zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

internal ipv6 routing

This commit is contained in:
Astro 2016-12-19 03:08:18 +01:00
parent 6d8306bc7a
commit 1fb5f05160
9 changed files with 226 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
salt-pillar/hosts/init.sls
View File

@ -106,3 +106,76 @@ hosts-inet:
c3d2:
c3d2-anon: 172.22.99.1
c3d2-gw: 172.22.99.4
hosts-inet6:
core:
server1: fd23:42:c3d2:581::1
anon1: fd23:42:c3d2:581::9:1
serv-gw: fd23:42:c3d2:581::8:1
pub-gw: fd23:42:c3d2:581::8:2
c3d2-gw: fd23:42:c3d2:581::c3d2:1
c3d2-anon: fd23:42:c3d2:581::c3d2:a
upstream1: fd23:42:c3d2:581::b:0
upstream2: fd23:42:c3d2:581::b:1
upstream3: fd23:42:c3d2:581::b:2
upstream4: fd23:42:c3d2:581::b:3
priv1-gw: fd23:42:c3d2:581::c:0
priv2-gw: fd23:42:c3d2:581::c:1
priv3-gw: fd23:42:c3d2:581::c:2
priv4-gw: fd23:42:c3d2:581::c:3
priv5-gw: fd23:42:c3d2:581::c:4
priv6-gw: fd23:42:c3d2:581::c:5
priv7-gw: fd23:42:c3d2:581::c:6
priv8-gw: fd23:42:c3d2:581::c:7
priv9-gw: fd23:42:c3d2:581::c:8
priv10-gw: fd23:42:c3d2:581::c:9
priv11-gw: fd23:42:c3d2:581::c:a
priv12-gw: fd23:42:c3d2:581::c:b
priv13-gw: fd23:42:c3d2:581::c:c
priv14-gw: fd23:42:c3d2:581::c:d
priv15-gw: fd23:42:c3d2:581::c:e
priv16-gw: fd23:42:c3d2:581::c:d
serv:
serv-gw: fd23:42:c3d2:582::1
pub:
pub-gw: fd23:42:c3d2:583::1
priv1:
priv1-gw: fd23:42:c3d2:5c0::1
priv2:
priv2-gw: fd23:42:c3d2:5c1::1
priv3:
priv3-gw: fd23:42:c3d2:5c2::1
priv4:
priv4-gw: fd23:42:c3d2:5c3::1
priv5:
priv5-gw: fd23:42:c3d2:5c4::1
priv6:
priv6-gw: fd23:42:c3d2:5c5::1
priv7:
priv7-gw: fd23:42:c3d2:5c6::1
priv8:
priv8-gw: fd23:42:c3d2:5c7::1
priv9:
priv9-gw: fd23:42:c3d2:5c8::1
priv10:
priv10-gw: fd23:42:c3d2:5c9::1
priv11:
priv11-gw: fd23:42:c3d2:5ca::1
priv12:
priv12-gw: fd23:42:c3d2:5cb::1
priv13:
priv13-gw: fd23:42:c3d2:5cc::1
priv14:
priv14-gw: fd23:42:c3d2:5cd::1
priv15:
priv15-gw: fd23:42:c3d2:5ce::1
priv16:
priv16-gw: fd23:42:c3d2:5cf::1
c3d2:
c3d2-anon: fd23:42:c3d2:523::c3d2:1
c3d2-gw: fd23:42:c3d2:523::c3d2:4

10
salt-pillar/lxc-containers/server1.sls
View File

@ -4,6 +4,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
pub:
type: veth
@ -20,6 +21,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv1:
type: phys
@ -28,6 +30,7 @@ containers:
core:
type: veth
gw: upstream2
gw6: upstream2
priv2:
type: phys
@ -36,6 +39,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv3:
type: phys
@ -44,6 +48,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv4:
type: phys
@ -52,6 +57,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv5:
type: phys
@ -60,6 +66,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv6:
type: phys
@ -68,6 +75,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv7:
type: phys
@ -76,6 +84,7 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
priv8:
type: phys
@ -114,5 +123,6 @@ containers:
core:
type: veth
gw: anon1
gw6: anon1
c3d2:
type: veth

22
salt-pillar/subnets/init.sls
View File

@ -20,3 +20,25 @@ subnets-inet:
priv16: 172.20.75.224/28
c3d2: 172.22.99.0/24
mgmt: 10.0.0.0/24
subnets-inet6:
core: fd23:42:c3d2:581::/64
serv: fd23:42:c3d2:582::/64
pub: fd23:42:c3d2:583::/64
priv1: fd23:42:c3d2:5c0::/64
priv2: fd23:42:c3d2:5c1::/64
priv3: fd23:42:c3d2:5c2::/64
priv4: fd23:42:c3d2:5c3::/64
priv5: fd23:42:c3d2:5c4::/64
priv6: fd23:42:c3d2:5c5::/64
priv7: fd23:42:c3d2:5c6::/64
priv8: fd23:42:c3d2:5c7::/64
priv9: fd23:42:c3d2:5c8::/64
priv10: fd23:42:c3d2:5c9::/64
priv11: fd23:42:c3d2:5ca::/64
priv12: fd23:42:c3d2:5cb::/64
priv13: fd23:42:c3d2:5cc::/64
priv14: fd23:42:c3d2:5cd::/64
priv15: fd23:42:c3d2:5ce::/64
priv16: fd23:42:c3d2:5cf::/64
c3d2: fd23:42:c3d2:523::/64

23
salt/lxc-containers/config
View File

@ -22,24 +22,35 @@ lxc.network.hwaddr={{ hwaddr_prefix }}:{{ n.__str__().rjust(2, '0') }}
{%- if conf['type'] == 'veth' %}
lxc.network.veth.pair={{ id }}-{{ net }}
{%- endif %}
{%- set hosts = pillar['hosts-inet'].get(net) %}
{%- set inet_addr = hosts and hosts.get(id) %}
{%- if inet_addr %}
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
{%- endif %}
{%- set gw = conf.get('gw') %}
{%- if gw %}
lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
{%- endif %}
{%- set hosts6 = pillar['hosts-inet6'].get(net) %}
{%- set inet6_addr = hosts6 and hosts6.get(id) %}
{%- if inet6_addr %}
{%- set prefix6_len = pillar['subnets-inet6'][net].split('/')[1] %}
lxc.network.ipv6={{ inet6_addr }}/{{ prefix6_len }}
{%- endif %}
{%- set gw6 = conf.get('gw6') %}
{%- if gw6 %}
lxc.network.ipv6.gateway={{ pillar['hosts-inet6'][net][gw] }}
{%- endif %}
{%- if conf['type'] == 'veth' %}
lxc.network.link=br-{{ net }}
{%- elif conf['type'] == 'phys' %}
lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}
{%- endif %}
lxc.network.name={{ net }}
{%- set gw = conf.get('gw') %}
{%- if gw %}
lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
{%- endif %}
#lxc.network.ipv6=
#lxc.network.ipv6.gateway=fe80::1
{%- set n = n + 1 %}
{%- endfor %}

28
salt/quagga/ospf6d/init.sls Normal file
View File

@ -0,0 +1,28 @@
quagga:
pkg.installed: []
/etc/systemd/system/ospf6d.service:
file.managed:
- source: salt://quagga/ospf6d/ospf6d.service
/etc/quagga/ospf6d.conf:
file.managed:
- source: salt://quagga/ospf6d/ospf6d.conf
- template: 'jinja'
- require:
- pkg: quagga
autostart-ospf6d:
service.enabled:
- name: ospf6d
require:
- file: /etc/systemd/system/ospf6d.service
- file: /etc/quagga/ospf6d.conf
start-ospf6d:
service.running:
- name: ospf6d
require:
- service: autostart-ospf6d
watch:
- file: /etc/quagga/ospf6d.conf

25
salt/quagga/ospf6d/ospf6d.conf Normal file
View File

@ -0,0 +1,25 @@
log file /var/log/quagga/ospfd.log
{%- set id = salt['grains.get']('id') %}
{%- set core_ifaces = ['br-core', 'core'] %}
{%- for iface in core_ifaces %}
interface {{ iface }}
ipv6 ospf6 network broadcast
{%- endfor %}
router ospf6
router-id {{ pillar['hosts-inet']['core'][id] }}
{%- for iface in core_ifaces %}
interface {{ iface }} area 0.0.0.0
{%- endfor %}
area 0.0.0.0 range {{ pillar['subnets-inet6']['core'] }}
{%- set redistribute = pillar['ospf'].get('redistribute') %}
{%- if redistribute %}
{%- for kind in redistribute %}
redistribute {{ kind }}
{%- endfor %}
{%- endif %}

11
salt/quagga/ospf6d/ospf6d.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Requires = zebra.service
After = network.target
[Service]
ExecStartPre = /bin/mkdir -p /var/run/quagga
ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/
ExecStart = /usr/lib/quagga/ospf6d
[Install]
WantedBy = default.target

28
salt/quagga/zebra/init.sls Normal file
View File

@ -0,0 +1,28 @@
quagga:
pkg.installed: []
/etc/systemd/system/zebra.service:
file.managed:
- source: salt://quagga/zebra/zebra.service
/etc/quagga/zebra.conf:
file.managed:
- source: salt://quagga/zebra/zebra.conf
- template: 'jinja'
- require:
- pkg: quagga
autostart-zebra:
service.enabled:
- name: zebra
require:
- file: /etc/systemd/system/zebra.service
- file: /etc/quagga/zebra.conf
start-zebra:
service.running:
- name: zebra
require:
- service: autostart-zebra
watch:
- file: /etc/quagga/zebra.conf

12
salt/top.sls
View File

@ -5,6 +5,7 @@ base:
- lxc-containers
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- switches
- cpe
'priv*-gw':
@ -12,17 +13,27 @@ base:
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- dhcp
'pub-gw or serv-gw':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- dhcp
'c3d2-gw or c3d2-anon':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
'upstream*':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- unbound
- upstream.dhcp
- upstream.shaping
@ -38,6 +49,7 @@ base:
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- vpn.openvpn
- upstream.masquerade
- upstream.shaping