Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Klub-RZ:683555e4eb46d22d0d0a251b9e46e208a254946f
Branches Tags
Klub-RZ:master
Klub-RZ:serveur-photo
Klub-RZ:mrf-whitelist
Klub-RZ:deploy_dokuwiki
Klub-RZ:headscale
Klub-RZ:public-cof
Klub-RZ:rm-HackENS-keys
Klub-RZ:raito/add-remote-builders
Klub-RZ:remote-builder-01
...
compare: Klub-RZ:dfeeb1c4eab48bd7673dd9ce42e24879288c62de
Branches Tags
Klub-RZ:master
Klub-RZ:serveur-photo
Klub-RZ:mrf-whitelist
Klub-RZ:deploy_dokuwiki
Klub-RZ:headscale
Klub-RZ:public-cof
Klub-RZ:rm-HackENS-keys
Klub-RZ:raito/add-remote-builders
Klub-RZ:remote-builder-01

2 commits
683555e4eb ... dfeeb1c4ea

Author SHA1 Message Date
Raito Bezarius
dfeeb1c4ea router(*): VRRP the admin interface 
Now, the Proxmox can be accessed while redeploying one of the router!
 2024-01-12 04:36:15 +01:00
Raito Bezarius
bcbfc91a11 router(*): Use unicast rather than multicast 
Due to an unfathomable issue where I would need to recompile with full debug keepalived,
keepalived seems to be not seeing the multicast packets on the vrrp-router
and thus we need to fallback to the disgusting unicast solution.

Well, let's move on.
 2024-01-12 04:22:34 +01:00
3 changed files with 26 additions and 10 deletions
Show stats Expand all files Collapse all files

2
machines/router03/router.nix
View file

@ -4,10 +4,10 @@
enable = true; enable = true;
enablePrimary = true; enablePrimary = true;
routerId = 1; routerId = 1;
virtualRouterId = 1;
vip = "129.199.146.230"; vip = "129.199.146.230";
rip = "129.199.146.231"; rip = "129.199.146.231";
trunkPort.macAddress = "92:E3:9C:CE:EF:14"; trunkPort.macAddress = "92:E3:9C:CE:EF:14";
virtualNeighbors = [ 2 ];
}; };
# systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; # systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";

2
machines/router04/router.nix
View file

@ -4,10 +4,10 @@
enable = true; enable = true;
enablePrimary = false; enablePrimary = false;
routerId = 2; routerId = 2;
virtualRouterId = 1;
vip = "129.199.146.230"; vip = "129.199.146.230";
rip = "129.199.146.232"; rip = "129.199.146.232";
trunkPort.macAddress = "92:E3:9C:CE:EF:15"; trunkPort.macAddress = "92:E3:9C:CE:EF:15";
virtualNeighbors = [ 1 ];
}; };
# systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; # systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";

32
modules/krz-router.nix
View file

@ -46,16 +46,17 @@ in
type = types.int; type = types.int;
description = "Router ID for computing automatic IPs"; description = "Router ID for computing automatic IPs";
}; };
virtualRouterId = mkOption {
type = types.int;
description = "Virtual router ID for VRRP";
};
virtualPriority = mkOption { virtualPriority = mkOption {
type = types.int; type = types.int;
description = "Virtual router priority in the election"; description = "Virtual router priority in the election";
# As recommended per RFC. # As recommended per RFC.
default = if cfg.enablePrimary then 100 else 50; default = if cfg.enablePrimary then 100 else 50;
}; };
virtualNeighbors = mkOption {
type = types.listOf types.int;
description = "Virtual router neighbors in terms of router IDs";
default = [ ];
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -131,7 +132,7 @@ in
matchConfig.Name = "wgadmin"; matchConfig.Name = "wgadmin";
networkConfig = { networkConfig = {
Description = "VPN d'administration système de l'infrastructure"; Description = "VPN d'administration système de l'infrastructure";
Address = [ "fd81:fb3a:50cc::${toString cfg.routerId}/64" ]; Address = [ "fd81:fb3a:50cc::${toString (cfg.routerId + 1)}/64" ];
# Give access to the rest of the network. # Give access to the rest of the network.
IPForward = "ipv6"; IPForward = "ipv6";
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
@ -142,7 +143,7 @@ in
matchConfig.Name = "admin"; matchConfig.Name = "admin";
networkConfig = { networkConfig = {
Description = "VLAN d'administration système de l'infrastructure"; Description = "VLAN d'administration système de l'infrastructure";
Address = [ "fd81:fb3a:50cc:1::${toString cfg.routerId}/48" ]; Address = [ "fd81:fb3a:50cc:1::${toString (cfg.routerId + 1)}/48" ];
# Give access to the rest of the network. # Give access to the rest of the network.
IPForward = "ipv6"; IPForward = "ipv6";
IPv6ProxyNDP = true; IPv6ProxyNDP = true;
@ -336,7 +337,7 @@ in
matchConfig.Name = "vrrp-router"; matchConfig.Name = "vrrp-router";
networkConfig = { networkConfig = {
Description = "VRRP router health network"; Description = "VRRP router health network";
Address = [ "10.0.0.${toString cfg.routerId}/24" ]; Address = [ "10.0.0.${toString cfg.routerId}/24" "fe80::${toString cfg.routerId}/64" ];
KeepConfiguration = true; KeepConfiguration = true;
}; };
}; };
@ -351,8 +352,23 @@ in
# We want to start in a stable state. # We want to start in a stable state.
priority = cfg.virtualPriority; priority = cfg.virtualPriority;
virtualIps = [{ addr = "${cfg.vip}/24"; dev = "swp"; scope = "global"; }]; virtualIps = [{ addr = "${cfg.vip}/24"; dev = "swp"; scope = "global"; }];
inherit (cfg) virtualRouterId; virtualRouterId = 50;
noPreempt = !cfg.enablePrimary; noPreempt = !cfg.enablePrimary;
unicastPeers = map (n: "10.0.0.${toString n}") cfg.virtualNeighbors;
};
vrrpInstances.admin = {
interface = "vrrp-router";
state = if cfg.enablePrimary then "MASTER" else "BACKUP";
# We want to start in a stable state.
priority = cfg.virtualPriority;
virtualIps = [
{ addr = "fd81:fb3a:50cc::1/64"; dev = "wgadmin"; }
{ addr = "fd81:fb3a:50cc:1::1/48"; dev = "admin"; }
];
virtualRouterId = 51;
noPreempt = !cfg.enablePrimary;
unicastPeers = map (n: "fe80::${toString n}") cfg.virtualNeighbors;
unicastSrcIp = "fe80::${toString cfg.routerId}";
}; };
}; };
}; };