etheroute-lon01: change setup of quadv
This commit is contained in:
parent
d7b2ca1cec
commit
2420018235
2 changed files with 34 additions and 44 deletions
|
@ -116,6 +116,9 @@
|
|||
# Accept from "trusted" quadv1 interface
|
||||
ip46tables -A lukegb-forward -i quadv1 -j lukegb-fwd-accept
|
||||
|
||||
# Accept to quadv1 interface if we're multipathing.
|
||||
ip46tables -A lukegb-forward -o quadv1 -j lukegb-fwd-accept
|
||||
|
||||
# Accept from established/related connections.
|
||||
ip46tables -A lukegb-forward -m conntrack --ctstate ESTABLISHED,RELATED -j lukegb-fwd-accept
|
||||
|
||||
|
@ -158,26 +161,6 @@
|
|||
}];
|
||||
};
|
||||
|
||||
systemd.network.netdevs.gsl1 = {
|
||||
netdevConfig = {
|
||||
Name = "gsl1";
|
||||
Kind = "vxlan";
|
||||
};
|
||||
|
||||
vxlanConfig = {
|
||||
VNI = 242;
|
||||
Remote = "203.57.82.5";
|
||||
Local = "103.141.25.50";
|
||||
DestinationPort = 4789;
|
||||
};
|
||||
};
|
||||
systemd.network.networks."40-eno1".vxlan = [ "gsl1" ];
|
||||
systemd.network.networks.gsl1 = {
|
||||
matchConfig.Name = "gsl1";
|
||||
address = [ "10.0.0.22/30" "2401:3bc0::4:16/126" ];
|
||||
};
|
||||
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{
|
||||
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
||||
|
@ -202,7 +185,6 @@
|
|||
local = {
|
||||
routerID = "103.141.25.50";
|
||||
};
|
||||
export.v4 = [ "92.118.31.0/24" ];
|
||||
peering = {
|
||||
etheroute = {
|
||||
local = local // {
|
||||
|
@ -218,20 +200,6 @@
|
|||
}];
|
||||
};
|
||||
};
|
||||
gsl = {
|
||||
local = local // {
|
||||
v4 = "10.0.0.22";
|
||||
v6 = "2401:3bc0::4:16";
|
||||
};
|
||||
remote = {
|
||||
asn = 137409;
|
||||
export_community = 4002;
|
||||
routers = [{
|
||||
v4 = "10.0.0.21";
|
||||
v6 = "2401:3bc0::4:15";
|
||||
}];
|
||||
};
|
||||
};
|
||||
bgptoolscollector = {
|
||||
local = local // {
|
||||
v4 = "103.141.25.50";
|
||||
|
@ -250,6 +218,20 @@
|
|||
prefix_limit.v6 = 0;
|
||||
};
|
||||
};
|
||||
quadv = {
|
||||
local = local // {
|
||||
v4 = "169.254.111.0";
|
||||
};
|
||||
remote = {
|
||||
asn = 197753;
|
||||
export_community = 4099;
|
||||
routers = [{
|
||||
v4 = "169.254.111.1";
|
||||
}];
|
||||
prefix_limit.v4 = 10;
|
||||
prefix_limit.v6 = 10;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -16,6 +16,16 @@ let
|
|||
${if ix.remote.must_be_next_hop then "if (bgp_path.first != ${toString ix.remote.asn}) then reject;" else "# no next-hop requirement"}
|
||||
${lib.concatMapStringsSep "\n" (asn: "if (bgp_path ~ [= * ${toString asn} * =]) then reject;") ix.remote.drop_asns}
|
||||
if (bgp_path ~ [= * 16276 * =] && gw = 195.66.225.6) then gw = 195.66.224.220; # OVH must go via router 1; router 2 is bork.
|
||||
${lib.optionalString (ixName == "quadv") ''
|
||||
bgp_ext_community.add((ro, 205479, 1000));
|
||||
bgp_ext_community.add((ro, 205479, 4000)); # etheroute
|
||||
#bgp_ext_community.add((ro, 205479, 4002)); # gsl
|
||||
|
||||
# Etheroute communities
|
||||
bgp_community.add((3170, 63257)); # GTT Corero
|
||||
bgp_community.add((64600, 3356)); # no Lumen
|
||||
bgp_community.add((64600, 5459)); # no LINX peers (inc. RS)
|
||||
''}
|
||||
bgp_local_pref = ${toString ix.remote.bgp_local_pref};
|
||||
accept;
|
||||
}
|
||||
|
@ -33,6 +43,7 @@ let
|
|||
};
|
||||
''}
|
||||
|
||||
${lib.optionalString (doesIPv6 ix) ''
|
||||
ipv6 table ${ixName}6;
|
||||
filter bgp_in_${ixName}6
|
||||
prefix set allnet;
|
||||
|
@ -57,8 +68,10 @@ let
|
|||
import ${if ix.remote.is_route_collector then "all" else "where ((ro, ${toString ix.local.asn}, ${toString ix.remote.export_community}) ~ bgp_ext_community)"};
|
||||
export filter bgp_in_${ixName}6;
|
||||
};
|
||||
''}
|
||||
'' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers;
|
||||
doesIPv4 = ix: (ix.local.v4 != null) || ix.v4onv6;
|
||||
doesIPv6 = ix: (ix.local.v6 != null);
|
||||
enabledSnippet = { enabled ? true, ... }: "disabled ${if enabled then "off" else "on"};";
|
||||
passwordSnippet = { password ? null, ... }: if password == null then "# no password" else "password \"${password}\";";
|
||||
multihopSnippet = { multihop ? null, ... }: if multihop == null then "# not multihop" else "multihop ${toString multihop};";
|
||||
|
@ -83,6 +96,7 @@ let
|
|||
};
|
||||
};
|
||||
''}
|
||||
${lib.optionalString (ix.local.v6 != null) ''
|
||||
protocol bgp ${ixName}${toString routerNum}_6 {
|
||||
${enabledSnippet router}
|
||||
${passwordSnippet router}
|
||||
|
@ -108,6 +122,7 @@ let
|
|||
${prefixLimitSnippet ix.remote.prefix_limit.v6}
|
||||
};
|
||||
};
|
||||
''}
|
||||
'';
|
||||
|
||||
inherit (lib) mkOption mkAfter types;
|
||||
|
@ -143,7 +158,8 @@ in {
|
|||
default = null;
|
||||
};
|
||||
v6 = mkOption { # lukegbgp.config.peering.<foo>.local.v6
|
||||
type = str;
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -325,14 +341,6 @@ in {
|
|||
protocol static export4 {
|
||||
ipv4 {
|
||||
import filter {
|
||||
|
||||
if net = 92.118.31.0/24 then {
|
||||
# bgp_path.prepend(197753);
|
||||
bgp_ext_community.add((ro, 205479, 1000));
|
||||
bgp_ext_community.add((ro, 205479, 4002));
|
||||
accept;
|
||||
}
|
||||
|
||||
bgp_ext_community.add((ro, 205479, 1000));
|
||||
bgp_ext_community.add((ro, 205479, 2000));
|
||||
bgp_ext_community.add((ro, 205479, 2001));
|
||||
|
|
Loading…
Reference in a new issue