adding support for bastions public lo ipv4

2018-11-19 18:35:11 +01:00 · 2018-11-19 18:35:11 +01:00 · c65529f6ad
parent e5b6e96c2e
commit c65529f6ad
2 changed files with 27 additions and 13 deletions
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@ -84,20 +84,14 @@ case "$1" in

 	EOF

-        PUBLICLOIP=$(dig_a public.${HOSTNAME}) || true
-        if [[ ! -z $PUBLICLOIP ]]; then
+        BASTIONPUBLICIP=$(dig_a public.${HOSTNAME}) || true
+        if [[ ! -z $BASTIONPUBLICIP ]]; then
                cat <<-EOF >>$IFCONFIG
 			iface lo inet static
-			    address ${PUBLICLOIP}/32
+			    address ${BASTIONPUBLICIP}/32


 		EOF
-
-		FRR_BASTION="${FRR_BASTION}route-map BASTION permit 10\n"
-		FRR_BASTION="${FRR_BASTION}  match ip address prefix-list DEFAULT\n"
-		FRR_BASTION="${FRR_BASTION}  set src ${PUBLICLOIP}\n"
-		FRR_BASTION="${FRR_BASTION}ip protocol bgp route-map BASTION\n"
-
        fi


@ -246,6 +240,14 @@ case "$1" in


 		EOF
+
+                FRR_IFS="${FRR_IFS}interface ${ifname}\n"
+                FRR_IFS="${FRR_IFS} description $ifalias\n"
+                FRR_IFS="${FRR_IFS} ipv6 nd other-config-flag\n"
+                FRR_IFS="${FRR_IFS} ipv6 nd prefix 2604:bbc0:0:210::/64\n"
+                FRR_IFS="${FRR_IFS} ipv6 nd ra-interval 10\n"
+                FRR_IFS="${FRR_IFS} no ipv6 nd suppress-ra\n!\n"
+
            fi


@ -326,7 +328,6 @@ case "$1" in

      # set frr config
        sed -i \
-                -e "s/^!!! FRR_BASTION/$FRR_BASTION/" \
                -e "s/^!!! FRR_IFS/$FRR_IFS/" \
                -e "s/^ !!! FRR_EDGE_NEIGH/$FRR_EDGE_NEIGH/"  \
                -e "s/^  !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/"  \
@ -337,11 +338,13 @@ case "$1" in
                -e "s/^!!! FRR_IPV6_CUSTOMERS_PFLIST/$FRR_IPV6_CUSTOMERS_PFLIST/"  \
                -e "s/^!!! FRR_IPV4_LOOPBACK_PFLIST/$FRR_IPV4_LOOPBACK_PFLIST/"  \
                -e "s/^!!! FRR_IPV6_LOOPBACK_PFLIST/$FRR_IPV6_LOOPBACK_PFLIST/"  \
+                -e "s/BASTION-PUBLIC-IP/$BASTIONPUBLICIP/" \
                -e "s/FRR_GRE_ASN/${FRR_GRE_ASN}/"  \
                -e "s/FRRROUTERID/${LOOPBACKv4}/" \
                -e "s/NODEASN/${NODEASN}/"  \
                $FRRCONFIG
        [ -z $FRR_EDGE_NEIGH ] || sed -i -e 's/!!!  //' $FRRCONFIG
+        [ -z $BASTIONPUBLICIP ] || sed -i -e 's/!!BASTION  //' $FRRCONFIG



--- a/files/frr.conf.wit
+++ b/files/frr.conf.wit
@ -115,7 +115,7 @@ ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
 ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
 ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32

-
+!!BASTION  ip prefix-list BASTION seq 5 permit BASTION-PUBLIC-IP/32

 !!! FRR_IPV6_LOOPBACK_PFLIST

@ -149,7 +149,11 @@ route-map EIPv6 permit 5
 route-map LOCALNETSv4 permit 5
 description "permit loopback ips"
 match ip address prefix-list LOOPBACKv4
-!
+
+!!BASTION  route-map LOCALNETSv4 permit 10
+!!BASTION   description permit bastion public loopback ip
+!!BASTION   match ip address prefix-list BASTION
+
 route-map LOCALNETSv6 permit 5
 description "permit ipv6 loopback ips"
 match ipv6 address prefix-list LOOPBACKv6
@ -228,7 +232,14 @@ route-map LOCALNETSv6 permit 5
 !!!  !


-!!! FRR_BASTION
+!!BASTION  route-map BASTION permit 5
+!!BASTION   match ip address prefix-len 0
+!!BASTION   set src BASTION-PUBLIC-IP
+
+!!BASTION  route-map BASTION permit 10
+!!BASTION   match ip address prefix-list ALL
+
+!!BASTION  ip protocol bgp route-map BASTION


 !