Compare commits
17 commits
| Author | SHA1 | Date | |
|---|---|---|---|
b2b310a8ed
|
|||
|
b1449f5b1a
|
|||
|
a0b05c51b3
|
|||
|
3559932cef
|
|||
|
e030b26475
|
|||
|
4ebb4b6ad3
|
|||
|
9002b5f089
|
|||
|
fe454a8422
|
|||
|
24cca4516b
|
|||
|
a1ed04cab8
|
|||
|
6f4c39dbd8
|
|||
|
9ff166b1b7
|
|||
|
8645cc9c26
|
|||
|
fc8e8de428
|
|||
|
a6ebdd0d3e
|
|||
|
300fb02f8b
|
|||
|
55a4dfacfe
|
17 changed files with 281 additions and 432 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
*.retry
|
||||
tmp
|
||||
ldap-password.txt
|
||||
debug.yml
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||
roles:
|
||||
- router
|
||||
- ipv6_edge_router
|
||||
- bird
|
||||
|
||||
# Radius (backup only for now)
|
||||
- hosts: radius-*.adm.auro.re
|
||||
|
|
|
|||
8
roles/bird/handlers/main.yml
Normal file
8
roles/bird/handlers/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Reload Bird
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
state: reloaded
|
||||
loop:
|
||||
- bird
|
||||
- bird6
|
||||
28
roles/bird/tasks/main.yml
Normal file
28
roles/bird/tasks/main.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: Install Bird
|
||||
apt:
|
||||
name: bird
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure Bird
|
||||
template:
|
||||
src: "bird/{{ item }}.conf.j2"
|
||||
dest: "/etc/bird/{{ item }}.conf"
|
||||
owner: bird
|
||||
group: bird
|
||||
mode: '0600'
|
||||
loop:
|
||||
- bird
|
||||
- bird6
|
||||
notify: Reload Bird
|
||||
|
||||
- name: Start Bird
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
loop:
|
||||
- bird
|
||||
- bird6
|
||||
36
roles/bird/templates/bird/bird.conf.j2
Normal file
36
roles/bird/templates/bird/bird.conf.j2
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
log syslog all;
|
||||
|
||||
router id 45.66.111.254;
|
||||
|
||||
# Zayo
|
||||
listen bgp address 83.167.52.69 port 179;
|
||||
# Crans
|
||||
listen bgp address 185.230.79.254 port 179;
|
||||
|
||||
protocol kernel {
|
||||
scan time 60;
|
||||
import none;
|
||||
export all;
|
||||
};
|
||||
|
||||
protocol device {
|
||||
scan time 60;
|
||||
};
|
||||
|
||||
protocol static {
|
||||
route 45.66.108.0/22 reject;
|
||||
}
|
||||
|
||||
protocol bgp zayo {
|
||||
local 83.167.52.69 as 43619;
|
||||
neighbor 83.167.52.68 as 8218;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol bgp crans {
|
||||
local 185.230.79.254 as 43619;
|
||||
neighbor 185.230.79.253 as 204515;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
37
roles/bird/templates/bird/bird6.conf.j2
Normal file
37
roles/bird/templates/bird/bird6.conf.j2
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
router id 45.66.111.254;
|
||||
|
||||
# Zayo
|
||||
listen bgp address 2001:1b48:2:103::d7:2 port 179;
|
||||
# Crans
|
||||
listen bgp address 2a0c:700:28::2 port 179;
|
||||
|
||||
log syslog all;
|
||||
|
||||
protocol kernel {
|
||||
persist;
|
||||
scan time 60;
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
scan time 60;
|
||||
}
|
||||
|
||||
protocol static {
|
||||
route 2a09:6840::/29 reject;
|
||||
}
|
||||
|
||||
protocol bgp zayo {
|
||||
local 2001:1b48:2:103::d7:2 as 43619;
|
||||
neighbor 2001:1b48:2:103::d7:1 as 8218;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol bgp crans {
|
||||
local 2a0c:700:28::2 as 43619;
|
||||
neighbor 2a0c:700:28::1 as 204515;
|
||||
import all;
|
||||
export all;
|
||||
}
|
||||
|
|
@ -1,186 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFvRo7oBEADH/lEeQBaRW4Lpmzhpn7W53hhMUefgj1bJ7ISpMC3qOlgSIeof
|
||||
sQjZ5Hr0RHxz5bRVRtcOhPhKRvL0wCmTpROvKBVyrOHDn4AAh+D7bqhzrEZezJwu
|
||||
on2fBRA5prT97r99WKpIPjyqeKHWY3GsbkKMYAcFMGNwYZudEm9bqFaZ9F1CX96i
|
||||
VHTArZiZZgPPycOW6fZzrdPDa5/07WA4tJ4PXnMFEd3bLpRDW/t46XqBeNOitBcN
|
||||
TrRY7LY/rLnfAUfTWlQVm1wb5gl1E0e4LDlaAysqZCVDriAUwNzk9aRnLQw14h18
|
||||
af3sIi649fQ/uv/JwQ9hc1os/gu23N4wKSwSvQGYo3V6oqbxkhIQ5TR0MgXIxfF9
|
||||
LoSFgnrXvUpUc+V4qXJJV+hLbTEoAKrHaON0f7BQHAiTsKB1R7FLVCMFIRtuZ1RD
|
||||
iUCL9jFFXmAikHsTUFE2EOCW7+kqRSQ5ICu3IqMbXXA1dHz4tN2ji5LPZ4OKh/1O
|
||||
zZQCBev4IZ3KWibFZwNxDwWFSoFQeuNKnVujsfR31SuFRWmASqZGGpN/Jr+zVNsb
|
||||
iUXUBrnSj8PXYs1zSLrfVVlaga6EI29o5ozUweZDvn5VnRycHaTVjVEmYynnf0ss
|
||||
axkRKDgP4e0czNTbH9Rze+AL/Xfc5F0CVQ3jGZQwLgspqpj2UNicZhTzQwARAQAB
|
||||
tCtEYXZpZCBMYW1wYXJ0ZXIgPGVxdWlub3gtZGViaWFuQGRpYWMyNC5uZXQ+iQJO
|
||||
BBMBCAA4FiEEPZlorJrnvhFpKI3bH9WDmJX1f9oFAlvRo7oCGwEFCwkIBwIGFQgJ
|
||||
CgsCBBYCAwECHgECF4AACgkQH9WDmJX1f9pNHg//VS3bICTNEjjmXRtHdsKyRs2s
|
||||
Nl6BefYDuOPy6NWIra9oLZzo1G15Zt8wH1LLHIBND1d8QILa1739coQhfNJeeuyp
|
||||
sYclgSoX85UqpLeHE0Ws/o1vjNmAlQX7qDR5q1iOxUfxLjyXAR7qaqOCBR0uGjxP
|
||||
ZCI88ctu0bt9iI2rzmKwgyORDWwvKOmHovHxB8stPwdToyQK/eij94CVlf086pOz
|
||||
eIrEjC54jE4pq7nae8w7RsWs5OmgBkrZoXIuLBfHa1ynbUjhE3okPiZDnZr9bPTH
|
||||
FpJ4DnsQGhZGjFIiNVi5zbV+MxjavkfbshpzE1TK9EhNf1DdI8A+XzpiTfA5ifDL
|
||||
sm/KnA9Z+4T2EswthB6YV1lcnacSGOrEI1CQUTHPSFwZc1WUDkX5aqwib8fCT6U7
|
||||
oEngVBwN+guj5l2ba50pt1bct86c8Rv0cnaeKt6boe9sLeHbAur/R7Smdp0yIwAa
|
||||
pq52eSQvrxkV2sKlvOrBLX0v4hOut4LQKzresM0smjARYamh3ksj7oAaHJx1+RMZ
|
||||
AK7i2AjcMR4BvALTerVd2oM4SNghSFubJTVoMUarzeM3XQ6mFGbdwsqo6ziPlr2r
|
||||
vtX7syFclRXaeJw4VAQqXlBqbpZevld7A9/3G9CyuRSoQxgPv9p6fx3aE7R65O9U
|
||||
YsBsMtj2oxhKnkNjoky5AQ0EW9Gj4AEIALrNBXS0J+LAtQjWfJUwp9KsXCYx/1fL
|
||||
YDENUdkbwfCTDHPZFgZf0jvPFuQkvFl7SnoyjwbnDlFCn2kYeZJ1vS3ZidUwZbcE
|
||||
QCrARSKBzovsHDdafQwuUi21GAGuBOmIUSY5RihozjLgZ/5h2/vbqmCucfoYsctb
|
||||
tl3jpT8HTo6DJ4oQWSsHF5e4G8U5DCpCINbJnpqtfIFbm3yYGHm9Yzny4E2aMnzG
|
||||
lHErxxAoYufGLh6Hfs1JeJSsWL07334NZMU/zgzUs9dBbhbJ0/QBnRVuU+YHje+x
|
||||
9Ir+szHjKwHo29K6g3BV2BTjWpoW7IQG2d6baN1VgWepwpLnbzAG5wMAEQEAAYkD
|
||||
bAQYAQgAIBYhBD2ZaKya574RaSiN2x/Vg5iV9X/aBQJb0aPgAhsCAUAJEB/Vg5iV
|
||||
9X/awHQgBBkBCAAdFiEEN1UvZYKIwg4j4yPMVBjykdDUoaoFAlvRo+AACgkQVBjy
|
||||
kdDUoarcggf/S3Vd9BqByRkCyuPLwgKWLt3KsIuKOKG9+lzoAy2VsKOomistO3g0
|
||||
itefSRUOGgSArVG/rarR0Dzva3LI7sFF9vS4XKlARSPJV0rY13buSR/LnagqmWUf
|
||||
mQJTnh+MSWS6P37Burw0DqWioPd7VJQ67BfdrGUUeP8bChIPByo+ssi1qu2MFmLj
|
||||
toYiLSYW0gRSKtn8+oz5hk1lzuQBBTZ14ykqwZH9L1kCo+3Q7O7e1dztJ6NX6jEm
|
||||
QeHwLq27RqoUG15HR7CQvupa5CLbJ0Vja2tSkUnYb/ph8z7H9rkHz4qjKQWI1QoC
|
||||
jLkiyrdDeWqVWfpwGhoAryBlWKn51T9j6NecEAC5WojJF6xqYFiiT/V7ekmMKZ0l
|
||||
PA/IwW12U+ZP2EFVbqXjwBj3Mqx4NshNdRiWsl24ulIuNpmi6I3MJzx/1sfafGHl
|
||||
mq7n2zv0Cky37M28tYoDOt5fzSLYn9cgo/OzhS3D05ARbHP+ofcXDz+So+mj8wQb
|
||||
uW2sh9ToaiYOMzGqyMR0DFO6++FdIYzphN0sPyJBdfGeePNajV6+xhdS4zktWEGq
|
||||
QaF2XukTGxodJ3J3poeCarfK9ubmkemLRJ1Q+ynlx5KNzvt4Ut1pEO+OXkYOxGfI
|
||||
8gUuj3BXICVP3UVpB7RaqW5obz8zqQkskRqIBBrLoX+Dl+l4sID20BmW028xurkf
|
||||
ef3lNfLGTat4RleypLrcVZ4CMvAM/KOLInrXEoFqIKLiwnlAp6RK3mRL1IURyOtO
|
||||
WENn6w0DuD3yyQVglQfNft6TqaMjVxFjh2fDgWvISMe7x4Jp+EWljwBnpi+TtnG/
|
||||
P99J2sGb9Hwu6gC45mQ1Ufoe+suYuehSxAWNz00GzBS9XU1xRs00xLCjPNPhSjHO
|
||||
MqmGdm3cSeFdcmp7JRM05RtDOeBYAZuDV/HZNQu4XG2gHUv1xbuIqwKqN4vRMrI2
|
||||
8fWRdN2sPNlULTjeeMpxy01lfwilvVkXRJKyCPCx9MWZfJ0qbFeEC/cDOonx34lK
|
||||
mBW0B2Otoah+Em6d5bkBDQRb0aQLAQgAxXl4JTeK5v3xU8CxMG8IRLVrfT2XTWN+
|
||||
RvfnIoPPpvs1M9XXNnw2jVKaMJq/s9gKxpl3QaqcxR+zf+7L49ooAUoFodPg2Fbg
|
||||
HoNLZYukSLyPyL4LgE/X1ZQpx78m51Yn+vzej0Va/dqa77W90GlDM4CIE/ikFFpn
|
||||
oPO3c1SaqJv+bk3XNoP2l35ttsk3Y9if3r2LJRyn/ovVXZgQD+Ulb+klYugOBiKl
|
||||
ezuq/v2tnySQJ7ouXuWyoQrcuTUS05GbFdhlbr4xJHE2HLxmqn1aSV7TQb8Uk9zQ
|
||||
0SmSTinnlSlAgoDeq1veDLeMnYo6No2V2IOcXOLv9hOa3sNV+FnsaQARAQABiQI2
|
||||
BBgBCAAgFiEEPZlorJrnvhFpKI3bH9WDmJX1f9oFAlvRpAsCGwwACgkQH9WDmJX1
|
||||
f9p6+Q/+N97F+PW383hTi84JMyiQsX0mJrvDjt5hkkdN+7u0tUNL0l3AACQ7b85/
|
||||
ofJsGnfh8kYlB2nCP+gaNQU03qqbcyMLHsuwB+ULG0izbREb7aK02RBluFpIbgdV
|
||||
rFrgrUkLiSsuQLdReQYRTP1tU0peosBPxhhb1alAGhkPebWx+MLlbtiyg/j4pu8+
|
||||
oFirrJ5WEltamGt8OSbdLGNS22PuwxV8VDo/Xbi57P1VBglCpgG1nWDEN8+i5nHh
|
||||
8OKWZmvRhih1F89BR7U14OET+EENrZd8YRF2KOvOAM0eR1aIK/AilbINVZV0girt
|
||||
B/rYFhwi9i7Fyo3gEtPRRZpzcQ7V0VZiBlpEAbjgqwe1XDVNJYquM7E4S2jBidR6
|
||||
XJaYQImiwzMcyFopZZgD0F46xSI3O8zZp21g7Dq4pv6wRXGU+L639u+X5INDtJ7s
|
||||
kykwrYzmeGg/Mp0Mseiqq7iIJXrbP4dL1+Ck9alSGCe0p5vd3CIeBR3pFeSDG6yI
|
||||
2DiRzDfzbkIuUdIOAjXWjIl+XWfsFc/Znnux3UcAGec4Nhe3JvKEy5keDpXZGSaZ
|
||||
JaFJ3WJl8uQfJjO8n8M+P2lxmrpaErqkMk0+SC3DcSSZFEDigD6flMvfdVnOqdLa
|
||||
R1K6skDZkO+PQYqSydf9erO6+YgEjJB0/uCMXgHDVsmO3uKLOTg=
|
||||
=IWDv
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFyFXCQBEADengbfRCSixqjsBj7hnRsjDMihbgfolZe4asVd/JNh4xWqs5+z
|
||||
Q+vZUNwluJa6hYrgFW66xPfQeAbo11pS9r2RNkemLWi+8gf2vUwGlp8ZPXb/hYsR
|
||||
7URWJo+4GvfqH5RiTdLlJbPQnLSlCAMhwaAl1ko+p2zY/ImiAL+yaO8YYYN4sG31
|
||||
+67gG3t7AnbH+QjeoEU8heg+fYBiQXSmJ3nTvmYB0lgY/Cybh2Fge90JIZWoeWGp
|
||||
fX1zhpCoJGXIW2GyOFQRMYQCbKqtrmicDkgQTocItDfUSwGBr4EFHM+mO0DwfZ8R
|
||||
Lq+hzkLdAyJwWGNmiHbk8zFIBnktenmgslkoawvNOkGIz7mL0wqkkw6FYCojSnuj
|
||||
ndlYg/XAKrr5RpSDwxwvzWhjyuA+0g2nXBFKWQ/SVZH5niXHTgXBjKfbXjF85eOu
|
||||
bVx+82T7KV+aSAr7d0vAbSQO/XK6YrcXTJXZZbjIo/1eauT/FPQCBAejgOAle9wq
|
||||
aN04IE5+XPnRkqe5jodDyf3c8hHRL0xWthtj0kupV/7VWNKBLlMESPVfSKN9kjkR
|
||||
aTO6dH8jM0K1QWo5/mzEHNv4O2j8kyHDKJdRi+8bJSRKpToFmaLSe5gSA8vp/Fwg
|
||||
rY/eLT/5GQ0XOkqtonLYkHbLu9m8H8IrYRgCBVuLCa3cEbYc0mktmm3ExQARAQAB
|
||||
tDVGUlJvdXRpbmcgRGViaWFuIFJlcG9zaXRvcnkgPGRldkBsaXN0cy5mcnJvdXRp
|
||||
bmcub3JnPokCTgQTAQgAOBYhBEpWx3OLs/gVlagF0qgydpkI8T7RBQJchVwkAhsB
|
||||
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEKgydpkI8T7Rj20P/3Or3Vi/k6jj
|
||||
qb9hQKJgmX0taDG+FF1+X1WgmYOdW01jGK5jj1k3nKYQf4VGzR+eyUBTN54IpFsm
|
||||
aW5DwKoMLcaMQ7OAbl+AtpW700Q5hAtz4aWB5Stl7wyjVl600INES5DOuIuEmqB5
|
||||
60uUePNqF/+XKUgDgbQFc3E/Tb+c+Z7ADIhbIYPLUcSwJtRLhbnPGjt+pTLmPCO1
|
||||
i/NPRjzwzFgyHJaHqlGFNUUFfqHqGWXLxlO0A9m+r1gOiAevV3ZTzC2izkjOhJHT
|
||||
5XWFW7pS9jD78XgSN310glGYmWHZ0hxDgNR4V0oxOZCma1TDjfWVnUfK5pkm/78i
|
||||
qRHc8tjt+tor47iOsml4J95Qr5Qxvf+iDgThXcYMAVDRULITmiqZqA1pkheCBugl
|
||||
vQ7tvdjXf61ZxOZnDaqtLAHaSB/EynHaBaCzI2obQDHSgC1AU74f9SSN0j4HD01V
|
||||
McFh9H0YZeR0eo4I16HHYUcExQNWJGfeuAC1XBGiNixHXy4c1PdxPFGPDnFtH3sX
|
||||
2I5X4sKRVhZEbhRe111B93OFdkvWXmSyK6afu6qJBqB52zEe7F6UcNLP7ZnzafJV
|
||||
bTCSZeF3Nzt58byiO5jt7nj1wKxv9HpQVy2P7V0CXJB4EK42tGhejjEOY8FevWKF
|
||||
0OHX9RWKktlKAsLYFNPbHGPSo/ULj+sFuQINBFyI47kBEADLx3nZ+mFReBN4/E4C
|
||||
Gl+B8bKPJ+gaFSdcw8GWV2NFMlJvOqg7Fa4djrqGaOA2YomnNpddS62jAUNdlgDJ
|
||||
qRlZVK+Mqctdqgz7Gsuj4l7G/XjnUpQzPaEjxMXzCdFbP19lHa6GvyTgf1TewaNv
|
||||
uLBe+oaObdgiAXCUyS3RUtLc9L7KU2+BlnX2JKeQK5K7sRromFfPc27qN+hsWgpy
|
||||
xPvWYMGMHA0RjRwXOitjszXVZGUEPxwhX1kFOuFKnIcKG2jSbX/KLtcV1DNZro8s
|
||||
Q9hb2UZWZxrwVIIh8FTL8esf0zM64HLo1sZ6yUaVzzeETuWZFMMKaF1dn+KtmKkL
|
||||
KjgplRzJSE4QDP+48F6l9RCnrpIg33/rfN/M5Lbx5g2fhfT84+wQD6cKHypYfFng
|
||||
GJbmpUCgITcxGFmpetCTpYkxsVMzikudFe2YSJ7TO0aVBgiHfBoXU9g5AXuDYVKi
|
||||
8ZpaWcRSu4O0H58Kh/hk/8yiVa8e1nTMjsZuXMle8N52rF2G7vrMhva7uccgbbY+
|
||||
ZlOtWpZ7MJzIn/vKeWxXNDcvG7CVHn4BiSLXRcrNgw/I4UjhqpeRdx0l+j36HdDN
|
||||
0yaSZu6uP9SnsB5wkm1jN3uoNMFAdvpIqoaK9+2b5xKxLsNtE/R3anX9TlfFmeom
|
||||
k0JxrTsNqpRxBw5GylM96Bd9BQARAQABiQRsBBgBCAAgFiEESlbHc4uz+BWVqAXS
|
||||
qDJ2mQjxPtEFAlyI47kCGwICQAkQqDJ2mQjxPtHBdCAEGQEIAB0WIQSnzWQmxSYW
|
||||
E+lH68yjyrYexHux0AUCXIjjuQAKCRCjyrYexHux0J+TD/40x0L8vzP+k29NEreT
|
||||
N+k6889rCWMKAwmKWpgUN39nv9hZbSOFWDQs5Ttp+Rc+v7L5Pj4avJPzGnQieTMw
|
||||
7wKOu8ZUisBVzYfYsxlXlKsOLZrVlQpFJhWNFOBq0axYlP6vrslXkMPk+IPz8/FV
|
||||
USVByUHNNlIPmJU0WOIoLt+0YkqN1c1UCui/H6Z6IFpFIG8WLpgAtyKvqu8kdnEw
|
||||
JEqpp4dO/ainnF8fL8VuV1+cdbxRO0IsOJBqQ+M8LFI2ANJscW+l6sg9RX2ZSExQ
|
||||
Bm6dtPnsfP483SwH62PbaMP4lQ+Zpjl6ngoxv+S0RIDoW5Zl3zGe721NiLmz6Llz
|
||||
0Ghe3Jgnf1JHOlR893Hi8UkvvTbBLkR4fbvmbgHvhcNWCL2hGCsxDV002hI4OlYp
|
||||
px1gJ/HoU7lrrKQCzwTTxfQ1JiTMa+eiwY8xQGEfqUY83pWkx3wGUBa+W3GNlxD9
|
||||
+pZIzmxtD4uylA9lwnw/GXV4RauDuHMwWuqAGtDEr9Y8nYHuxl5/KdYOCf98sOzv
|
||||
XU8btnxuGHrWb5OgRD21NeHa4zwYXIuYOQtYai6IboKdH70l8b3VX+xtu9Fwf/V4
|
||||
5EsipWedfA2S3CtKjP6Pv5C6NAVoAnXinqr1VAXMJT5PvXmx1mLP7Xms8o7O7xda
|
||||
rsERKxVtt+JjArArk/gpFXImPLArD/42ZChEpJgbjabTrd6saI4BOsKSARX36Cxe
|
||||
cjJuWNvddpsb9WgYXbXCSK5hOybFYLlbRmdFmz1VzVy5au+Bsbmy+jKqzgAM1sui
|
||||
wE6WyVIOdN3hTZ9W20Fb4pa6MWd8dpWBwi7g40oRvaoPpspcimpa6OCNktij9zrZ
|
||||
/hN49JYbLjA7V+rE+zWWz2m3Ecwn2A5LZdKbrI06uKFltTRUhMZ3HhwhKrNui/iN
|
||||
YpwDn662jJaTxJ8x/WQJP6ILKVi3wk0eGFBSapEUv+D51y1v0dRh/QOO98RnLQ/p
|
||||
T/4y7BPxEWLLNr53rPHOjd2ClhDNZ8+dFzYrOCs+1f+mpWf7yF9wHBs2hOhSZAMx
|
||||
34HshZVLGBtdfD/cb1MA5MnBdfJHHFjL6EiJOP30YKJsTEGgqpAyMtyZt5/MKEfj
|
||||
r0OV/La7s38fpcPlZplF2/eqgxt7WiQu5I6BUXJcSlGTe97Rq5Ba/tSHzUnK1FNr
|
||||
v/hfBSgtxmX2qT5ojMu+UiKtvJDeUAGFLAJcaaEv92frhLWHcXXpayUuk/wdU9Qg
|
||||
y8F+yFtYGY2lj0h9WCeKbYUAm1p7skW5v2nsMw6I3QOPFzQBzm1rFQ1vFJMaqFFC
|
||||
qvHJALsI0SmaI7ruXYrm7CNv6qJKo3URYGq27Tm9lhut8iWKsa1/NWW5LZxzt2mO
|
||||
egKcOCfAMg==
|
||||
=Lt8H
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFyVPosBEADMyAbmmfo6x7e/dly+yQk1BuWUDbvMHFX9coCSItNxVvvIVzYJ
|
||||
Bw9pp4kJsTeqTI1cNQcCCjaeWbWevINCD5yFGN25xNPz2s1lgHCpJQzs/1qMKuE8
|
||||
vrHkEpJZTrdPSl8J8VdjQDCIh0NrLss1VzoPpFbm7lIkuN/6tl87hsyUyedd/0bY
|
||||
KkNVZfOW4UAjJFWQakofhTVifHqozb6wu+SYtPFnP/yBJdsYwrKlyyhR8hIIjyAK
|
||||
sxpKz6Dym6tHoDNLIcPy1Q3uNUaYdN2pXXRqzLTIKq7M7RhgY1W7QO7VFtkaG74j
|
||||
tmjbJYsX6nBGSlGE5cmlSz8N+D+uR/0NPMvgKOwI38joIT5/Sii/jgZUuX4Mz9Zk
|
||||
7Rh/C+P906dJpjbCbEPYSxVnZC4fHJZ0ezSEgrFKZ4QGoViNJEcc6jwNkgTM7jdz
|
||||
0e/xMKu4Ed30jLO7TvnwmcGWF/m2DZIgIMu9rhNHUaKeGRKo+Daf/x1naRbht/a/
|
||||
uSyukGJA5koipy8XxmJorx7MdIa9ekYPJaHM3eOcE1fxn7IcOwoqn0piB4lllq2r
|
||||
akLif195eFIcdI/cRfCX2fgQxBbgAAolUCqguJfus7cQCkn9Fr0cDgq7c0s0dQEw
|
||||
0kofqGUq6/fpdqxadRdPlYXS3BIvrWA99zOVCzxaccvKaMZxaKauc/rKbQARAQAB
|
||||
tDNKYWZhciBBbC1HaGFyYWliZWggKGxhdW5jaHBhZCkgPHRvLmphZmFyQGdtYWls
|
||||
LmNvbT6JAk4EEwEKADgWIQSpD8NtlClAl5jpwth03u1DqxlNvwUCXJU+iwIbAwUL
|
||||
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB03u1DqxlNv7w7D/90u8bETWZmzRZ7
|
||||
sRBfyN30YhXgvEJQCSKFgH1H5BS9H2W+VYQ8nmXpoVpsU5wLVosJ55WpO9oF7+6R
|
||||
+wO2r3lo+vkqFzscYLfNd/KTo6r7kl7VTTN9bBCMgl7eFtmqSO90o5UCrNBHk2Ax
|
||||
fTBJX9TLGa4SLPhiTlz51XdyYls3yG/3yQ6de6K+jPjrQsP2VbBSHP9OA+MKRTr6
|
||||
ONDTyJJ7TEAuoX7W1NLMQYS0kdA1jjGvTKeyHkb8QqFDTM7RyRdczKBEwOXSi7DW
|
||||
8v3Ink+7CgKGGLnOo3lXlm7q516Z9JMJ5BJtFkTx6Bo9iSAK4jSBiC5Zlta6CtP7
|
||||
lLwq/eOut/y9VoDXsdVkQl3UdTrB5b/4MZHL4Z6ykN1dv56XzjdnIl/nM7azwrTW
|
||||
N9tBDhjrYvKvscSI2l8TGdAseb4ftovHwIBFjNIlI6TYVEUR93ZEGPZCmuYeVSJe
|
||||
MWStJuLDa+bbbr2/OLvHsjyWB0/5LJNsHHfMCKLZTP8jeNVcHAJi7P+iNPPLp57C
|
||||
N2NEmyuJwgxFN/5cHlZzkg0QQgSaTm/tsft0jFJh4s0kO6L5NZ9ACP2JC9wfaBmt
|
||||
QFwdl+Tc5/Jf6pTnnMzeHuSiVWvG4jB3EVr47dWD7p5ekP+O0cG0Rnm2rf66M+fo
|
||||
z88Ga0gduOhxfdRn1qT3smK3hgyv2bkCDQRclT6LARAA8xTr8yu7ab6f4NAeMnTL
|
||||
4mjjYoYVXBMd4qT/cdtkSFoCdOl+MwcEZmDrq1HzT5CVXo9hPEcI7iuyXiejoMhB
|
||||
GFfvdY0Pcg5yMoUL57kE3XBoz9C8TEal1loSfTJ4IRou2VpY2sruaKgxO7PvmyQM
|
||||
D8mk4Sgyewn6VkcQx4dGwQrN2VU8mwFqp4GnEm7DgVJKqFRD43hCFoncNYaSOc52
|
||||
vf/EEU6VYxPWi01nZoRiNp8tXt+dYk5yb6fEhDsH9YYk51bgiiiGNoQw/zC1w2ek
|
||||
zPqJH/Y0BzoODbJ59vqc2jCuzGII4tFkijYbBTcCk1b7/yvQgwLdBpOTrrHcNolh
|
||||
plr7zHcB8TOc3aYrJ8TkwgP80uK85vlAIzB9AkZ/9Gn2K08b5eVC9cvMm0idwFkg
|
||||
0fHY+v2aDesA4lv1UtTsQVmrqnx1zaCjwH9tu73GTGXX40guYpbatPu3HDog/QkV
|
||||
fykVI5B2+vMixFCzudMKg80K+H7QI3uc1efqEmMRKjQU2rKXTNo/lASWjQMNfbWt
|
||||
JvEsLuLPc909OFhBfoX6GR7pmbKn3MCrTpLVeUkmp0EjcqYaDZXHnzKZQjjNjOKm
|
||||
6J69G3Ro6Abs7tRpnqOLTLZ5DKWBYidc3/fp/BF+CpeHdZlstLUazQ56ti9GshPf
|
||||
W4+6TRg2gt1leeXRU18jQz0AEQEAAYkCNgQYAQoAIBYhBKkPw22UKUCXmOnC2HTe
|
||||
7UOrGU2/BQJclT6LAhsMAAoJEHTe7UOrGU2/kToP/il4dvWMMJS4pgXuDPcwTaYc
|
||||
e8T9a8Uf0B2BOOKJgLZk2kvI21bwHnGxXc3zuUHCzZ81Y89/IpX+s37J+frvLbqd
|
||||
xOfE39+5plK9BDn7G9UsTzg7mXuGWpMQA6Mvki4LslY/qCfUqzVeFPNZquH4Emxr
|
||||
z1u0SldhaqctrkKwW1teTTmqbCtGrRpb0v8x42TBw+WvBJopelpgtdy3TnRbKk86
|
||||
NkiiPFVRnfC0RjyMlLxa095t5s8irrqjnAAKMvwKiuzt97CQ/U68WbsOYLyv42PT
|
||||
ClfbbFJw6ghTZ7SRxiGwUVz7EwQ31MsiffmyJKRca81yqSQfrPS4MkEXChZBt8wF
|
||||
C1IhG9I9zbHKt9saXWPYCbL8Zs2x3c1md62dl4mrH/VwLV9T+7PaJCM8qrFtkWlu
|
||||
cYntgBhLW1KY9dWkCtZ7ML70n8FyIyHMD35mZb3lw+c1dBusuwGwZLSksH9ucOQz
|
||||
Zh3+rlZ8PkYXXosKTkp9qBDVoSgNU5AH8F+K/Uw1uVm+JqqFP/ieQQydS8wAVYAv
|
||||
ax/ZP+wTHhLvmHUoI70K51osk+sLcFh+h9L6sK+kq9i2mrJs/d2Sk6jau96RJCFe
|
||||
pHI+29yZoK5ZpOkvFAFvbNXMFd2sn5O60y9LAvr9u2QRNlTvmQ7B1o2/US62SoD4
|
||||
HGxIKIAggOUujclydhvu
|
||||
=+/L/
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- name: restart frr
|
||||
service:
|
||||
name: frr
|
||||
state: restarted
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
---
|
||||
- name: install GPG
|
||||
apt:
|
||||
name: gnupg
|
||||
|
||||
- name: Add FRR repo key
|
||||
apt_key:
|
||||
data: "{{ lookup('file', 'frr-apt-key.asc') }}"
|
||||
state: present
|
||||
|
||||
- name: Add FRR apt repository
|
||||
apt_repository:
|
||||
repo: deb https://deb.frrouting.org/frr buster frr-stable
|
||||
state: present
|
||||
notify: restart frr
|
||||
|
||||
- name: Install frr
|
||||
apt:
|
||||
name: frr
|
||||
|
||||
- name: setup frr daemons
|
||||
template:
|
||||
src: daemons.j2
|
||||
dest: /etc/frr/daemons
|
||||
mode: 0644
|
||||
notify: restart frr
|
||||
|
||||
- name: setup frr.conf
|
||||
template:
|
||||
src: frr.conf.j2
|
||||
dest: /etc/frr/frr.conf
|
||||
mode: 0644
|
||||
notify: restart frr
|
||||
|
||||
- name: enable+start frr
|
||||
service:
|
||||
name: frr
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
# This file tells the frr package which daemons to start.
|
||||
#
|
||||
# Sample configurations for these daemons can be found in
|
||||
# /usr/share/doc/frr/examples/.
|
||||
#
|
||||
# ATTENTION:
|
||||
#
|
||||
# When activation a daemon at the first time, a config file, even if it is
|
||||
# empty, has to be present *and* be owned by the user and group "frr", else
|
||||
# the daemon will not be started by /etc/init.d/frr. The permissions should
|
||||
# be u=rw,g=r,o=.
|
||||
# When using "vtysh" such a config file is also needed. It should be owned by
|
||||
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
|
||||
#
|
||||
# The watchfrr and zebra daemons are always started.
|
||||
#
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
bgpd=no
|
||||
{% else %}
|
||||
bgpd=yes
|
||||
{% endif %}
|
||||
ospfd=no
|
||||
ospf6d=no
|
||||
ripd=no
|
||||
ripngd=no
|
||||
isisd=no
|
||||
pimd=no
|
||||
ldpd=no
|
||||
nhrpd=no
|
||||
eigrpd=no
|
||||
babeld=no
|
||||
sharpd=no
|
||||
pbrd=no
|
||||
bfdd=no
|
||||
|
||||
#
|
||||
# If this option is set the /etc/init.d/frr script automatically loads
|
||||
# the config via "vtysh -b" when the servers are started.
|
||||
# Check /etc/pam.d/frr if you intend to use "vtysh"!
|
||||
#
|
||||
vtysh_enable=yes
|
||||
zebra_options=" -A 127.0.0.1 -s 90000000"
|
||||
bgpd_options=" -A 127.0.0.1"
|
||||
ospfd_options=" -A 127.0.0.1"
|
||||
ospf6d_options=" -A ::1"
|
||||
ripd_options=" -A 127.0.0.1"
|
||||
ripngd_options=" -A ::1"
|
||||
isisd_options=" -A 127.0.0.1"
|
||||
pimd_options=" -A 127.0.0.1"
|
||||
ldpd_options=" -A 127.0.0.1"
|
||||
nhrpd_options=" -A 127.0.0.1"
|
||||
eigrpd_options=" -A 127.0.0.1"
|
||||
babeld_options=" -A 127.0.0.1"
|
||||
sharpd_options=" -A 127.0.0.1"
|
||||
pbrd_options=" -A 127.0.0.1"
|
||||
staticd_options="-A 127.0.0.1"
|
||||
bfdd_options=" -A 127.0.0.1"
|
||||
|
||||
# The list of daemons to watch is automatically generated by the init script.
|
||||
#watchfrr_options=""
|
||||
|
||||
# for debugging purposes, you can specify a "wrap" command to start instead
|
||||
# of starting the daemon directly, e.g. to use valgrind on ospfd:
|
||||
# ospfd_wrap="/usr/bin/valgrind"
|
||||
# or you can use "all_wrap" for all daemons, e.g. to use perf record:
|
||||
# all_wrap="/usr/bin/perf record --call-graph -"
|
||||
# the normal daemon command is added to this at the end.
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
log syslog informational
|
||||
log stdout
|
||||
|
||||
hostname routeur-aurore
|
||||
password Tux
|
||||
enable password Tux
|
||||
|
||||
interface lo
|
||||
line vty
|
||||
|
||||
|
||||
# Aurore AS.
|
||||
router bgp 43619
|
||||
#no synchronization
|
||||
bgp router-id 45.66.111.254
|
||||
|
||||
# Remote-AS: Zayo.
|
||||
neighbor 2001:1b48:2:103::d7:1 remote-as 8218
|
||||
address-family ipv6
|
||||
network 2a09:6840::/29
|
||||
neighbor 2001:1b48:2:103::d7:1 activate
|
||||
exit-address-family
|
||||
!
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: restart keepalived
|
||||
- name: Reload keepalived
|
||||
systemd:
|
||||
state: restarted
|
||||
state: reloaded
|
||||
name: keepalived
|
||||
enabled: true
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@
|
|||
src: keepalived.conf
|
||||
dest: /etc/keepalived/keepalived.conf
|
||||
mode: 0644
|
||||
notify: restart keepalived
|
||||
notify: Reload keepalived
|
||||
when: "'routeur-aurore' not in ansible_hostname"
|
||||
|
||||
- name: configure keepalived for routeur-aurore*
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
src: keepalived-aurore.conf
|
||||
dest: /etc/keepalived/keepalived.conf
|
||||
mode: 0644
|
||||
notify: restart keepalived
|
||||
notify: Reload keepalived
|
||||
when: "'routeur-aurore' in ansible_hostname"
|
||||
|
||||
- name: Configure cron
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ role = ['routeur']
|
|||
|
||||
interfaces_type = {
|
||||
'routable' : ['ens21', 'ens22'],
|
||||
'sortie' : ['ens18', 'ens1'],
|
||||
'sortie' : ['ens18', 'ens1', 'ens2'],
|
||||
'admin' : ['ens19', 'ens20', 'ens23']
|
||||
}
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ nat = [
|
|||
{
|
||||
'name' : 'AdminVlans',
|
||||
'extra_nat' : {
|
||||
'ens18': {
|
||||
'ens1': {
|
||||
'10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||
'10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||
'10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||
|
|
@ -55,3 +55,10 @@ nat = [
|
|||
}
|
||||
}
|
||||
]
|
||||
|
||||
### Specifiy tuples of interfaces that should be directly forwarded without any
|
||||
### firewall rule.
|
||||
|
||||
external_forward = [
|
||||
('ens1', 'ens2'),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -11,37 +11,25 @@ iface lo inet loopback
|
|||
auto ens18
|
||||
iface ens18 inet static
|
||||
address 10.129.0.{{ router_hard_ip_suffix }}/16
|
||||
gateway 10.129.0.254
|
||||
ip-forward 1
|
||||
|
||||
iface ens18 inet6 static
|
||||
address 2a09:6840:129::0:{{ router_hard_ip_suffix }}/64
|
||||
|
||||
# Now managed by keepalived.
|
||||
#
|
||||
# post-up ip route add 2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18
|
||||
# post-up ip route add 2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18
|
||||
|
||||
# post-up ip route add 2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18
|
||||
# post-up ip route add 2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18
|
||||
|
||||
# post-up ip route add 2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
|
||||
# post-up ip route add 2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
|
||||
|
||||
# post-up ip route add 2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
|
||||
# post-up ip route add 2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
|
||||
gateway 2a09:6840:129::0:254
|
||||
ip-forward 1
|
||||
|
||||
|
||||
# The primary network interface
|
||||
allow-hotplug ens19
|
||||
iface ens19 inet static
|
||||
address 10.128.0.{{ router_hard_ip_suffix }}/16
|
||||
gateway 10.128.0.254
|
||||
dns-search adm.auro.re
|
||||
ip-forward 1
|
||||
|
||||
iface ens19 inet6 static
|
||||
address 2a09:6840:128::0:{{ router_hard_ip_suffix }}/64
|
||||
|
||||
# Ensures internet connectivity when running as keepalived backup.
|
||||
gateway 2a09:6840:128::0:254
|
||||
ip-forward 1
|
||||
|
||||
# VlAN 130: switches
|
||||
auto ens20
|
||||
|
|
@ -55,6 +43,7 @@ iface ens20 inet6 static
|
|||
auto ens21
|
||||
iface ens21 inet static
|
||||
address 45.66.111.{{ router_hard_ip_suffix }}/24
|
||||
ip-forward 1
|
||||
|
||||
# Nécessaire pour contacter re2o et bootstrap le firewall.
|
||||
# Ces directives sont _aussi_ set par aurore-firewall !
|
||||
|
|
@ -64,14 +53,17 @@ iface ens21 inet static
|
|||
|
||||
iface ens21 inet6 static
|
||||
address 2a09:6840:111::{{ router_hard_ip_suffix }}/48
|
||||
ip-forward 1
|
||||
|
||||
# VLAN 110: IP publiques adhérents
|
||||
auto ens22
|
||||
iface ens22 inet static
|
||||
address 45.66.110.{{ router_hard_ip_suffix }}/24
|
||||
ip-forward 1
|
||||
|
||||
iface ens22 inet6 static
|
||||
address 2a09:6840:110::{{ router_hard_ip_suffix }}/48
|
||||
ip-forward 1
|
||||
|
||||
# VLAN 131: onduleurs et PDU
|
||||
auto ens23
|
||||
|
|
@ -81,5 +73,19 @@ iface ens23 inet static
|
|||
iface ens23 inet6 static
|
||||
address 2a09:6840:131::0:{{ router_hard_ip_suffix }}/64
|
||||
|
||||
# VLAN 120: Interco Zayo
|
||||
auto ens1
|
||||
iface ens1 inet6 manual
|
||||
iface ens1 inet static
|
||||
ip-forward 1
|
||||
|
||||
iface ens1 inet6 static
|
||||
ip-forward 1
|
||||
|
||||
# VLAN 121: Interco Crans
|
||||
auto ens2
|
||||
iface ens2 inet static
|
||||
ip-forward 1
|
||||
|
||||
iface ens2 inet6 static
|
||||
address 2a09:6840:128::0:{{ router_hard_ip_suffix }}/64
|
||||
ip-forward 1
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@ global_defs {
|
|||
|
||||
|
||||
vrrp_instance VI_ROUT_aurore_IPv4 {
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% else %}
|
||||
{% else %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
# Interface used for VRRP communication.
|
||||
|
|
@ -35,40 +35,94 @@ vrrp_instance VI_ROUT_aurore_IPv4 {
|
|||
smtp_alert
|
||||
|
||||
virtual_ipaddress {
|
||||
# Routing
|
||||
10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global
|
||||
# Hello Zayo
|
||||
83.167.52.69/31 dev ens1 scope global
|
||||
|
||||
# Adm
|
||||
10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global
|
||||
# Routing
|
||||
10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global
|
||||
|
||||
# Switches
|
||||
10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global
|
||||
# Adm
|
||||
10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global
|
||||
|
||||
# IPs publiques serveurs
|
||||
45.66.111.254/24 brd 45.66.111.255 dev ens21 scope global
|
||||
# Switches
|
||||
10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global
|
||||
|
||||
# IPs publiques adhérents
|
||||
45.66.110.254/24 brd 45.66.110.255 dev ens22 scope global
|
||||
# IPs publiques serveurs
|
||||
45.66.111.254/24 brd 45.66.111.255 dev ens21 scope global
|
||||
|
||||
# VLAN 131: Onduleurs et PDUs
|
||||
10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global
|
||||
}
|
||||
# IPs publiques adhérents
|
||||
45.66.110.254/24 brd 45.66.110.255 dev ens22 scope global
|
||||
|
||||
# VLAN 131: Onduleurs et PDUs
|
||||
10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global
|
||||
|
||||
# VLAN 121: Interco Crans
|
||||
185.230.79.254/29 brd 185.230.79.255 dev ens2 scope global
|
||||
}
|
||||
|
||||
virtual_routes {
|
||||
# IPv4 gateway: yggdrasil
|
||||
src 10.129.0.254 to 0.0.0.0/0 via 10.129.0.1 dev ens18
|
||||
src 10.129.0.254 to 10.129.0.0/16 dev ens18
|
||||
|
||||
# Fleming NAT
|
||||
src 10.129.0.254 to 10.10.0.0/16 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 10.11.0.0/16 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.0/27 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.32/29 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.251 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.0/27 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.32/29 via 10.129.1.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.251 via 10.129.1.254 dev ens18
|
||||
# Pacaterie NAT
|
||||
src 10.129.0.254 to 10.20.0.0/16 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 10.21.0.0/16 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.40/29 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.48/28 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.64/28 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.252 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.40/29 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.48/28 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.64/28 via 10.129.2.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.252 via 10.129.2.254 dev ens18
|
||||
# Rives NAT
|
||||
src 10.129.0.254 to 10.30.0.0/16 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 10.31.0.0/16 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.80/28 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.96/28 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.112/29 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.253 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.80/28 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.96/28 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.112/29 via 10.129.3.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.253 via 10.129.3.254 dev ens18
|
||||
# EDC NAT
|
||||
src 10.129.0.254 to 10.40.0.0/16 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 10.41.0.0/16 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.120/29 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.128/27 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.254 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.120/29 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.128/27 via 10.129.4.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.254 via 10.129.4.254 dev ens18
|
||||
# George Sand NAT
|
||||
src 10.129.0.254 to 10.50.0.0/16 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 10.51.0.0/16 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.160/27 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.192/29 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.108.255 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.160/27 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.192/29 via 10.129.5.254 dev ens18
|
||||
src 10.129.0.254 to 45.66.109.255 via 10.129.5.254 dev ens18
|
||||
}
|
||||
}
|
||||
|
||||
vrrp_instance VI_ROUT_aurore_IPv6 {
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% else %}
|
||||
{% else %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
# Interface used for VRRP communication.
|
||||
|
|
@ -89,43 +143,40 @@ vrrp_instance VI_ROUT_aurore_IPv6 {
|
|||
smtp_alert
|
||||
|
||||
virtual_ipaddress {
|
||||
# Hello zayo
|
||||
2001:1b48:2:103::d7:2/126 dev ens1 scope global
|
||||
# Hello zayo
|
||||
2001:1b48:2:103::d7:2/126 dev ens1 scope global
|
||||
|
||||
# Routing
|
||||
2a09:6840:129::254/64 dev ens18 scope global
|
||||
# Routing
|
||||
2a09:6840:129::254/64 dev ens18 scope global
|
||||
|
||||
# Adm
|
||||
2a09:6840:128::254/64 dev ens19 scope global
|
||||
# Adm
|
||||
2a09:6840:128::254/64 dev ens19 scope global
|
||||
|
||||
# Switches
|
||||
2a09:6840:130::254/64 dev ens20 scope global
|
||||
# Switches
|
||||
2a09:6840:130::254/64 dev ens20 scope global
|
||||
|
||||
# IPs publiques serveurs
|
||||
2a09:6840:111::254/64 dev ens21 scope global
|
||||
# IPs publiques serveurs
|
||||
2a09:6840:111::254/64 dev ens21 scope global
|
||||
|
||||
# IPs publiques adhérents
|
||||
2a09:6840:110::254/64 dev ens22 scope global
|
||||
# IPs publiques adhérents
|
||||
2a09:6840:110::254/64 dev ens22 scope global
|
||||
|
||||
# VLAN 131: Onduleurs et PDUs
|
||||
2a09:6840:131::254/64 dev ens23 scope global
|
||||
}
|
||||
# VLAN 131: Onduleurs et PDUs
|
||||
2a09:6840:131::254/64 dev ens23 scope global
|
||||
|
||||
# VLAN 121: Interco Crans
|
||||
2a0c:700:28::2/64 dev ens2 scope global
|
||||
}
|
||||
|
||||
virtual_routes {
|
||||
# For IPv6, the master router is routeur-aurore, NOT yggdrasil,
|
||||
# because yggdrasil doesn't support BGPv6 announcements.
|
||||
src 2001:1b48:2:103::d7:2/126 to ::/0 via 2001:1b48:2:103::d7:1 dev ens1
|
||||
|
||||
# Routes return for ipv6 connectivity
|
||||
2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18
|
||||
2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18
|
||||
2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18
|
||||
2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18
|
||||
2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
|
||||
2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
|
||||
2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
|
||||
2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
|
||||
# Routes return for ipv6 connectivity
|
||||
2a09:6840:10::/64 via 2a09:6840:129::1:254 dev ens18
|
||||
2a09:6840:11::/64 via 2a09:6840:129::1:254 dev ens18
|
||||
2a09:6840:20::/64 via 2a09:6840:129::2:254 dev ens18
|
||||
2a09:6840:21::/64 via 2a09:6840:129::2:254 dev ens18
|
||||
2a09:6840:40::/64 via 2a09:6840:129::4:254 dev ens18
|
||||
2a09:6840:41::/64 via 2a09:6840:129::4:254 dev ens18
|
||||
2a09:6840:50::/64 via 2a09:6840:129::5:254 dev ens18
|
||||
2a09:6840:51::/64 via 2a09:6840:129::5:254 dev ens18
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@ global_defs {
|
|||
|
||||
|
||||
vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% else %}
|
||||
{% else %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
# Interface used for VRRP communication.
|
||||
|
|
@ -35,41 +35,40 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
|
|||
smtp_alert
|
||||
|
||||
virtual_ipaddress {
|
||||
# Routing subnet
|
||||
10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
|
||||
# Routing subnet
|
||||
10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
|
||||
|
||||
|
||||
# NATed subnet: wired
|
||||
45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
|
||||
# NATed subnet: wired
|
||||
45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
|
||||
|
||||
# NATed subnet: wifi
|
||||
45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
|
||||
# NATed subnet: wifi
|
||||
45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
|
||||
|
||||
# Wired
|
||||
10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
|
||||
# Wired
|
||||
10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
|
||||
|
||||
# Wifi
|
||||
10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
|
||||
|
||||
# Accueil
|
||||
10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
|
||||
}
|
||||
# Wifi
|
||||
10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
|
||||
|
||||
# Accueil
|
||||
10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
|
||||
}
|
||||
|
||||
virtual_routes {
|
||||
# 10.129.0.1 is Yggdrasil
|
||||
src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19
|
||||
# gateway to routeur-aurore
|
||||
src 45.66.109.25{{ apartment_block_id }} to 0.0.0.0/0 via 10.129.0.254 dev ens19
|
||||
}
|
||||
}
|
||||
|
||||
vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
{% if 'backup' in inventory_hostname %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% else %}
|
||||
{% else %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
# Interface used for VRRP communication.
|
||||
|
|
@ -90,23 +89,20 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
|
|||
smtp_alert
|
||||
|
||||
virtual_ipaddress {
|
||||
# Routing subnet
|
||||
fe80::1/64 dev ens19 scope global
|
||||
{{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global
|
||||
# Routing subnet
|
||||
fe80::1/64 dev ens19 scope global
|
||||
{{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global
|
||||
|
||||
# Wired
|
||||
fe80::1/64 dev ens20 scope global
|
||||
# Wired
|
||||
fe80::1/64 dev ens20 scope global
|
||||
|
||||
# Wifi
|
||||
fe80::1/64 dev ens21 scope global
|
||||
}
|
||||
# Wifi
|
||||
fe80::1/64 dev ens21 scope global
|
||||
}
|
||||
|
||||
|
||||
virtual_routes {
|
||||
# For IPv6, the master router is routeur-aurore, NOT yggdrasil,
|
||||
# because yggdrasil doesn't support BGPv6 announcements.
|
||||
src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
|
||||
# gateway to routeur-aurore
|
||||
src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue