在经过漫长的流程请求到 ASN 以及 IP 之后, 又多了一位公网漏油的人.
关于 ASN 申请可以查阅我的申请经历, 获取 IP 可以从各大 RIR 也可从 LIR 租赁. (例如从 Cloudie.sh 可以年付 129 月付的价格租赁 IPv4 /24.)
ARIN IP 出租 (仅允许在 ARIN 区域内广播)
IPv4 /24 1000/Y)
IPv6 /48 $5/Y
IPv6 /44 $15/Y
以下用 Misaka 为例, 记录 BGP Sessions 申请以及 Bird2 配置.
BGP Sessions 请求
创建 Ticket 告知请求 BGP Service, 并等待回复. 对方会向你确认已阅读 BYOIP / Public BGP Service 的说明, 关于设置费用为 $75.
在对方向你 ASN 预留的邮箱发送验证邮件并得到你的确认回复后, 会为你的账户启用 BGP 选项卡, 相关信息会显示在 VM 的 Networking 选项内.
Misaka 通过 RPKI 验证你是否有资格使用此前缀, 请务必要求你的上游为你创建 RPKI.
配置虚拟网卡
你需要创建虚拟网卡并绑定你的 IP. 请注意, 通过命令的形式创建的网卡会在 VM 重启后消失.
ip link add dummy0 type dummy # 新建一个 dummy 网卡, 命名为 dummy0.
ip link set dummy0 up # 标记状态为 UP
ip addr add 0.0.0.32/32 dev dummy0 # 向 dummy 网卡添加 IP.
ip addr add 2602::128/128 dev dummy0 # 向 dummy 网卡添加 IP.
配置 rc.local
dummy 会随着重启而失效, 所以配置 rc.local 使开机自启.
vim /etc/systemd/system/rc-local.service
添加以下内容
[Unit]
Description=/etc/rc.local support
[Service]
Type=oneshot
ExecStart=/etc/rc.local
# disable timeout logic
TimeoutSec=0
#StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
设置开机自启
systemctl enable rc-local.service
创建 /etc/rc.local
touch /etc/rc.local
chmod +x /etc/rc.local
vim /etc/rc.local
添加内容
#!/bin/sh
ip link add dummy0 type dummy
ip link set dummy0 up
ip addr add 0.0.0.32/32 dev dummy0
ip addr add 2602::128/128 dev dummy0
exit 0
启动它
systemctl start rc-local.service
systemctl status rc-local.service
配置 Bird2
Arch Linux
pacman -S bird # 安装 Bird2
echo > /etc/bird.conf # Bird 默认配置文件位于 Arch Linux 的位置.
Debian
apt install -y bird2 # 安装 Bird2
echo > /etc/bird/bird.conf # Bird 默认配置文件位于 Debian 的位置.
修改配置
注意, 以下配置中涉及的地址应更改.
# This is an example configuration file for BIRD Internet Routing Daemon for demonstration purposes only.
# For production use, you should write your own configuration file suitable for your network topology instead.
# Modified from: https://github.com/CZ-NIC/bird/blob/v2.0.7/doc/bird.conf.example
# This is the unique identifier of the router,
# change it to your primary IPv4 address.
router id 192.0.2.1; # 此处修改为公网 IP
# The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD
# routing tables with the OS kernel. One instance per table.
protocol kernel {
ipv4 {
# import all; # Import to table, default is import all
export all; # Export to protocol. default is export none
};
# learn; # Learn alien routes from the kernel
# kernel table 10; # Kernel table to synchronize with (default: main)
}
# Another instance for IPv6, skipping default options
protocol kernel {
ipv6 { export all; };
}
# The direct protocol is not a real routing protocol. It automatically generates
# direct routes to all network interfaces. Can exist in as many instances as you
# wish if you want to populate multiple routing tables with direct routes.
protocol direct {
disabled; # Disable by default
ipv4; # Connect to default IPv4 table
ipv6; # ... and to default IPv6 table
}
# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
protocol static static4_bgp {
ipv4; # Again, IPv4 channel with default options
route 192.0.2.0/24 reject; # 此处修改为宣告的 IPv4
}
protocol static static6_bgp {
ipv6;
route 2001:db8::/32 reject; # 此处修改为宣告的 IPv6
}
filter misaka_bgp4_out {
if proto = "static4_bgp" then accept;
reject;
}
filter misaka_bgp6_out {
if proto = "static6_bgp" then accept;
reject;
}
protocol bgp bgp4_misaka {
# change it to your own ASN number.
local as 64555; # 此处修改为你的 ASN
multihop;
neighbor 100.100.0.0 as 57695;
ipv4 {
# though we provide full table, it's not really necessary to import all routes
import none;
export filter misaka_bgp4_out;
};
}
protocol bgp bgp6_misaka {
# change it to your own ASN number.
local as 64555; # 此处修改为你的 ASN
multihop;
neighbor 2a0b:4342:ffff:: as 57695;
ipv6 {
# though we provide full table, it's not really necessary to import all routes
import none;
export filter misaka_bgp6_out;
};
}
生效配置
systemctl restart bird # 重启 Bird2
birdc s p # 查看 Bird 广播状态, Established 为广播正常.
设置默认出口 IP
ip -6 r # 查看默认网关
ip -6 route change default via fe80:: dev eth0 proto ra metric 1024 pref medium src 2602::1 # 注意修改默认网关地址&网卡&IP
