Many small changes
Netdev: - Add accept_ra - Generalize sysctls - Add property header - Add vrf gateway - Bump unreachable metric up to 4096 Router example: - Tree-structure definitions
This commit is contained in:
parent
7200ce64c9
commit
00dce74879
GPG Key ID:
F92BA85F61F4C173
|
|
@ -5,7 +5,7 @@
|
|||
# VRFs
|
||||
VRF="vrf-wgate"
|
||||
new_if_vrf "$VRF" 20
|
||||
if_route_vrf_sink_unreach "$VRF" "2a04:5b81:2060::/48"
|
||||
if_route_vrf_sink_unreach "$VRF" "2a04:5b81:2060::/44"
|
||||
if_route_vrf_sink_unreach "$VRF" "2a04:5b81:2010::/44"
|
||||
if_route_vrf_default_unreach "$VRF"
|
||||
|
||||
|
|
@ -21,6 +21,7 @@ new_if_vrf "$VRF" 20
|
|||
if_bridge_property 'mcast_querier' "$IFACE"
|
||||
if_bridge_property 'mcast_mld_version' "$IFACE" '2' ''
|
||||
if_forward "$IFACE"
|
||||
if_accept_ra "$IFACE"
|
||||
if_dhcp "$IFACE"
|
||||
|
||||
if_slave "$IFACE" "vnet0"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ new_if_phys "eth0"
|
|||
|
||||
IFACE="br0"
|
||||
new_if_bridge "$IFACE"
|
||||
if_bridge_property 'stp_state' "$IFACE"
|
||||
if_bridge_property 'mcast_router' "$IFACE"
|
||||
if_bridge_property 'mcast_snooping' "$IFACE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$IFACE"
|
||||
|
|
|
|||
74
netdev.sh
74
netdev.sh
|
|
@ -35,6 +35,11 @@ header_vrf() {
|
|||
echo "define VRF $vrf"
|
||||
}
|
||||
|
||||
header_prop() {
|
||||
local prop="${1:?missing prop}"
|
||||
echo "define PROP $prop"
|
||||
}
|
||||
|
||||
header_path() {
|
||||
cat <<EOF
|
||||
s6-envdir -i /etc/s6/env/path
|
||||
|
|
@ -320,7 +325,24 @@ if_forward() {
|
|||
local if="${1:?missing if}"
|
||||
local fam="${2:-6}"
|
||||
|
||||
local sname="sysctl.net-ipv$fam-conf-$if-forwarding"
|
||||
if_sysctl "$if" "forwarding" '1' '0' "$fam"
|
||||
}
|
||||
|
||||
if_accept_ra() {
|
||||
local if="${1:?missing if}"
|
||||
local fam="6"
|
||||
|
||||
if_sysctl "$if" "accept_ra" '2' '0' "$fam"
|
||||
}
|
||||
|
||||
if_sysctl() {
|
||||
local if="${1:?missing if}"
|
||||
local prop="${2:?missing property}"
|
||||
local val_e="${3:-1}"
|
||||
local val_d="${4:-0}"
|
||||
local fam="${5:-6}"
|
||||
|
||||
local sname="sysctl.net-ipv$fam-conf-$if-$prop"
|
||||
bundle_stage_step_configure "$if" "$sname"
|
||||
|
||||
install -Dm644 <(
|
||||
|
|
@ -328,10 +350,11 @@ if_forward() {
|
|||
header_path
|
||||
header_if "$if"
|
||||
header_fam "$fam"
|
||||
header_prop "$prop"
|
||||
cat <<EOF
|
||||
export VAL 1
|
||||
s6-envdir -I /etc/s6/env/sysctl.net-ipv\${FAMILY}-conf-\${INTERFACE}-forwarding
|
||||
export SYSCTL net/ipv\${FAMILY}/conf/\${INTERFACE}/forwarding
|
||||
export VAL $val_e
|
||||
s6-envdir -I /etc/s6/env/sysctl.net-ipv\${FAMILY}-conf-\${INTERFACE}-\${PROP}
|
||||
export SYSCTL net/ipv\${FAMILY}/conf/\${INTERFACE}/\${PROP}
|
||||
/usr/libexec/nnd/s6/sysctl
|
||||
EOF
|
||||
) rc/"$sname"/up
|
||||
|
|
@ -340,9 +363,10 @@ EOF
|
|||
header_path
|
||||
header_if "$if"
|
||||
header_fam "$fam"
|
||||
header_prop "$prop"
|
||||
cat <<EOF
|
||||
export SYSCTL net/ipv\${FAMILY}/conf/\${INTERFACE}/forwarding
|
||||
export VAL 0
|
||||
export SYSCTL net/ipv\${FAMILY}/conf/\${INTERFACE}/\${PROP}
|
||||
export VAL $val_d
|
||||
/usr/libexec/nnd/s6/sysctl
|
||||
EOF
|
||||
) rc/"$sname"/down
|
||||
|
|
@ -511,6 +535,40 @@ if_route_vrf_addr() {
|
|||
depends "$sname" interface."$if".link interface."$vrf".create
|
||||
}
|
||||
|
||||
if_route_vrf_addr_gateway() {
|
||||
local vrf="${1:?missing vrf}"
|
||||
local if="${2:?missing if}"
|
||||
local gateway="${3:?missing gw}"
|
||||
local addr="${4:?missing addr}"
|
||||
local fam="${5:-6}"
|
||||
local gatewayn="$(echo "$gateway" | sed 's/\//_/g')"
|
||||
local addrn="$(echo "$addr" | sed 's/\//_/g')"
|
||||
|
||||
local sname="interface.$if.gateway.$vrf.$fam.$gatewayn"
|
||||
bundle_stage_step_ready "$if" "$sname" # Interface route may be added only if it's up
|
||||
|
||||
install -Dm644 <(
|
||||
header_eb
|
||||
header_path
|
||||
header_vrf "$vrf"
|
||||
header_if "$if"
|
||||
header_addr "$gateway"
|
||||
header_fam "$fam"
|
||||
echo 'ip -${FAMILY} route add default via $ADDR dev $INTERFACE vrf $VRF'
|
||||
) rc/"$sname"/up
|
||||
install -Dm644 <(
|
||||
header_eb
|
||||
header_path
|
||||
header_vrf "$vrf"
|
||||
header_if "$if"
|
||||
header_addr "$gateway"
|
||||
header_fam "$fam"
|
||||
echo 'ip -${FAMILY} route del default via $ADDR dev $INTERFACE vrf $VRF'
|
||||
) rc/"$sname"/down
|
||||
install -Dm644 <(echo oneshot) rc/"$sname"/type
|
||||
|
||||
depends "$sname" "interface.$if.route.$vrf.$fam.$addrn" interface."$if".link interface."$vrf".create
|
||||
}
|
||||
|
||||
if_route_vrf_default_interface() {
|
||||
local vrf="${1:?missing vrf}"
|
||||
|
|
@ -553,14 +611,14 @@ if_route_vrf_default_unreach() {
|
|||
header_path
|
||||
header_if "$if"
|
||||
header_fam "$fam"
|
||||
echo 'ip -${FAMILY} route add unreachable default vrf $INTERFACE'
|
||||
echo 'ip -${FAMILY} route add unreachable default metric 4096 vrf $INTERFACE'
|
||||
) rc/"$sname"/up
|
||||
install -Dm644 <(
|
||||
header_eb
|
||||
header_path
|
||||
header_if "$if"
|
||||
header_fam "$fam"
|
||||
echo 'ip -${FAMILY} route del unreachable default vrf $INTERFACE'
|
||||
echo 'ip -${FAMILY} route del unreachable default metric 4096 vrf $INTERFACE'
|
||||
) rc/"$sname"/down
|
||||
install -Dm644 <(echo oneshot) rc/"$sname"/type
|
||||
|
||||
|
|
|
|||
221
router.sh
221
router.sh
|
|
@ -2,110 +2,141 @@
|
|||
|
||||
. "$(dirname -- "$0")/netdev.sh"
|
||||
|
||||
# Physical
|
||||
# Unallocated (yet)
|
||||
new_if_phys "phys0"
|
||||
new_if_phys "phys1"
|
||||
|
||||
IFACE="phys2"
|
||||
new_if_phys "phys2"
|
||||
new_if_vlan "$IFACE-42"
|
||||
new_if_vlan "$IFACE-66"
|
||||
new_if_phys "phys3"
|
||||
VRF="vrf-dn42"
|
||||
new_if_vrf "$VRF" 20
|
||||
if_route_vrf_default_unreach "$VRF"
|
||||
|
||||
# Virtual
|
||||
new_if_phys "vnet0"
|
||||
new_if_phys "vnet1"
|
||||
new_if_phys "vnet2"
|
||||
new_if_phys "vnet3"
|
||||
new_if_phys "vnet4"
|
||||
new_if_phys "vnet5"
|
||||
BRIDGE="br-dn42"
|
||||
if_slave "$VRF" "$BRIDGE"
|
||||
new_if_bridge "$BRIDGE"
|
||||
IFACE="phys2-42"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_vlan "$IFACE"
|
||||
|
||||
# VRFs
|
||||
IFACE="vrf-dn42"
|
||||
new_if_vrf "$IFACE" 20
|
||||
if_route_vrf_default_unreach "$IFACE"
|
||||
if_slave "$IFACE" "br-dn42"
|
||||
if_slave "$IFACE" "famfo"
|
||||
if_slave "$IFACE" "mark22k"
|
||||
if_slave "$IFACE" "highdef"
|
||||
if_slave "$IFACE" "kioubit"
|
||||
if_slave "$IFACE" "lare"
|
||||
if_slave "$IFACE" "vnet5"
|
||||
IFACE="famfo"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::1422:1/64"
|
||||
|
||||
IFACE="vrf-v6"
|
||||
new_if_vrf "$IFACE" 10
|
||||
if_route_vrf_sink_unreach "$IFACE" "2a04:5b81:2060::/48"
|
||||
if_route_vrf_default_interface "$IFACE" "intersix"
|
||||
if_slave "$IFACE" "intersix"
|
||||
if_slave "$IFACE" "b00b"
|
||||
if_slave "$IFACE" "f33d"
|
||||
if_slave "$IFACE" "d00d"
|
||||
IFACE="mark22k"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::4546/64"
|
||||
|
||||
# Bridges
|
||||
IFACE="home"
|
||||
new_if_bridge "$IFACE"
|
||||
if_bridge_property 'stp_state' "$IFACE"
|
||||
if_bridge_property 'mcast_router' "$IFACE"
|
||||
if_bridge_property 'mcast_snooping' "$IFACE" '0' '' # TODO: Remove such entries when bridges play well with multicasting
|
||||
if_bridge_property 'mcast_querier' "$IFACE"
|
||||
if_bridge_property 'mcast_mld_version' "$IFACE" '2' ''
|
||||
if_dhcp "$IFACE"
|
||||
if_forward "$IFACE"
|
||||
if_slave "$IFACE" "vnet1"
|
||||
if_slave "$IFACE" "phys3"
|
||||
if_slave "$IFACE" "phys2"
|
||||
IFACE="highdef"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::2/64"
|
||||
|
||||
IFACE="br-dn42"
|
||||
new_if_bridge "$IFACE"
|
||||
if_slave "$IFACE" "phys2-42"
|
||||
IFACE="kioubit"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::2/64"
|
||||
|
||||
IFACE="f33d"
|
||||
new_if_bridge "$IFACE"
|
||||
if_bridge_property 'stp_state' "$IFACE"
|
||||
if_bridge_property 'mcast_router' "$IFACE"
|
||||
if_bridge_property 'mcast_snooping' "$IFACE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$IFACE"
|
||||
if_bridge_property 'mcast_mld_version' "$IFACE" '2' ''
|
||||
if_ether_address "$IFACE" '02:00:00:00:f3:3d'
|
||||
if_ip_addr "$IFACE" "2a04:5b81:2060:f33d::1/64"
|
||||
if_slave "$IFACE" "vnet2"
|
||||
IFACE="lare"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::2/64"
|
||||
|
||||
IFACE="b00b"
|
||||
new_if_bridge "$IFACE"
|
||||
if_bridge_property 'stp_state' "$IFACE"
|
||||
if_bridge_property 'mcast_router' "$IFACE"
|
||||
if_bridge_property 'mcast_snooping' "$IFACE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$IFACE"
|
||||
if_bridge_property 'mcast_stats_enabled' "$IFACE"
|
||||
if_bridge_property 'mcast_mld_version' "$IFACE" '2' ''
|
||||
if_ether_address "$IFACE" '02:00:00:00:b0:0b'
|
||||
if_ip_addr "$IFACE" "2a04:5b81:2060:b00b::1/64"
|
||||
if_slave "$IFACE" "vnet0"
|
||||
if_slave "$IFACE" "vnet4"
|
||||
if_slave "$IFACE" "phys2-66"
|
||||
IFACE="vnet5"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
IFACE="d00d"
|
||||
new_if_bridge "$IFACE"
|
||||
if_bridge_property 'stp_state' "$IFACE"
|
||||
if_bridge_property 'mcast_router' "$IFACE"
|
||||
if_bridge_property 'mcast_snooping' "$IFACE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$IFACE"
|
||||
if_bridge_property 'mcast_mld_version' "$IFACE" '2' ''
|
||||
if_ether_address "$IFACE" '02:00:00:00:d0:0d'
|
||||
if_ip_addr "$IFACE" "2a04:5b81:2060:d00d::1/64"
|
||||
if_slave "$IFACE" "vnet3"
|
||||
VRF="vrf-v6"
|
||||
new_if_vrf "$VRF" 10
|
||||
if_route_vrf_sink_unreach "$VRF" "2a04:5b81:2060::/44"
|
||||
|
||||
# Wireguard
|
||||
new_if_wg "famfo"
|
||||
if_ip_addr "famfo" "fe80::1422:1/64"
|
||||
new_if_wg "kioubit"
|
||||
if_ip_addr "kioubit" "fe80::2/64"
|
||||
new_if_wg "highdef"
|
||||
if_ip_addr "highdef" "fe80::2/64"
|
||||
new_if_wg "mark22k"
|
||||
if_ip_addr "mark22k" "fe80::4546/64"
|
||||
new_if_wg "lare"
|
||||
if_ip_addr "lare" "fe80::2/64"
|
||||
new_if_wg "intersix"
|
||||
if_ip_addr "intersix" "fe80::2/64"
|
||||
if_ip_addr "intersix" "2a04:5b80:ffff:ff0b::2/64"
|
||||
IFACE="intersix"
|
||||
#if_route_vrf_default_interface "$VRF" "$IFACE"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::2/64"
|
||||
if_ip_addr "$IFACE" "2a04:5b80:ffff:ff0b::2/64"
|
||||
|
||||
IFACE="vultrbgp"
|
||||
if_route_vrf_default_interface "$VRF" "$IFACE"
|
||||
if_slave "$VRF" "$IFACE"
|
||||
new_if_wg "$IFACE"
|
||||
if_ip_addr "$IFACE" "fe80::2/64"
|
||||
|
||||
BRIDGE="b00b"
|
||||
if_slave "$VRF" "$BRIDGE"
|
||||
new_if_bridge "$BRIDGE"
|
||||
if_bridge_property 'stp_state' "$BRIDGE"
|
||||
if_bridge_property 'mcast_router' "$BRIDGE"
|
||||
if_bridge_property 'mcast_snooping' "$BRIDGE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$BRIDGE"
|
||||
if_bridge_property 'mcast_stats_enabled' "$BRIDGE"
|
||||
if_bridge_property 'mcast_mld_version' "$BRIDGE" '2' ''
|
||||
if_ether_address "$BRIDGE" '02:00:00:00:b0:0b'
|
||||
if_ip_addr "$BRIDGE" "2a04:5b81:2060:b00b::1/64"
|
||||
|
||||
IFACE="vnet0"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
IFACE="vnet4"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
IFACE="phys2-66"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_vlan "$IFACE"
|
||||
|
||||
BRIDGE="f33d"
|
||||
if_slave "$VRF" "$BRIDGE"
|
||||
new_if_bridge "$BRIDGE"
|
||||
if_bridge_property 'stp_state' "$BRIDGE"
|
||||
if_bridge_property 'mcast_router' "$BRIDGE"
|
||||
if_bridge_property 'mcast_snooping' "$BRIDGE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$BRIDGE"
|
||||
if_bridge_property 'mcast_mld_version' "$BRIDGE" '2' ''
|
||||
if_ether_address "$BRIDGE" '02:00:00:00:f3:3d'
|
||||
if_ip_addr "$BRIDGE" "2a04:5b81:2060:f33d::1/64"
|
||||
|
||||
IFACE="vnet2"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
BRIDGE="d00d"
|
||||
if_slave "$VRF" "$BRIDGE"
|
||||
new_if_bridge "$BRIDGE"
|
||||
if_bridge_property 'stp_state' "$BRIDGE"
|
||||
if_bridge_property 'mcast_router' "$BRIDGE"
|
||||
if_bridge_property 'mcast_snooping' "$BRIDGE" '0' ''
|
||||
if_bridge_property 'mcast_querier' "$BRIDGE"
|
||||
if_bridge_property 'mcast_mld_version' "$BRIDGE" '2' ''
|
||||
if_ether_address "$BRIDGE" '02:00:00:00:d0:0d'
|
||||
if_ip_addr "$BRIDGE" "2a04:5b81:2060:d00d::1/64"
|
||||
|
||||
IFACE="vnet3"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
|
||||
# NO-vrf
|
||||
BRIDGE="home"
|
||||
new_if_bridge "$BRIDGE"
|
||||
if_bridge_property 'stp_state' "$BRIDGE"
|
||||
if_bridge_property 'mcast_router' "$BRIDGE"
|
||||
if_bridge_property 'mcast_snooping' "$BRIDGE" '0' '' # TODO: Remove such entries when bridges play well with multicasting
|
||||
if_bridge_property 'mcast_querier' "$BRIDGE"
|
||||
if_bridge_property 'mcast_mld_version' "$BRIDGE" '2' ''
|
||||
if_dhcp "$BRIDGE"
|
||||
if_forward "$BRIDGE"
|
||||
|
||||
IFACE="vnet1"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
IFACE="phys2"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
||||
IFACE="phys3"
|
||||
if_slave "$BRIDGE" "$IFACE"
|
||||
new_if_phys "$IFACE"
|
||||
|
|
|
|||
Loading…
Reference in New Issue