add multiple ipv6 upstream mechanisms (6to4, slac)
This commit is contained in:
parent
420dbea8d1
commit
5c7e8139c0
|
@ -1,5 +1,6 @@
|
||||||
upstream:
|
upstream:
|
||||||
interface: ipredator
|
interface: ipredator
|
||||||
|
nat66-interface: ipredator
|
||||||
up-bandwidth: 4000
|
up-bandwidth: 4000
|
||||||
flow-keys: nfct-src
|
flow-keys: nfct-src
|
||||||
flows: 4096
|
flows: 4096
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
upstream:
|
upstream:
|
||||||
interface: up1
|
interface: up1
|
||||||
|
nat66-interface: 6to4
|
||||||
up-bandwidth: 6200
|
up-bandwidth: 6200
|
||||||
flow-keys: nfct-src
|
flow-keys: nfct-src
|
||||||
flows: 2048
|
flows: 2048
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
upstream:
|
upstream:
|
||||||
interface: up2
|
interface: up2
|
||||||
|
nat66-interface: 6to4
|
||||||
up-bandwidth: 6200
|
up-bandwidth: 6200
|
||||||
flow-keys: nfct-src
|
flow-keys: nfct-src
|
||||||
flows: 2048
|
flows: 2048
|
||||||
|
|
|
@ -5,7 +5,7 @@ procps:
|
||||||
file.managed:
|
file.managed:
|
||||||
- source: "salt://forwarding/forwarding.conf"
|
- source: "salt://forwarding/forwarding.conf"
|
||||||
|
|
||||||
apply:
|
apply-forwarding:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: sysctl -p /etc/sysctl.d/80-forwarding.conf
|
- name: sysctl -p /etc/sysctl.d/80-forwarding.conf
|
||||||
require:
|
require:
|
||||||
|
|
|
@ -15,9 +15,15 @@ base:
|
||||||
- no-ssh
|
- no-ssh
|
||||||
- forwarding
|
- forwarding
|
||||||
- ospf
|
- ospf
|
||||||
|
- unbound
|
||||||
- upstream.dhcp
|
- upstream.dhcp
|
||||||
- upstream.shaping
|
- upstream.shaping
|
||||||
- unbound
|
'upstream1':
|
||||||
|
- upstream.6to4
|
||||||
|
- upstream.nat66
|
||||||
|
'upstream2':
|
||||||
|
- upstream.6slac
|
||||||
|
- upstream.nat66
|
||||||
'anon*':
|
'anon*':
|
||||||
- no-ssh
|
- no-ssh
|
||||||
- forwarding
|
- forwarding
|
||||||
|
@ -25,3 +31,4 @@ base:
|
||||||
- vpn.openvpn
|
- vpn.openvpn
|
||||||
- upstream.masquerade
|
- upstream.masquerade
|
||||||
- upstream.shaping
|
- upstream.shaping
|
||||||
|
- upstream.nat66
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
net.ipv6.conf.{{ interface }}.accept_ra=2
|
|
@ -0,0 +1,15 @@
|
||||||
|
{%- set interface = pillar['upstream']['interface'] %}
|
||||||
|
|
||||||
|
/etc/sysctl.d/70-upstream-6slac.conf:
|
||||||
|
file.managed:
|
||||||
|
- source: "salt://upstream/6slac.conf"
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ interface }}
|
||||||
|
|
||||||
|
apply-6slac:
|
||||||
|
cmd.run:
|
||||||
|
- name: sysctl -p /etc/sysctl.d/70-upstream-6slac.conf
|
||||||
|
require:
|
||||||
|
- file: /etc/sysctl.d/70-upstream-6slac.conf
|
||||||
|
- pkg: procps
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
ip tunnel del 6to4
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
INET=$(ip addr show dev {{ interface }} | \
|
||||||
|
egrep -oe '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+' | \
|
||||||
|
head -n 1)
|
||||||
|
PREFIX=$(printf "2002:%02x%02x:%02x%02x:\n" $(echo $INET | tr . ' '))
|
||||||
|
|
||||||
|
ip tunnel add 6to4 mode sit remote 192.88.99.1 local $INET
|
||||||
|
ip addr add "${PREFIX}:1/128" dev 6to4
|
||||||
|
ip link set 6to4 up
|
||||||
|
ip route add 2000::/3 dev 6to4 via ::192.88.99.1
|
|
@ -0,0 +1,17 @@
|
||||||
|
{%- set interface = pillar['upstream']['interface'] %}
|
||||||
|
|
||||||
|
/etc/network/if-up.d/6to4:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/6to4-up
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ interface }}
|
||||||
|
- mode: 755
|
||||||
|
|
||||||
|
/etc/network/if-down.d/6to4:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/6to4-down
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ interface }}
|
||||||
|
- mode: 755
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
|
ip6tables -t nat -A POSTROUTING -o "$IFACE" -j MASQUERADE
|
||||||
|
fi
|
|
@ -0,0 +1,11 @@
|
||||||
|
{%- set interface = pillar['upstream']['nat66-interface'] %}
|
||||||
|
|
||||||
|
/etc/network/if-pre-up.d/nat66:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/nat66
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ interface }}
|
||||||
|
- mode: 755
|
||||||
|
- require:
|
||||||
|
- pkg: iptables
|
Loading…
Reference in New Issue