etheroute-lon01: change setup of quadv

This commit is contained in:
Luke Granger-Brown 2023-09-30 01:14:36 +00:00
parent d7b2ca1cec
commit 2420018235
2 changed files with 34 additions and 44 deletions

View file

@ -116,6 +116,9 @@
# Accept from "trusted" quadv1 interface
ip46tables -A lukegb-forward -i quadv1 -j lukegb-fwd-accept
# Accept to quadv1 interface if we're multipathing.
ip46tables -A lukegb-forward -o quadv1 -j lukegb-fwd-accept
# Accept from established/related connections.
ip46tables -A lukegb-forward -m conntrack --ctstate ESTABLISHED,RELATED -j lukegb-fwd-accept
@ -158,26 +161,6 @@
}];
};
systemd.network.netdevs.gsl1 = {
netdevConfig = {
Name = "gsl1";
Kind = "vxlan";
};
vxlanConfig = {
VNI = 242;
Remote = "203.57.82.5";
Local = "103.141.25.50";
DestinationPort = 4789;
};
};
systemd.network.networks."40-eno1".vxlan = [ "gsl1" ];
systemd.network.networks.gsl1 = {
matchConfig.Name = "gsl1";
address = [ "10.0.0.22/30" "2401:3bc0::4:16/126" ];
};
services.openssh.hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
@ -202,7 +185,6 @@
local = {
routerID = "103.141.25.50";
};
export.v4 = [ "92.118.31.0/24" ];
peering = {
etheroute = {
local = local // {
@ -218,20 +200,6 @@
}];
};
};
gsl = {
local = local // {
v4 = "10.0.0.22";
v6 = "2401:3bc0::4:16";
};
remote = {
asn = 137409;
export_community = 4002;
routers = [{
v4 = "10.0.0.21";
v6 = "2401:3bc0::4:15";
}];
};
};
bgptoolscollector = {
local = local // {
v4 = "103.141.25.50";
@ -250,6 +218,20 @@
prefix_limit.v6 = 0;
};
};
quadv = {
local = local // {
v4 = "169.254.111.0";
};
remote = {
asn = 197753;
export_community = 4099;
routers = [{
v4 = "169.254.111.1";
}];
prefix_limit.v4 = 10;
prefix_limit.v6 = 10;
};
};
};
};
};

View file

@ -16,6 +16,16 @@ let
${if ix.remote.must_be_next_hop then "if (bgp_path.first != ${toString ix.remote.asn}) then reject;" else "# no next-hop requirement"}
${lib.concatMapStringsSep "\n" (asn: "if (bgp_path ~ [= * ${toString asn} * =]) then reject;") ix.remote.drop_asns}
if (bgp_path ~ [= * 16276 * =] && gw = 195.66.225.6) then gw = 195.66.224.220; # OVH must go via router 1; router 2 is bork.
${lib.optionalString (ixName == "quadv") ''
bgp_ext_community.add((ro, 205479, 1000));
bgp_ext_community.add((ro, 205479, 4000)); # etheroute
#bgp_ext_community.add((ro, 205479, 4002)); # gsl
# Etheroute communities
bgp_community.add((3170, 63257)); # GTT Corero
bgp_community.add((64600, 3356)); # no Lumen
bgp_community.add((64600, 5459)); # no LINX peers (inc. RS)
''}
bgp_local_pref = ${toString ix.remote.bgp_local_pref};
accept;
}
@ -33,6 +43,7 @@ let
};
''}
${lib.optionalString (doesIPv6 ix) ''
ipv6 table ${ixName}6;
filter bgp_in_${ixName}6
prefix set allnet;
@ -57,8 +68,10 @@ let
import ${if ix.remote.is_route_collector then "all" else "where ((ro, ${toString ix.local.asn}, ${toString ix.remote.export_community}) ~ bgp_ext_community)"};
export filter bgp_in_${ixName}6;
};
''}
'' + lib.concatImapStringsSep "\n" ( i: v: generateSnippetForRouter (args // { routerNum = i; router = v; }) ) ix.remote.routers;
doesIPv4 = ix: (ix.local.v4 != null) || ix.v4onv6;
doesIPv6 = ix: (ix.local.v6 != null);
enabledSnippet = { enabled ? true, ... }: "disabled ${if enabled then "off" else "on"};";
passwordSnippet = { password ? null, ... }: if password == null then "# no password" else "password \"${password}\";";
multihopSnippet = { multihop ? null, ... }: if multihop == null then "# not multihop" else "multihop ${toString multihop};";
@ -83,6 +96,7 @@ let
};
};
''}
${lib.optionalString (ix.local.v6 != null) ''
protocol bgp ${ixName}${toString routerNum}_6 {
${enabledSnippet router}
${passwordSnippet router}
@ -108,6 +122,7 @@ let
${prefixLimitSnippet ix.remote.prefix_limit.v6}
};
};
''}
'';
inherit (lib) mkOption mkAfter types;
@ -143,7 +158,8 @@ in {
default = null;
};
v6 = mkOption { # lukegbgp.config.peering.<foo>.local.v6
type = str;
type = nullOr str;
default = null;
};
};
};
@ -325,14 +341,6 @@ in {
protocol static export4 {
ipv4 {
import filter {
if net = 92.118.31.0/24 then {
# bgp_path.prepend(197753);
bgp_ext_community.add((ro, 205479, 1000));
bgp_ext_community.add((ro, 205479, 4002));
accept;
}
bgp_ext_community.add((ro, 205479, 1000));
bgp_ext_community.add((ro, 205479, 2000));
bgp_ext_community.add((ro, 205479, 2001));