etheroute-lon01: change setup of quadv
This commit is contained in:
parent
d7b2ca1cec
commit
2420018235
2 changed files with 34 additions and 44 deletions
|
@ -116,6 +116,9 @@
|
||||||
# Accept from "trusted" quadv1 interface
|
# Accept from "trusted" quadv1 interface
|
||||||
ip46tables -A lukegb-forward -i quadv1 -j lukegb-fwd-accept
|
ip46tables -A lukegb-forward -i quadv1 -j lukegb-fwd-accept
|
||||||
|
|
||||||
|
# Accept to quadv1 interface if we're multipathing.
|
||||||
|
ip46tables -A lukegb-forward -o quadv1 -j lukegb-fwd-accept
|
||||||
|
|
||||||
# Accept from established/related connections.
|
# Accept from established/related connections.
|
||||||
ip46tables -A lukegb-forward -m conntrack --ctstate ESTABLISHED,RELATED -j lukegb-fwd-accept
|
ip46tables -A lukegb-forward -m conntrack --ctstate ESTABLISHED,RELATED -j lukegb-fwd-accept
|
||||||
|
|
||||||
|
@ -158,26 +161,6 @@
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.netdevs.gsl1 = {
|
|
||||||
netdevConfig = {
|
|
||||||
Name = "gsl1";
|
|
||||||
Kind = "vxlan";
|
|
||||||
};
|
|
||||||
|
|
||||||
vxlanConfig = {
|
|
||||||
VNI = 242;
|
|
||||||
Remote = "203.57.82.5";
|
|
||||||
Local = "103.141.25.50";
|
|
||||||
DestinationPort = 4789;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.network.networks."40-eno1".vxlan = [ "gsl1" ];
|
|
||||||
systemd.network.networks.gsl1 = {
|
|
||||||
matchConfig.Name = "gsl1";
|
|
||||||
address = [ "10.0.0.22/30" "2401:3bc0::4:16/126" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
services.openssh.hostKeys = [
|
services.openssh.hostKeys = [
|
||||||
{
|
{
|
||||||
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
||||||
|
@ -202,7 +185,6 @@
|
||||||
local = {
|
local = {
|
||||||
routerID = "103.141.25.50";
|
routerID = "103.141.25.50";
|
||||||
};
|
};
|
||||||
export.v4 = [ "92.118.31.0/24" ];
|
|
||||||
peering = {
|
peering = {
|
||||||
etheroute = {
|
etheroute = {
|
||||||
local = local // {
|
local = local // {
|
||||||
|
@ -218,20 +200,6 @@
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gsl = {
|
|
||||||
local = local // {
|
|
||||||
v4 = "10.0.0.22";
|
|
||||||
v6 = "2401:3bc0::4:16";
|
|
||||||
};
|
|
||||||
remote = {
|
|
||||||
asn = 137409;
|
|
||||||
export_community = 4002;
|
|
||||||
routers = [{
|
|
||||||
v4 = "10.0.0.21";
|
|
||||||
v6 = "2401:3bc0::4:15";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
bgptoolscollector = {
|
bgptoolscollector = {
|
||||||
local = local // {
|
local = local // {
|
||||||
v4 = "103.141.25.50";
|
v4 = "103.141.25.50";
|
||||||
|
@ -250,6 +218,20 @@
|
||||||
prefix_limit.v6 = 0;
|
prefix_limit.v6 = 0;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
quadv = {
|
||||||
|
local = local // {
|
||||||
|
v4 = "169.254.111.0";
|
||||||
|
};
|
||||||
|
remote = {
|
||||||
|
asn = 197753;
|
||||||
|
export_community = 4099;
|
||||||
|
routers = [{
|
||||||
|
v4 = "169.254.111.1";
|
||||||
|
}];
|
||||||
|
prefix_limit.v4 = 10;
|
||||||
|
prefix_limit.v6 = 10;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,6 +16,16 @@ let
|
||||||
${if ix.remote.must_be_next_hop then "if (bgp_path.first != ${toString ix.remote.asn}) then reject;" else "# no next-hop requirement"}
|
${if ix.remote.must_be_next_hop then "if (bgp_path.first != ${toString ix.remote.asn}) then reject;" else "# no next-hop requirement"}
|
||||||
${lib.concatMapStringsSep "\n" (asn: "if (bgp_path ~ [= * ${toString asn} * =]) then reject;") ix.remote.drop_asns}
|
${lib.concatMapStringsSep "\n" (asn: "if (bgp_path ~ [= * ${toString asn} * =]) then reject;") ix.remote.drop_asns}
|
||||||
if (bgp_path ~ [= * 16276 * =] && gw = 195.66.225.6) then gw = 195.66.224.220; # OVH must go via router 1; router 2 is bork.
|
if (bgp_path ~ [= * 16276 * =] && gw = 195.66.225.6) then gw = 195.66.224.220; # OVH must go via router 1; router 2 is bork.
|
||||||
|
${lib.optionalString (ixName == "quadv") ''
|
||||||
|
bgp_ext_community.add((ro, 205479, 1000));
|
||||||
|
bgp_ext_community.add((ro, 205479, 4000)); # etheroute
|
||||||
|
#bgp_ext_community.add((ro, 205479, 4002)); # gsl
|
||||||
|
|
||||||
|
# Etheroute communities
|
||||||
|
bgp_community.add((3170, 63257)); # GTT Corero
|
||||||
|
bgp_community.add((64600, 3356)); # no Lumen
|
||||||
|
bgp_community.add((64600, 5459)); # no LINX peers (inc. RS)
|
||||||
|
''}
|
||||||
bgp_local_pref = ${toString ix.remote.bgp_local_pref};
|
bgp_local_pref = ${toString ix.remote.bgp_local_pref};
|
||||||
accept;
|
accept;
|
||||||
}
|
}
|
||||||
|
@ -33,6 +43,7 @@ let
|
||||||
};
|
};
|
||||||
''}
|
''}
|
||||||
|
|
||||||
|
${lib.optionalString (doesIPv6 ix) ''
|
||||||
ipv6 table ${ixName}6;
|
ipv6 table ${ixName}6;
|
||||||
filter bgp_in_${ixName}6
|
filter bgp_in_${ixName}6
|
||||||
prefix set allnet;
|
prefix set allnet;
|
||||||
|
@ -57,8 +68,10 @@ let
|
||||||
import ${if ix.remote.is_route_collector then "all" else "where ((ro, ${toString ix.local.asn}, ${toString ix.remote.export_community}) ~ bgp_ext_community)"};
|
import ${if ix.remote.is_route_collector then "all" else "where ((ro, ${toString ix.local.asn}, ${toString ix.remote.export_community}) ~ bgp_ext_community)"};
|
||||||
export filter bgp_in_${ixName}6;
|
export filter bgp_in_${ixName}6;
|
||||||
};
|
};
|
||||||
|
''}
|
||||||
'' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers;
|
'' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers;
|
||||||
doesIPv4 = ix: (ix.local.v4 != null) || ix.v4onv6;
|
doesIPv4 = ix: (ix.local.v4 != null) || ix.v4onv6;
|
||||||
|
doesIPv6 = ix: (ix.local.v6 != null);
|
||||||
enabledSnippet = { enabled ? true, ... }: "disabled ${if enabled then "off" else "on"};";
|
enabledSnippet = { enabled ? true, ... }: "disabled ${if enabled then "off" else "on"};";
|
||||||
passwordSnippet = { password ? null, ... }: if password == null then "# no password" else "password \"${password}\";";
|
passwordSnippet = { password ? null, ... }: if password == null then "# no password" else "password \"${password}\";";
|
||||||
multihopSnippet = { multihop ? null, ... }: if multihop == null then "# not multihop" else "multihop ${toString multihop};";
|
multihopSnippet = { multihop ? null, ... }: if multihop == null then "# not multihop" else "multihop ${toString multihop};";
|
||||||
|
@ -83,6 +96,7 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
''}
|
''}
|
||||||
|
${lib.optionalString (ix.local.v6 != null) ''
|
||||||
protocol bgp ${ixName}${toString routerNum}_6 {
|
protocol bgp ${ixName}${toString routerNum}_6 {
|
||||||
${enabledSnippet router}
|
${enabledSnippet router}
|
||||||
${passwordSnippet router}
|
${passwordSnippet router}
|
||||||
|
@ -108,6 +122,7 @@ let
|
||||||
${prefixLimitSnippet ix.remote.prefix_limit.v6}
|
${prefixLimitSnippet ix.remote.prefix_limit.v6}
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
''}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
inherit (lib) mkOption mkAfter types;
|
inherit (lib) mkOption mkAfter types;
|
||||||
|
@ -143,7 +158,8 @@ in {
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
v6 = mkOption { # lukegbgp.config.peering.<foo>.local.v6
|
v6 = mkOption { # lukegbgp.config.peering.<foo>.local.v6
|
||||||
type = str;
|
type = nullOr str;
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -325,14 +341,6 @@ in {
|
||||||
protocol static export4 {
|
protocol static export4 {
|
||||||
ipv4 {
|
ipv4 {
|
||||||
import filter {
|
import filter {
|
||||||
|
|
||||||
if net = 92.118.31.0/24 then {
|
|
||||||
# bgp_path.prepend(197753);
|
|
||||||
bgp_ext_community.add((ro, 205479, 1000));
|
|
||||||
bgp_ext_community.add((ro, 205479, 4002));
|
|
||||||
accept;
|
|
||||||
}
|
|
||||||
|
|
||||||
bgp_ext_community.add((ro, 205479, 1000));
|
bgp_ext_community.add((ro, 205479, 1000));
|
||||||
bgp_ext_community.add((ro, 205479, 2000));
|
bgp_ext_community.add((ro, 205479, 2000));
|
||||||
bgp_ext_community.add((ro, 205479, 2001));
|
bgp_ext_community.add((ro, 205479, 2001));
|
||||||
|
|
Loading…
Reference in a new issue