aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

IPv4 routing is now managed by routeur-aurore

Browse source 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
ynerant 2021-07-04 13:16:46 +02:00
parent a6ebdd0d3e
commit fc8e8de428
Signed by untrusted user: ynerant
GPG key ID: 3A75C55819C8CF85
2 changed files with 127 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
roles/router/templates/keepalived-aurore.conf
View file

@ -8,13 +8,13 @@ global_defs {
vrrp_instance VI_ROUT_aurore_IPv4 { vrrp_instance VI_ROUT_aurore_IPv4 {
{% if 'backup' in inventory_hostname %} {% if 'backup' in inventory_hostname %}
state BACKUP state BACKUP
priority 100 priority 100
{% else %} {% else %}
state MASTER state MASTER
priority 150 priority 150
{% endif %} {% endif %}
# Interface used for VRRP communication. # Interface used for VRRP communication.
@ -35,40 +35,91 @@ vrrp_instance VI_ROUT_aurore_IPv4 {
smtp_alert smtp_alert
virtual_ipaddress { virtual_ipaddress {
# Routing # Hello Zayo
10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global 83.167.52.69/31 dev ens1 scope global
# Adm # Routing
10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global 10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global
# Switches # Adm
10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global 10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global
# IPs publiques serveurs # Switches
45.66.111.254/24 brd 45.66.111.255 dev ens21 scope global 10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global
# IPs publiques adhérents # IPs publiques serveurs
45.66.110.254/24 brd 45.66.110.255 dev ens22 scope global 45.66.111.254/24 brd 45.66.111.255 dev ens21 scope global
# VLAN 131: Onduleurs et PDUs # IPs publiques adhérents
10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global 45.66.110.254/24 brd 45.66.110.255 dev ens22 scope global
}
# VLAN 131: Onduleurs et PDUs
10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global
}
virtual_routes { virtual_routes {
# IPv4 gateway: yggdrasil src 10.129.0.254 to 10.129.0.0/16 dev ens18
src 10.129.0.254 to 0.0.0.0/0 via 10.129.0.1 dev ens18
# Fleming NAT
src 10.129.0.254 to 10.10.0.0/16 via 10.129.1.254 dev ens18
src 10.129.0.254 to 10.11.0.0/16 via 10.129.1.254 dev ens18
src 10.129.0.254 to 45.66.108.0/27 via 10.129.1.254 dev ens18
src 10.129.0.254 to 45.66.108.32/29 via 10.129.1.254 dev ens18
src 10.129.0.254 to 45.66.108.251 via 10.129.1.254 dev ens18
src 10.129.0.254 to 45.66.109.0/27 via 10.129.1.254 dev ens18
src 10.129.0.254 to 45.66.109.32/29 via 10.129.1.254 dev ens18
src 10.129.0.254 to 45.66.109.251 via 10.129.1.254 dev ens18
# Pacaterie NAT
src 10.129.0.254 to 10.20.0.0/16 via 10.129.2.254 dev ens18
src 10.129.0.254 to 10.21.0.0/16 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.108.40/29 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.108.48/28 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.108.64/28 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.108.252 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.109.40/29 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.109.48/28 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.109.64/28 via 10.129.2.254 dev ens18
src 10.129.0.254 to 45.66.109.252 via 10.129.2.254 dev ens18
# Rives NAT
src 10.129.0.254 to 10.30.0.0/16 via 10.129.3.254 dev ens18
src 10.129.0.254 to 10.31.0.0/16 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.108.80/28 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.108.96/28 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.108.112/29 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.108.253 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.109.80/28 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.109.96/28 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.109.112/29 via 10.129.3.254 dev ens18
src 10.129.0.254 to 45.66.109.253 via 10.129.3.254 dev ens18
# EDC NAT
src 10.129.0.254 to 10.40.0.0/16 via 10.129.4.254 dev ens18
src 10.129.0.254 to 10.41.0.0/16 via 10.129.4.254 dev ens18
src 10.129.0.254 to 45.66.108.120/29 via 10.129.4.254 dev ens18
src 10.129.0.254 to 45.66.108.128/27 via 10.129.4.254 dev ens18
src 10.129.0.254 to 45.66.108.254 via 10.129.4.254 dev ens18
src 10.129.0.254 to 45.66.109.120/29 via 10.129.4.254 dev ens18
src 10.129.0.254 to 45.66.109.128/27 via 10.129.4.254 dev ens18
src 10.129.0.254 to 45.66.109.254 via 10.129.4.254 dev ens18
# George Sand NAT
src 10.129.0.254 to 10.50.0.0/16 via 10.129.5.254 dev ens18
src 10.129.0.254 to 10.51.0.0/16 via 10.129.5.254 dev ens18
src 10.129.0.254 to 45.66.108.160/27 via 10.129.5.254 dev ens18
src 10.129.0.254 to 45.66.108.192/29 via 10.129.5.254 dev ens18
src 10.129.0.254 to 45.66.108.255 via 10.129.5.254 dev ens18
src 10.129.0.254 to 45.66.109.160/27 via 10.129.5.254 dev ens18
src 10.129.0.254 to 45.66.109.192/29 via 10.129.5.254 dev ens18
src 10.129.0.254 to 45.66.109.255 via 10.129.5.254 dev ens18
} }
} }
vrrp_instance VI_ROUT_aurore_IPv6 { vrrp_instance VI_ROUT_aurore_IPv6 {
{% if 'backup' in inventory_hostname %} {% if 'backup' in inventory_hostname %}
state BACKUP state BACKUP
priority 100 priority 100
{% else %} {% else %}
state MASTER state MASTER
priority 150 priority 150
{% endif %} {% endif %}
# Interface used for VRRP communication. # Interface used for VRRP communication.
@ -89,43 +140,37 @@ vrrp_instance VI_ROUT_aurore_IPv6 {
smtp_alert smtp_alert
virtual_ipaddress { virtual_ipaddress {
# Hello zayo # Hello zayo
2001:1b48:2:103::d7:2/126 dev ens1 scope global 2001:1b48:2:103::d7:2/126 dev ens1 scope global
# Routing # Routing
2a09:6840:129::254/64 dev ens18 scope global 2a09:6840:129::254/64 dev ens18 scope global
# Adm # Adm
2a09:6840:128::254/64 dev ens19 scope global 2a09:6840:128::254/64 dev ens19 scope global
# Switches # Switches
2a09:6840:130::254/64 dev ens20 scope global 2a09:6840:130::254/64 dev ens20 scope global
# IPs publiques serveurs # IPs publiques serveurs
2a09:6840:111::254/64 dev ens21 scope global 2a09:6840:111::254/64 dev ens21 scope global
# IPs publiques adhérents # IPs publiques adhérents
2a09:6840:110::254/64 dev ens22 scope global 2a09:6840:110::254/64 dev ens22 scope global
# VLAN 131: Onduleurs et PDUs
2a09:6840:131::254/64 dev ens23 scope global
}
# VLAN 131: Onduleurs et PDUs
2a09:6840:131::254/64 dev ens23 scope global
}
virtual_routes { virtual_routes {
# For IPv6, the master router is routeur-aurore, NOT yggdrasil, # Routes return for ipv6 connectivity
# because yggdrasil doesn't support BGPv6 announcements. 2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18
src 2001:1b48:2:103::d7:2/126 to ::/0 via 2001:1b48:2:103::d7:1 dev ens1 2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18
2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18
# Routes return for ipv6 connectivity 2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18
2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18 2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18 2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18 2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18 2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
} }
} }

66
roles/router/templates/keepalived.conf
View file

@ -8,13 +8,13 @@ global_defs {
vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 { vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
{% if 'backup' in inventory_hostname %} {% if 'backup' in inventory_hostname %}
state BACKUP state BACKUP
priority 100 priority 100
{% else %} {% else %}
state MASTER state MASTER
priority 150 priority 150
{% endif %} {% endif %}
# Interface used for VRRP communication. # Interface used for VRRP communication.
@ -35,41 +35,40 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
smtp_alert smtp_alert
virtual_ipaddress { virtual_ipaddress {
# Routing subnet # Routing subnet
10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global 10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
# NATed subnet: wired # NATed subnet: wired
45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global 45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
# NATed subnet: wifi # NATed subnet: wifi
45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global 45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
# Wired # Wired
10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global 10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
# Wifi # Wifi
10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global 10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
# Accueil
10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
}
# Accueil
10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
}
virtual_routes { virtual_routes {
# 10.129.0.1 is Yggdrasil # gateway to routeur-aurore
src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19 src 45.66.109.25{{ apartment_block_id }} to 0.0.0.0/0 via 10.129.0.254 dev ens19
} }
} }
vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 { vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
{% if 'backup' in inventory_hostname %} {% if 'backup' in inventory_hostname %}
state BACKUP state BACKUP
priority 100 priority 100
{% else %} {% else %}
state MASTER state MASTER
priority 150 priority 150
{% endif %} {% endif %}
# Interface used for VRRP communication. # Interface used for VRRP communication.
@ -90,23 +89,20 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
smtp_alert smtp_alert
virtual_ipaddress { virtual_ipaddress {
# Routing subnet # Routing subnet
fe80::1/64 dev ens19 scope global fe80::1/64 dev ens19 scope global
{{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global
# Wired # Wired
fe80::1/64 dev ens20 scope global fe80::1/64 dev ens20 scope global
# Wifi # Wifi
fe80::1/64 dev ens21 scope global fe80::1/64 dev ens21 scope global
} }
virtual_routes { virtual_routes {
# For IPv6, the master router is routeur-aurore, NOT yggdrasil, # gateway to routeur-aurore
# because yggdrasil doesn't support BGPv6 announcements. src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
} }
} }