Changes in b595ea0: Update BGP-communities for BIRD2 and add BGP MED based on them for an example use case.

				howto/BGP-communities.md
			
          @@ -1,12 +1,17 @@

          -Bird is a commonly used BGP daemon. This page provides configuration and help for using BGP communities with Bird for dn42.

          +Bird2 is a commonly used BGP daemon. This page provides configuration and help for using BGP communities with Bird2 for dn42.

           Communities can be used to prioritize traffic based on different flags, in DN42 we are using communities to prioritize based on latency, bandwidth and encryption. Please note that everyone should be using community 64511.

          -The community is applied to the route when it is imported and exported, therefore you need to change your bird configuration, in /etc/bird/peers4 if you followed the Bird guide.

          +The community is applied to the route when it is imported and exported, therefore you need to change your bird configuration

          +in /etc/bird/peers/*

           The filter helpers can be stored in a separate file, for example /etc/bird/community_filters.conf.

          -Below, you will see an example config for peers4 based on the original filter implementation by Jplitza.

          +Below, you will see an example config for peers based on the original filter implementation by Jplitza.

          +Additionally the below configuration applied BGP MED on exports using the communities

          +as an example for what they can be used for. 

          +This is based on mk16's lab implemenation at [https://mk16.de/blog/lab-en/](https://mk16.de/blog/lab-en/)

          +

           To properly assign the right community to your peer, please reference the table below. If you are running your own network and peering internally, please also apply the communities inside your network.

          @@ -117,17 +122,8 @@ just above `update_flags` in `dn42_export_filter` function

             - Otherwise, if you export routes across multiple regions within your network, you may be sending incorrect origin information to other peers.

          -## Example configurations

          +## Example configuration for BIRD2

           ```conf

          -# /etc/bird/peers4/tombii.conf

          -protocol bgp tombii from dnpeers {

          -  neighbor 172.23.102.x as 4242420321;

          -  import where dn42_import_filter(3,24,33);

          -  export where dn42_export_filter(3,24,33);

          -};

          -```

          -```conf

          -#/etc/bird/community_filters.conf

           function update_latency(int link_latency) {

             bgp_community.add((64511, link_latency));

                  if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; }

          @@ -141,6 +137,7 @@ function update_latency(int link_latency) {

             else return 1;

           }

          +

           function update_bandwidth(int link_bandwidth) {

             bgp_community.add((64511, link_bandwidth));

                  if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; }

          @@ -161,7 +158,13 @@ function update_crypto(int link_crypto) {

             else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; }

             else return 34;

           }

          -

          +#Remove the following function if you do not want to advertize your region in the BGP community.

          +function update_geo_flags() {

          +    if is_self_net() || is_self_net_v6() then {

          +        bgp_community.add((64511, DN_REGION_GEO));

          +	    bgp_community.add((64511, DN_REGION_COUNTRY));

          +    }

          +}

           function update_flags(int link_latency; int link_bandwidth; int link_crypto)

           int dn42_latency;

           int dn42_bandwidth;

          @@ -175,35 +178,87 @@ int dn42_crypto;

             return true;

           }

          -# Combines filter from local4.conf/local6.conf and filter4.conf/filter6.conf,

          -# which means, these must included before this file

          +#Uses ROA, which means it should be imported before these functions

           function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) {

          +  # IPv4 routes with ROA

             if is_valid_network() && !is_self_net() then {

          +    if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {

          +      # Reject when unknown or invalid according to ROA

          +      print "[dn42] IPv4 ROA check failed for ", net, " ASN ", bgp_path.last;

          +      reject;

          +    }

          +

          +    update_flags(link_latency, link_bandwidth, link_crypto);

          +

          +    if (bgp_path.len = 1) then

          +      bgp_local_pref = bgp_local_pref + 500;

          +

          +    accept;

          +  }

          +

          +  # IPv6 routes with ROA

          +  if is_valid_network_v6() && !is_self_net_v6() then {

          +    if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {

          +      # Reject when unknown or invalid according to ROA

          +      print "[dn42] IPv6 ROA check failed for ", net, " ASN ", bgp_path.last;

          +      reject;

          +    }

          +

               update_flags(link_latency, link_bandwidth, link_crypto);

          +

          +    if (bgp_path.len = 1) then

          +      bgp_local_pref = bgp_local_pref + 500;

          +

               accept;

             }

          +

          +  # Re

             reject;

           }

          -

           function dn42_export_filter(int link_latency; int link_bandwidth; int link_crypto) {

          -  if is_valid_network() then {

          +  if is_valid_network() || is_valid_network_v6() then {

               update_flags(link_latency, link_bandwidth, link_crypto);

          +    update_geo_flags();

          +    bgp_med = 0;

          +    bgp_med = bgp_med + ( ( 4 - ( link_crypto - 30 ) ) * 600 );

          +    bgp_med = bgp_med + ( ( 9 - ( link_bandwidth - 20 ) ) * 100);

          +    bgp_med = bgp_med + ( ( link_latency - 1) * 300);

          +

               accept;

             }

             reject;

           }

          +

          +```

          +And in your /etc/bird/peers/example.conf peer where  your  parameters as as such

          +11 ms, 1000 mbit/s, pfs tunnel example with MP-BGP with ENH

          +```conf

          +protocol bgp example from dnpeers {

          +    neighbor neighbor <neighborip><%interface if Link Local is used> as <AUT_NUM>;

          +    ipv4 {

          +        extended next hop on;

          +		import where dn42_import_filter(3,25,34);

          +		export where dn42_export_filter(3,25,34);

          +    };

          +

          +    ipv6 {

          +		import where dn42_import_filter(3,25,34);

          +		export where dn42_export_filter(3,25,34);

          +    };

           ```

          -Please remember to include /etc/bird/community_filters.conf in your bird.conf/birdc6.conf

          +Please remember to include /etc/bird/community_filters.conf and to define your GEO regions in your bird.conf 

           ```conf

           # local configuration

           ######################

          -include "bird/local4.conf";

          -

          -# filter helpers

          -#################

          +# In the variable header or anywhere before the include for the community filters add

          +define DN_REGION_GEO = xx;

          +define DN_REGION_COUNTRY = xxxx;

          +#If you wish to add the BGP Geographical Communities.

          -include "/etc/bird/filter4.conf";

          +#before you import your peers add  the community filters eg

          +#include "/etc/bird/community_filters.conf";

          +#include "/etc/bird/peers/*";

           include "/etc/bird/community_filters.conf";

           ```

...	...	@@ -1,12 +1,17 @@
1		-Bird is a commonly used BGP daemon. This page provides configuration and help for using BGP communities with Bird for dn42.
	1	+Bird2 is a commonly used BGP daemon. This page provides configuration and help for using BGP communities with Bird2 for dn42.
2	2
3	3	Communities can be used to prioritize traffic based on different flags, in DN42 we are using communities to prioritize based on latency, bandwidth and encryption. Please note that everyone should be using community 64511.
4	4
5		-The community is applied to the route when it is imported and exported, therefore you need to change your bird configuration, in /etc/bird/peers4 if you followed the Bird guide.
	5	+The community is applied to the route when it is imported and exported, therefore you need to change your bird configuration
	6	+in /etc/bird/peers/*
6	7
7	8	The filter helpers can be stored in a separate file, for example /etc/bird/community_filters.conf.
8	9
9		-Below, you will see an example config for peers4 based on the original filter implementation by Jplitza.
	10	+Below, you will see an example config for peers based on the original filter implementation by Jplitza.
	11	+Additionally the below configuration applied BGP MED on exports using the communities
	12	+as an example for what they can be used for.
	13	+This is based on mk16's lab implemenation at [https://mk16.de/blog/lab-en/](https://mk16.de/blog/lab-en/)
	14	+
10	15
11	16	To properly assign the right community to your peer, please reference the table below. If you are running your own network and peering internally, please also apply the communities inside your network.
12	17
...	...	@@ -117,17 +122,8 @@ just above `update_flags` in `dn42_export_filter` function
117	122	- Otherwise, if you export routes across multiple regions within your network, you may be sending incorrect origin information to other peers.
118	123
119	124
120		-## Example configurations
	125	+## Example configuration for BIRD2
121	126	```conf
122		-# /etc/bird/peers4/tombii.conf
123		-protocol bgp tombii from dnpeers {
124		- neighbor 172.23.102.x as 4242420321;
125		- import where dn42_import_filter(3,24,33);
126		- export where dn42_export_filter(3,24,33);
127		-};
128		-```
129		-```conf
130		-#/etc/bird/community_filters.conf
131	127	function update_latency(int link_latency) {
132	128	bgp_community.add((64511, link_latency));
133	129	if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; }
...	...	@@ -141,6 +137,7 @@ function update_latency(int link_latency) {
141	137	else return 1;
142	138	}
143	139
	140	+
144	141	function update_bandwidth(int link_bandwidth) {
145	142	bgp_community.add((64511, link_bandwidth));
146	143	if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; }
...	...	@@ -161,7 +158,13 @@ function update_crypto(int link_crypto) {
161	158	else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; }
162	159	else return 34;
163	160	}
164		-
	161	+#Remove the following function if you do not want to advertize your region in the BGP community.
	162	+function update_geo_flags() {
	163	+ if is_self_net() \|\| is_self_net_v6() then {
	164	+ bgp_community.add((64511, DN_REGION_GEO));
	165	+ bgp_community.add((64511, DN_REGION_COUNTRY));
	166	+ }
	167	+}
165	168	function update_flags(int link_latency; int link_bandwidth; int link_crypto)
166	169	int dn42_latency;
167	170	int dn42_bandwidth;
...	...	@@ -175,35 +178,87 @@ int dn42_crypto;
175	178	return true;
176	179	}
177	180
178		-# Combines filter from local4.conf/local6.conf and filter4.conf/filter6.conf,
179		-# which means, these must included before this file
	181	+#Uses ROA, which means it should be imported before these functions
180	182
181	183	function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) {
	184	+ # IPv4 routes with ROA
182	185	if is_valid_network() && !is_self_net() then {
	186	+ if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
	187	+ # Reject when unknown or invalid according to ROA
	188	+ print "[dn42] IPv4 ROA check failed for ", net, " ASN ", bgp_path.last;
	189	+ reject;
	190	+ }
	191	+
	192	+ update_flags(link_latency, link_bandwidth, link_crypto);
	193	+
	194	+ if (bgp_path.len = 1) then
	195	+ bgp_local_pref = bgp_local_pref + 500;
	196	+
	197	+ accept;
	198	+ }
	199	+
	200	+ # IPv6 routes with ROA
	201	+ if is_valid_network_v6() && !is_self_net_v6() then {
	202	+ if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
	203	+ # Reject when unknown or invalid according to ROA
	204	+ print "[dn42] IPv6 ROA check failed for ", net, " ASN ", bgp_path.last;
	205	+ reject;
	206	+ }
	207	+
183	208	update_flags(link_latency, link_bandwidth, link_crypto);
	209	+
	210	+ if (bgp_path.len = 1) then
	211	+ bgp_local_pref = bgp_local_pref + 500;
	212	+
184	213	accept;
185	214	}
	215	+
	216	+ # Re
186	217	reject;
187	218	}
188		-
189	219	function dn42_export_filter(int link_latency; int link_bandwidth; int link_crypto) {
190		- if is_valid_network() then {
	220	+ if is_valid_network() \|\| is_valid_network_v6() then {
191	221	update_flags(link_latency, link_bandwidth, link_crypto);
	222	+ update_geo_flags();
	223	+ bgp_med = 0;
	224	+ bgp_med = bgp_med + ( ( 4 - ( link_crypto - 30 ) ) * 600 );
	225	+ bgp_med = bgp_med + ( ( 9 - ( link_bandwidth - 20 ) ) * 100);
	226	+ bgp_med = bgp_med + ( ( link_latency - 1) * 300);
	227	+
192	228	accept;
193	229	}
194	230	reject;
195	231	}
	232	+
	233	+```
	234	+And in your /etc/bird/peers/example.conf peer where your parameters as as such
	235	+11 ms, 1000 mbit/s, pfs tunnel example with MP-BGP with ENH
	236	+```conf
	237	+protocol bgp example from dnpeers {
	238	+ neighbor neighbor <neighborip><%interface if Link Local is used> as <AUT_NUM>;
	239	+ ipv4 {
	240	+ extended next hop on;
	241	+ import where dn42_import_filter(3,25,34);
	242	+ export where dn42_export_filter(3,25,34);
	243	+ };
	244	+
	245	+ ipv6 {
	246	+ import where dn42_import_filter(3,25,34);
	247	+ export where dn42_export_filter(3,25,34);
	248	+ };
196	249	```
197		-Please remember to include /etc/bird/community_filters.conf in your bird.conf/birdc6.conf
	250	+Please remember to include /etc/bird/community_filters.conf and to define your GEO regions in your bird.conf
198	251	```conf
199	252	# local configuration
200	253	######################
201		-include "bird/local4.conf";
202		-
203		-# filter helpers
204		-#################
	254	+# In the variable header or anywhere before the include for the community filters add
	255	+define DN_REGION_GEO = xx;
	256	+define DN_REGION_COUNTRY = xxxx;
	257	+#If you wish to add the BGP Geographical Communities.
205	258
206		-include "/etc/bird/filter4.conf";
	259	+#before you import your peers add the community filters eg
	260	+#include "/etc/bird/community_filters.conf";
	261	+#include "/etc/bird/peers/*";
207	262	include "/etc/bird/community_filters.conf";
208	263	```
209	264