From 559080faa0cf05a26a879bef31c408cd53491c75 Mon Sep 17 00:00:00 2001
From: Vladimir Vitkov <vvitkov@linux-bg.org>
Date: Tue, 7 Nov 2017 14:55:40 +0200
Subject: [PATCH] ROUTING: uplinks and routing stuff

---
 routing/iproute2/rt_tables | 13 +++++
 routing/network/interfaces | 99 ++++++++++++++++++++++++++++++++++++++
 routing/openvpn/.gitignore |  1 +
 routing/openvpn/marla.conf | 22 +++++++++
 routing/quagga/bgpd.conf   | 55 +++++++++++++++++++++
 routing/quagga/daemons     | 31 ++++++++++++
 routing/quagga/debian.conf | 24 +++++++++
 routing/quagga/zebra.conf  | 50 +++++++++++++++++++
 8 files changed, 295 insertions(+)
 create mode 100644 routing/iproute2/rt_tables
 create mode 100644 routing/network/interfaces
 create mode 100644 routing/openvpn/.gitignore
 create mode 100644 routing/openvpn/marla.conf
 create mode 100644 routing/quagga/bgpd.conf
 create mode 100644 routing/quagga/daemons
 create mode 100644 routing/quagga/debian.conf
 create mode 100644 routing/quagga/zebra.conf

diff --git a/routing/iproute2/rt_tables b/routing/iproute2/rt_tables
new file mode 100644
index 0000000..e7a6a38
--- /dev/null
+++ b/routing/iproute2/rt_tables
@@ -0,0 +1,13 @@
+#
+# reserved values
+#
+255	local
+254	main
+253	default
+0	unspec
+#
+# local
+#
+##1	inr.ruhep
+2	tbc
+3	tpark
diff --git a/routing/network/interfaces b/routing/network/interfaces
new file mode 100644
index 0000000..2e1007a
--- /dev/null
+++ b/routing/network/interfaces
@@ -0,0 +1,99 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# video personel
+auto eth0
+iface eth0 inet static
+	address 10.23.0.1
+	netmask 255.255.255.0
+
+#real config
+auto eth1.999
+iface eth1.999 inet static
+        address 172.31.42.100
+        netmask 255.255.255.0
+iface eth1.999 inet6 static
+        address 2001:67c:21bc:7fff:f0f:fcf0::100
+        netmask 120
+        dad-attempts 0
+
+auto eth1
+iface eth1 inet static
+	address 192.168.192.168
+	netmask 255.255.255.255
+
+# management
+auto eth1.20
+iface eth1.20 inet static
+	address 10.20.0.1
+	netmask 255.255.255.0
+	up ip a add 185.117.82.237/32 dev eth1.20
+
+# wired
+auto eth1.21
+iface eth1.21 inet static
+	address 10.21.0.1
+	netmask 255.255.252.0
+
+iface eth1.21 inet6 static
+	address 2001:67c:21bc:30::1
+	netmask 64
+	dad-attempts 0
+
+# wireless
+auto eth1.22
+iface eth1.22 inet static
+	address 10.22.0.1
+	netmask 255.255.252.0
+
+iface eth1.22 inet6 static
+	address 2001:67c:21bc:31::1
+	netmask 64
+	dad-attempts 0
+
+# overflow (TV)
+auto eth1.24
+iface eth1.24 inet static
+	address 10.24.0.1
+	netmask 255.255.255.0
+
+# phones
+auto eth1.25
+iface eth1.25 inet static
+	address 10.25.0.1
+	netmask 255.255.255.0
+
+# security
+auto eth1.26
+iface eth1.26 inet static
+	address 10.2.2.1
+	netmask 255.255.255.0
+
+
+auto eth1.6
+iface eth1.6 inet static
+        address 94.26.100.155
+        netmask 255.255.255.224
+#       gateway 94.26.100.129
+        up ip r add 94.26.100.128/27 dev eth1.6 table tbc
+        up ip r add default via 94.26.100.129 table tbc
+
+# tmp initlab bgp link
+auto eth1.1024
+iface eth1.1024 inet static
+	address 185.117.82.24
+	netmask 255.255.255.240
+
+# techpark
+auto eth1.2464
+iface eth1.2464 inet static
+	address 194.141.112.139
+	netmask 255.255.255.192
+	post-up ip r add 194.141.112.128/26 dev eth1.2464 table tpark
+	post-up ip r add default via 194.141.112.129 table tpark
diff --git a/routing/openvpn/.gitignore b/routing/openvpn/.gitignore
new file mode 100644
index 0000000..c996e50
--- /dev/null
+++ b/routing/openvpn/.gitignore
@@ -0,0 +1 @@
+*.key
diff --git a/routing/openvpn/marla.conf b/routing/openvpn/marla.conf
new file mode 100644
index 0000000..6264495
--- /dev/null
+++ b/routing/openvpn/marla.conf
@@ -0,0 +1,22 @@
+dev tun0
+
+tun-ipv6
+remote 185.117.82.66
+local 194.141.112.139
+
+proto udp
+
+tun-mtu 1500
+ifconfig 172.31.43.3 172.31.43.2
+ifconfig-ipv6 2001:67c:21bc:7fff:f0f:fcf1::2/120 2001:67c:21bc:7fff:f0f:fcf1::1
+
+secret /etc/openvpn/eric.key
+
+port 4299
+
+; user nobody
+; group nobody
+
+ping 15
+verb 1
+script-security 2
diff --git a/routing/quagga/bgpd.conf b/routing/quagga/bgpd.conf
new file mode 100644
index 0000000..cd49fae
--- /dev/null
+++ b/routing/quagga/bgpd.conf
@@ -0,0 +1,55 @@
+!
+! Zebra configuration saved from vty
+!   2017/11/04 13:22:45
+!
+hostname eric-bgpd
+password password
+log stdout
+!
+router bgp 65500
+ bgp router-id 192.168.192.168
+ network 185.117.82.237/32
+ neighbor 172.31.42.1 remote-as 200533
+ neighbor 172.31.42.1 description marla-pri
+ neighbor 172.31.42.1 soft-reconfiguration inbound
+ neighbor 172.31.42.1 prefix-list openfest out
+ neighbor 172.31.42.1 route-map ipacct-in in
+ neighbor 172.31.43.2 remote-as 200533
+ neighbor 172.31.43.2 description marla-bckp
+ neighbor 172.31.43.2 soft-reconfiguration inbound
+ neighbor 172.31.43.2 prefix-list openfest out
+ neighbor 185.117.82.20 remote-as 65535
+ neighbor 185.117.82.20 description spitfire
+ neighbor 185.117.82.20 soft-reconfiguration inbound
+ neighbor 185.117.82.20 prefix-list openfest out
+ neighbor 2001:67c:21bc:7fff:f0f:fcf0:0:1 remote-as 200533
+ neighbor 2001:67c:21bc:7fff:f0f:fcf0:0:1 description marla6-pri
+ no neighbor 2001:67c:21bc:7fff:f0f:fcf0:0:1 activate
+ neighbor 2001:67c:21bc:7fff:f0f:fcf1:0:1 remote-as 200533
+ neighbor 2001:67c:21bc:7fff:f0f:fcf1:0:1 description marla6-bckp
+ no neighbor 2001:67c:21bc:7fff:f0f:fcf1:0:1 activate
+!
+ address-family ipv6
+ network 2001:67c:21bc:30::/60
+ neighbor 2001:67c:21bc:7fff:f0f:fcf0:0:1 activate
+ neighbor 2001:67c:21bc:7fff:f0f:fcf0:0:1 soft-reconfiguration inbound
+ neighbor 2001:67c:21bc:7fff:f0f:fcf0:0:1 route-map ipacct-in6 in
+ neighbor 2001:67c:21bc:7fff:f0f:fcf1:0:1 activate
+ neighbor 2001:67c:21bc:7fff:f0f:fcf1:0:1 soft-reconfiguration inbound
+ neighbor 2001:67c:21bc:7fff:f0f:fcf1:0:1 prefix-list openfest6 out
+ exit-address-family
+!
+ip prefix-list openfest seq 5 permit 185.117.82.237/32
+ip prefix-list openfest seq 10 deny any
+!
+ipv6 prefix-list openfest6 seq 5 permit 2001:67c:21bc:30::/60
+ipv6 prefix-list openfest6 seq 10 deny any
+!
+route-map ipacct-in permit 10
+ set local-preference 150
+!
+route-map ipacct-in6 permit 10
+ set local-preference 150
+!
+line vty
+!
diff --git a/routing/quagga/daemons b/routing/quagga/daemons
new file mode 100644
index 0000000..cb7c232
--- /dev/null
+++ b/routing/quagga/daemons
@@ -0,0 +1,31 @@
+# This file tells the quagga package which daemons to start.
+#
+# Entries are in the format: <daemon>=(yes|no|priority)
+#   0, "no"  = disabled
+#   1, "yes" = highest priority
+#   2 .. 10  = lower priorities
+# Read /usr/share/doc/quagga/README.Debian for details.
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/quagga/examples/.
+#
+# ATTENTION: 
+#
+# When activation a daemon at the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "quagga", else
+# the daemon will not be started by /etc/init.d/quagga. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too.
+#
+# The watchquagga daemon is always started. Per default in monitoring-only but
+# that can be changed via /etc/quagga/debian.conf.
+#
+zebra=yes
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+babeld=no
diff --git a/routing/quagga/debian.conf b/routing/quagga/debian.conf
new file mode 100644
index 0000000..dfbfb01
--- /dev/null
+++ b/routing/quagga/debian.conf
@@ -0,0 +1,24 @@
+#
+# If this option is set the /etc/init.d/quagga script automatically loads
+# the config via "vtysh -b" when the servers are started. 
+# Check /etc/pam.d/quagga if you intend to use "vtysh"!
+#
+vtysh_enable=yes
+zebra_options="  --daemon -A 127.0.0.1"
+bgpd_options="   --daemon -A 127.0.0.1"
+ospfd_options="  --daemon -A 127.0.0.1"
+ospf6d_options=" --daemon -A ::1"
+ripd_options="   --daemon -A 127.0.0.1"
+ripngd_options=" --daemon -A ::1"
+isisd_options="  --daemon -A 127.0.0.1"
+babeld_options=" --daemon -A 127.0.0.1"
+#
+# Please note that watchquagga_options is an array and not a string so that
+# quotes can be used.
+#
+# The list of daemons to watch is automatically generated by the init script
+# from daemons.conf and appended to the watchquagga_options.
+# Example:
+#    watchquagga_options=("-Adz" "-r" '/sbin/service %s restart' -s '/sbin/service %s start'  -k '/sbin/service %s stop')
+watchquagga_enable=yes
+watchquagga_options=(--daemon)
diff --git a/routing/quagga/zebra.conf b/routing/quagga/zebra.conf
new file mode 100644
index 0000000..0ec9631
--- /dev/null
+++ b/routing/quagga/zebra.conf
@@ -0,0 +1,50 @@
+!
+! Zebra configuration saved from vty
+!   2017/10/30 12:20:35
+!
+hostname eric-zebra
+password password
+enable password password
+!
+interface eth0
+ ipv6 nd suppress-ra
+!
+interface eth1
+ ipv6 nd suppress-ra
+!
+interface eth1.2
+ ipv6 nd suppress-ra
+!
+interface eth1.6
+ ipv6 nd suppress-ra
+!
+interface eth1.10
+ ipv6 nd suppress-ra
+!
+interface eth1.20
+ ipv6 nd suppress-ra
+!
+interface eth1.21
+ ipv6 nd suppress-ra
+!
+interface eth1.22
+ ipv6 nd suppress-ra
+!
+interface eth1.24
+ ipv6 nd suppress-ra
+!
+interface lo
+!
+interface tun0
+ ipv6 nd suppress-ra
+!
+route-map RM_SET_SRC permit 10
+ set src 185.117.82.237
+!
+ip forwarding
+ipv6 forwarding
+!
+ip protocol bgp route-map RM_SET_SRC
+!
+line vty
+!