() {

    last_asn_elem="${1##* }"
    case "$last_asn_elem" in
        "{"*"}")
            # It's an AS-set.
 #!/usr/bin/env bash

 # Title               : systemd-networkd-confgen
 # Last modified date  : 8.02.2024
 # Author              : Martin Tonusoo
 # Description         : Script manages systemd-networkd conf files
 #                       with "[IPv6Prefix]" and "[IPv6SendRA]" configuration
 #                       sections in /run/systemd/network/10-br0.network.d/
 #                       directory. "[IPv6Prefix]" configuration is built based
 #                       on the content of the files in /run/prefix-capture/
 --- bgp_simple.pl~      2024-11-27 12:26:17.057483859 +0200
 +++ bgp_simple.pl       2024-11-27 14:46:48.435675124 +0200
 @@ -16,6 +16,8 @@
 use Net::BGP;
 use Net::BGP::Process;

 +STDOUT->autoflush(1);
 +
 my $version = "v0.12";
 my $version_date = "22-Jan-2011";
 #!/usr/bin/python3 -u

 """
 -> eth0: 192.168.17.36 -> 172.16.20.3 | protocol UDP | port 6000 | DATA |

 <- eth1: 10.0.0.2 -> 10.0.0.1 | protocol UDP | port 6000 | DATA |


 apt install --no-install-recommends python3-pcapy python3-scapy
 """
 log syslog all;
 debug protocols all;

 router id 213.184.52.1;
 define rtix_rs_asn = 207800;


 # BGP ipv4/ipv6 channel option "secondary" requires
 # routing table to be sorted.
 ipv4 table master4 sorted;
 interfaces {
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input-list [ discard-ip-options discard-frags accept-single-hop-bfd-v4 accept-multi-hop-bfd-v4 accept-bgp-v4 accept-ospf2 accept-vrrpv3-v4 accept-established-v4 accept-common-services-v4 discard-all-v4 ];
                }
            }
            family inet6 {
                filter {
 version 1.0;

 ns junos = "http://xml.juniper.net/junos/*/junos";
 ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
 ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
 ns dyn = "http://exslt.org/dynamic";
 ns snmp extension = "http://exslt.org/functions";


 template find-alarm($alarm_severity) {
 #!/usr/bin/python3 -u

 """
 Title               : send-dst-unreach
 Last modified date  : 14.02.2024
 Author              : Martin Tonusoo
 Description         : Reads packets from Netfilter queue, sends the
                      ICMPv6 type "Destination Unreachable" code
                      "Source address failed ingress/egress policy"
                      as a response to those packets and finally
	[edit policy-options]
	+ prefix-list DC1-aggregate {
	+ 10.10.0.0/23;
	+ }
	[edit policy-options]
	+ policy-statement ISP-B-out-v4 {
	+ term conditional-announcement {
	+ from {
	+ prefix-list DC1-aggregate;
	+ condition conditional-announcement;
	#!/usr/bin/env bash

	# Find IPv4 prefixes which have non-unique origin AS number, i.e. the rightmost AS number.

	get_origin_asn() {

	last_asn_elem="${1##* }"
	case "$last_asn_elem" in
	"{"*"}")
	# It's an AS-set.
	#!/usr/bin/env bash

	# Title : systemd-networkd-confgen
	# Last modified date : 8.02.2024
	# Author : Martin Tonusoo
	# Description : Script manages systemd-networkd conf files
	# with "[IPv6Prefix]" and "[IPv6SendRA]" configuration
	# sections in /run/systemd/network/10-br0.network.d/
	# directory. "[IPv6Prefix]" configuration is built based
	# on the content of the files in /run/prefix-capture/
	--- bgp_simple.pl~ 2024-11-27 12:26:17.057483859 +0200
	+++ bgp_simple.pl 2024-11-27 14:46:48.435675124 +0200
	@@ -16,6 +16,8 @@
	use Net::BGP;
	use Net::BGP::Process;

	+STDOUT->autoflush(1);
	+
	my $version = "v0.12";
	my $version_date = "22-Jan-2011";
	#!/usr/bin/python3 -u

	"""
	-> eth0: 192.168.17.36 -> 172.16.20.3 \| protocol UDP \| port 6000 \| DATA \|

	<- eth1: 10.0.0.2 -> 10.0.0.1 \| protocol UDP \| port 6000 \| DATA \|


	apt install --no-install-recommends python3-pcapy python3-scapy
	"""
	log syslog all;
	debug protocols all;

	router id 213.184.52.1;
	define rtix_rs_asn = 207800;


	# BGP ipv4/ipv6 channel option "secondary" requires
	# routing table to be sorted.
	ipv4 table master4 sorted;
	interfaces {
	lo0 {
	unit 0 {
	family inet {
	filter {
	input-list [ discard-ip-options discard-frags accept-single-hop-bfd-v4 accept-multi-hop-bfd-v4 accept-bgp-v4 accept-ospf2 accept-vrrpv3-v4 accept-established-v4 accept-common-services-v4 discard-all-v4 ];
	}
	}
	family inet6 {
	filter {
	version 1.0;

	ns junos = "http://xml.juniper.net/junos/*/junos";
	ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
	ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
	ns dyn = "http://exslt.org/dynamic";
	ns snmp extension = "http://exslt.org/functions";


	template find-alarm($alarm_severity) {
	#!/usr/bin/python3 -u

	"""
	Title : send-dst-unreach
	Last modified date : 14.02.2024
	Author : Martin Tonusoo
	Description : Reads packets from Netfilter queue, sends the
	ICMPv6 type "Destination Unreachable" code
	"Source address failed ingress/egress policy"
	as a response to those packets and finally