jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup...

This commit is contained in:
toby 2018-10-19 16:56:11 +02:00
parent cfdc1cd3a9
commit 7e1d7993fe
2 changed files with 162 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
debian/wit-network-config.postinst vendored
View File

@ -104,7 +104,7 @@ case "$1" in
## build FRR neightbor interfaces
FRR_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_NEIGH"
FRR_EDGE_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_EDGE_NEIGH"
## build regular linux network interface config
@ -126,7 +126,7 @@ case "$1" in
ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue ## skip undefined interfaces
echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'${ifmac}'", ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
if [[ $ifname = up? ]]; then
@ -137,13 +137,11 @@ case "$1" in
peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
## if this code gets executed even once we have a upX interface, meaning were dealing with an edge box
[ -z $peerv4 ] || FRR_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_NEIGH"
[ -z $peerv6 ] || FRR_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_NEIGH"
[ -z $peerv4 ] || FRR_EDGE_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_EDGE_NEIGH"
[ -z $peerv6 ] || FRR_EDGE_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_EDGE_NEIGH"
# we have a edge box, uncomment all edge special frr configs
SEDEXTRA='-e s/!!!\s\s//'
cat <<-EOF >>$IFCONFIG
auto $ifname
@ -208,9 +206,9 @@ case "$1" in
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
TEMPAGGS="\n !!! aggregate-address ${TEMP}"
TEMPAGGS=" !!! aggregate-address ${TEMP}\n"
FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="\n!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}"
TEMPSUM="!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
let i+=1
done
@ -218,13 +216,45 @@ case "$1" in
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
TEMPAGGS="\n !!! aggregate-address ${TEMP}"
TEMPAGGS=" !!! aggregate-address ${TEMP}\n"
FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="\n!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}"
TEMPSUM="!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.customers.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ip prefix-list WITv4-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 25\n"
FRR_IPV4_CUSTOMERS_PFLIST="${FRR_IPV4_CUSTOMERS_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.customers.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ipv6 prefix-list WITv6-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 64\n"
FRR_IPV6_CUSTOMERS_PFLIST="${FRR_IPV6_CUSTOMERS_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ip prefix-list LOOPBACKv4 seq $((i*5)) permit ${TEMP} ge 32\n"
FRR_IPV4_LOOPBACK_PFLIST="${FRR_IPV4_LOOPBACK_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ipv6 prefix-list LOOPBACKv6 seq $((i*5)) permit ${TEMP} ge 128\n"
FRR_IPV6_LOOPBACK_PFLIST="${FRR_IPV6_LOOPBACK_PFLIST}${TEMPSUM}"
let i+=1
done
## STOP compiling frr config
@ -235,14 +265,18 @@ case "$1" in
# set frr config
sed -i \
-e "s/^!!! FRR_IFS/$FRR_IFS/" \
-e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/" \
-e "s/^ !!! FRR_EDGE_NEIGH/$FRR_EDGE_NEIGH/" \
-e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \
-e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \
-e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \
-e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \
-e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/" \
-e "s/^!!! FRR_IPV4_CUSTOMERS_PFLIST/$FRR_IPV4_CUSTOMERS_PFLIST/" \
-e "s/^!!! FRR_IPV6_CUSTOMERS_PFLIST/$FRR_IPV6_CUSTOMERS_PFLIST/" \
-e "s/^!!! FRR_IPV4_LOOPBACK_PFLIST/$FRR_IPV4_LOOPBACK_PFLIST/" \
-e "s/^!!! FRR_IPV6_LOOPBACK_PFLIST/$FRR_IPV6_LOOPBACK_PFLIST/" \
-e "s/FRRROUTERID/${LOOPBACKv4}/" \
-e "s/NODEASN/${NODEASN}/" \
$SEDEXTRA \
$FRRCONFIG
exit 2
chown frr.frr $FRRCONFIG /etc/frr/daemons.wit

37
files/frr.conf.wit
View File

@ -94,28 +94,11 @@ router bgp NODEASN
exit-address-family
!
ip prefix-list LOOPBACKv4 seq 5 permit 10.1.0.0/16 ge 32
ip prefix-list WITv4-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
!!! FRR_IPV4_LOOPBACK_PFLIST
!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST
!!! ip prefix-list WITv4-SUMMARIES seq 15 permit 170.199.211.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 20 permit 170.199.212.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 25 permit 170.199.213.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 30 permit 170.199.214.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 35 permit 170.199.215.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 40 permit 170.199.216.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 45 permit 170.199.217.0/24
!!! FRR_IPV4_CUSTOMERS_PFLIST
!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
@ -128,22 +111,14 @@ ip prefix-list WITv4-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
!!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
!
ipv6 prefix-list LOOPBACKv6 seq 5 permit 2604:bbc0:0:100::/56 ge 128
!!! FRR_IPV6_LOOPBACK_PFLIST
!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST
!!! ipv6 prefix-list WITv6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
!!! ipv6 prefix-list WITv6-INTERNAL seq 10 permit 2604:bbc0::/48 ge 48
ipv6 prefix-list WITv6-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64
ipv6 prefix-list WITv6-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64
ipv6 prefix-list WITv6-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64
!!! FRR_IPV6_CUSTOMERS_PFLIST
!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0
!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
@ -225,10 +200,6 @@ route-map LOCALNETSv6 permit 5
!!! match ipv6 address prefix-list DEFAULT
!!! !
!!! route-map FABRICv6-OUT permit 10
!!! description "allow WIT internal IPs"
!!! match ipv6 address prefix-list WITv6-INTERNAL
!!! !
!!! route-map FABRICv6-OUT permit 15
!!! description "allow WIT customer IPs"
!!! match ipv6 address prefix-list WITv6-CUSTOMERS
!!! !