=========================================
Private WAN routers
=========================================

.. warning::

    Private WAN routers will be deprecated in SD-WAN on August 1, 2025.
    Please see `Migrating to managed mesh <../private-wan/private-wan-managed-mesh/migrating.html>`__
    for information on migrating an existing deployment using private WAN
    routers to a managed mesh.

Currently the preferred method to configure dynamic routing on private
WAN routers is via bird.

bird implementation
=====================================

.. note::

    Due to the method of high availability employed by private WAN routers,
    routes are announced via the kernel instead of being set as static
    routes in bird. It is recommended to use route filters to choose what
    to announce to routing peers. Without a route filter, all of the
    addresses for gateways, port forward rules, and NAT rules where the
    gateway is not on a VLAN will be announced. Typically, we would want all
    of those routes announced, but there is also a route for the VPN to the
    management server that should generally not be announced. That route is
    10.250.0.0/16 by default.

    Internally, the network range 240.0.0.0/4 is used for communication between
    private WAN routers and aggregators.

Global
------

Create a file at ``/etc/bonding/bird/global.conf`` with the following generic
configurations:

::

    protocol kernel {
        ipv4 {
                import all;
                export all;
        };
        learn;
    }

    protocol direct {
        ipv4 {
                import all;
        };
        ipv6 {
                import all;
        };
        interface "*-ext";
    }

    filter ignore_internal {
        if net ~ [10.250.0.0/16{16,32}, 240.0.0.0/4{4,32}] then {
                reject;
        }
        accept;
    }

BGP
---

To configure bird with BGP, create a file at ``/etc/bonding/bird/bgp.conf``
with the following configuration:

::

    protocol bgp {
        ipv4 {
                import all;
                export filter ignore_internal;
        };
        local as 65000;
        neighbor 198.51.100.130 as 65001;
    }

Set the neighbor IP as appropriate.

Then run ``pwanbirdc - conf`` to load the config.

Configuration
~~~~~~~~~~~~~

To specify any custom configurations for BGP, refer to the
bird `BGP documentation <https://bird.network.cz/?get_doc&v=20&f=bird.html#toc6.3>`_.

OSPF
----

To configure bird with OSPF, create a file at ``/etc/bonding/bird/ospf.conf``
with the following configuration:

::

    protocol ospf v2 ospf_4 {
        ipv4 {
                import all;
                export filter ignore_internal;
        };
        area 0.0.0.0 {
                interface "ext" {};
        };
    }

Then run ``pwanbirdc - conf`` to load the config.

Configuration
~~~~~~~~~~~~~

To specify any custom configurations for OSPF, refer to the
bird `OSPF documentation <https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.8>`_.