From fc8e8de428e83daf76e2c4e558b729c59f3c4151 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Sun, 4 Jul 2021 13:16:46 +0200
Subject: [PATCH] IPv4 routing is now managed by routeur-aurore

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 roles/router/templates/keepalived-aurore.conf | 147 ++++++++++++------
 roles/router/templates/keepalived.conf        |  66 ++++----
 2 files changed, 127 insertions(+), 86 deletions(-)

diff --git a/roles/router/templates/keepalived-aurore.conf b/roles/router/templates/keepalived-aurore.conf
index b8882fd..9cbfc04 100644
--- a/roles/router/templates/keepalived-aurore.conf
+++ b/roles/router/templates/keepalived-aurore.conf
@@ -8,13 +8,13 @@ global_defs {
 
 
 vrrp_instance VI_ROUT_aurore_IPv4 {
-  {% if 'backup' in inventory_hostname %}
+{% if 'backup' in inventory_hostname %}
   state BACKUP
   priority 100
-  {% else %}
+{% else %}
   state MASTER
   priority 150
-  {% endif %}
+{% endif %}
 
 
   # Interface used for VRRP communication.
@@ -35,40 +35,91 @@ vrrp_instance VI_ROUT_aurore_IPv4 {
   smtp_alert
 
   virtual_ipaddress {
-        # Routing
-        10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global
+    # Hello Zayo
+    83.167.52.69/31 dev ens1 scope global
 
-        # Adm
-        10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global
+    # Routing
+    10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global
 
-        # Switches
-        10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global
+    # Adm
+    10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global
 
-        # IPs publiques serveurs
-        45.66.111.254/24 brd 45.66.111.255 dev ens21 scope global
+    # Switches
+    10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global
 
-        # IPs publiques adhérents
-        45.66.110.254/24 brd 45.66.110.255 dev ens22 scope global
+    # IPs publiques serveurs
+    45.66.111.254/24 brd 45.66.111.255 dev ens21 scope global
 
-        # VLAN 131: Onduleurs et PDUs
-        10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global
-   }
+    # IPs publiques adhérents
+    45.66.110.254/24 brd 45.66.110.255 dev ens22 scope global
 
+    # VLAN 131: Onduleurs et PDUs
+    10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global
+  }
 
   virtual_routes {
-        # IPv4 gateway: yggdrasil
-        src 10.129.0.254 to 0.0.0.0/0 via 10.129.0.1 dev ens18
+    src 10.129.0.254 to 10.129.0.0/16 dev ens18
+
+    # Fleming NAT
+    src 10.129.0.254 to 10.10.0.0/16 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 10.11.0.0/16 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 45.66.108.0/27 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 45.66.108.32/29 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 45.66.108.251 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 45.66.109.0/27 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 45.66.109.32/29 via 10.129.1.254 dev ens18
+    src 10.129.0.254 to 45.66.109.251 via 10.129.1.254 dev ens18
+    # Pacaterie NAT
+    src 10.129.0.254 to 10.20.0.0/16 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 10.21.0.0/16 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.108.40/29 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.108.48/28 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.108.64/28 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.108.252 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.109.40/29 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.109.48/28 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.109.64/28 via 10.129.2.254 dev ens18
+    src 10.129.0.254 to 45.66.109.252 via 10.129.2.254 dev ens18
+    # Rives NAT
+    src 10.129.0.254 to 10.30.0.0/16 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 10.31.0.0/16 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.108.80/28 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.108.96/28 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.108.112/29 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.108.253 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.109.80/28 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.109.96/28 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.109.112/29 via 10.129.3.254 dev ens18
+    src 10.129.0.254 to 45.66.109.253 via 10.129.3.254 dev ens18
+    # EDC NAT
+    src 10.129.0.254 to 10.40.0.0/16 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 10.41.0.0/16 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 45.66.108.120/29 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 45.66.108.128/27 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 45.66.108.254 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 45.66.109.120/29 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 45.66.109.128/27 via 10.129.4.254 dev ens18
+    src 10.129.0.254 to 45.66.109.254 via 10.129.4.254 dev ens18
+    # George Sand NAT
+    src 10.129.0.254 to 10.50.0.0/16 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 10.51.0.0/16 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 45.66.108.160/27 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 45.66.108.192/29 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 45.66.108.255 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 45.66.109.160/27 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 45.66.109.192/29 via 10.129.5.254 dev ens18
+    src 10.129.0.254 to 45.66.109.255 via 10.129.5.254 dev ens18
   }
 }
 
 vrrp_instance VI_ROUT_aurore_IPv6 {
-  {% if 'backup' in inventory_hostname %}
+{% if 'backup' in inventory_hostname %}
   state BACKUP
   priority 100
-  {% else %}
+{% else %}
   state MASTER
   priority 150
-  {% endif %}
+{% endif %}
 
 
   # Interface used for VRRP communication.
@@ -89,43 +140,37 @@ vrrp_instance VI_ROUT_aurore_IPv6 {
   smtp_alert
 
   virtual_ipaddress {
-        # Hello zayo
-        2001:1b48:2:103::d7:2/126 dev ens1 scope global
+    # Hello zayo
+    2001:1b48:2:103::d7:2/126 dev ens1 scope global
 
-        # Routing
-        2a09:6840:129::254/64 dev ens18 scope global
+    # Routing
+    2a09:6840:129::254/64 dev ens18 scope global
 
-        # Adm
-        2a09:6840:128::254/64 dev ens19 scope global
+    # Adm
+    2a09:6840:128::254/64 dev ens19 scope global
 
-        # Switches
-        2a09:6840:130::254/64 dev ens20 scope global
+    # Switches
+    2a09:6840:130::254/64 dev ens20 scope global
 
-        # IPs publiques serveurs
-        2a09:6840:111::254/64 dev ens21 scope global
+    # IPs publiques serveurs
+    2a09:6840:111::254/64 dev ens21 scope global
 
-        # IPs publiques adhérents
-        2a09:6840:110::254/64 dev ens22 scope global
-
-        # VLAN 131: Onduleurs et PDUs
-        2a09:6840:131::254/64 dev ens23 scope global
-   }
+    # IPs publiques adhérents
+    2a09:6840:110::254/64 dev ens22 scope global
 
+    # VLAN 131: Onduleurs et PDUs
+    2a09:6840:131::254/64 dev ens23 scope global
+  }
 
   virtual_routes {
-        # For IPv6, the master router is routeur-aurore, NOT yggdrasil,
-        # because yggdrasil doesn't support BGPv6 announcements.
-        src 2001:1b48:2:103::d7:2/126 to ::/0 via 2001:1b48:2:103::d7:1 dev ens1
-
-        # Routes return for ipv6 connectivity
-        2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18
-        2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18
-        2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18
-        2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18
-        2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
-        2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
-        2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
-        2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
+    # Routes return for ipv6 connectivity
+    2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18
+    2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18
+    2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18
+    2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18
+    2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
+    2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
+    2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
+    2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
   }
 }
-
diff --git a/roles/router/templates/keepalived.conf b/roles/router/templates/keepalived.conf
index 45f5661..eedfd83 100644
--- a/roles/router/templates/keepalived.conf
+++ b/roles/router/templates/keepalived.conf
@@ -8,13 +8,13 @@ global_defs {
 
 
 vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
-  {% if 'backup' in inventory_hostname %}
+{% if 'backup' in inventory_hostname %}
   state BACKUP
   priority 100
-  {% else %}
+{% else %}
   state MASTER
   priority 150
-  {% endif %}
+{% endif %}
 
 
   # Interface used for VRRP communication.
@@ -35,41 +35,40 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
   smtp_alert
 
   virtual_ipaddress {
-        # Routing subnet
-        10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
+    # Routing subnet
+    10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
 
 
-        # NATed subnet: wired
-        45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
+    # NATed subnet: wired
+    45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
 
-        # NATed subnet: wifi
-        45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
+    # NATed subnet: wifi
+    45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
 
-        # Wired
-        10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
+    # Wired
+    10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
 
-        # Wifi
-        10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
-
-	# Accueil
-        10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
-   }
+    # Wifi
+    10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
 
+    # Accueil
+    10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
+  }
 
   virtual_routes {
-        # 10.129.0.1 is Yggdrasil
-        src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19
+    # gateway to routeur-aurore
+    src 45.66.109.25{{ apartment_block_id }} to 0.0.0.0/0 via 10.129.0.254 dev ens19
   }
 }
 
 vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
-  {% if 'backup' in inventory_hostname %}
+{% if 'backup' in inventory_hostname %}
   state BACKUP
   priority 100
-  {% else %}
+{% else %}
   state MASTER
   priority 150
-  {% endif %}
+{% endif %}
 
 
   # Interface used for VRRP communication.
@@ -90,23 +89,20 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
   smtp_alert
 
   virtual_ipaddress {
-        # Routing subnet
-        fe80::1/64 dev ens19 scope global
-        {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global
+    # Routing subnet
+    fe80::1/64 dev ens19 scope global
+    {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global
 
-        # Wired
-        fe80::1/64 dev ens20 scope global
+    # Wired
+    fe80::1/64 dev ens20 scope global
 
-        # Wifi
-        fe80::1/64 dev ens21 scope global
-   }
+    # Wifi
+    fe80::1/64 dev ens21 scope global
+  }
 
 
   virtual_routes {
-        # For IPv6, the master router is routeur-aurore, NOT yggdrasil,
-        # because yggdrasil doesn't support BGPv6 announcements.
-        src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
+    # gateway to routeur-aurore
+    src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
   }
 }
-
-