jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
263 Commits 1 Branch 0 Tags 268 KiB
Commit Graph

263 Commits

Author SHA1 Message Date
toby 396b2899ae ... seriously,... running out of ideas ... 2019-03-08 22:53:21 -08:00
toby b63d21ba83 ... seriously,... running out of ideas ... 2019-03-08 22:42:11 -08:00
toby 2b1c7b34a6 trying a whole new approach, seems like it worked on my wit-vm-router-config package, lets see what it does here ... 2019-03-08 22:14:00 -08:00
toby 1cf4ef12f7 migrating to the more conventional static arp/unnumbered ipv4 routing based on the BGP unnumbered RFC just without the BGP ;) ... its nice this way cause if we do decide to add BGP on top on a later time it will look essentially the same, just dynamic... for now it's static though ;) 2019-03-08 20:09:13 +00:00
toby 22b4da07a3 removing jumbo frames from uplinks. it aint happening.... 2019-02-23 06:22:12 +00:00
toby af873ce08e adding interface length safety 2019-02-23 05:16:27 +00:00
toby 15c67eae20 since we changed the manual vmrun script we can now force the if-variable file to be present in qemu-ifup 2019-02-23 05:05:21 +00:00
toby a497c70abe adding mgmt dhcp6 - so we get ntp and dns over ipv6 - and timesyncd dhcp6 exit script 2019-02-23 04:09:55 +00:00
toby fc197c9fce just comments... 2019-02-21 04:31:18 +00:00
toby fb96f1daa8 adding more resiliancy to the ifup-public script. we want it to maybe fail if it doesn't know what to do with the variable. not just silently continue 2019-02-21 01:02:35 +00:00
toby 13be20d519 writing out ipsec.secrets through postinst again since apparmor blocks any type of hide/displace action 2019-02-14 22:15:36 -08:00
toby 477b89aa0e fixing major bug in ipsec.secrets 2019-02-14 17:46:50 -08:00
toby 289b42e100 fixing sysctl tweak path 2019-02-14 17:31:38 -08:00
toby 3003509bf4 trying yet again a different approach to update files correctly upon install 2019-02-14 16:43:13 -08:00
toby a3934b7014 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:43:53 -08:00
toby 1066e48dc7 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:38:06 -08:00
toby 7ef14c0794 adding some comments to the dynamic files 2019-02-14 13:24:08 -08:00
toby db0f639547 switching the debian install around: all 'templates' are modified in the local folder and are than installed when already modified using isc-dhcp-server as an example in hope to imporove upgrade-consistency. 2019-02-14 12:35:33 -08:00
toby 94b3a68407 allow Default fallback route by default on eBGPv6-IN as well 2019-02-14 03:25:27 -08:00
root 30ac6534a3 adding first very very basic old-school vlan support 2019-02-14 08:34:11 +00:00
toby 5363feff09 firewall: adding new approach to stackapi over VPN, ipsec.conf: no changes, just nicer grouping 2019-02-09 19:48:51 -08:00
toby 90e3484f5c firewall: adding TTL hop-check on the BGP firewall rules. this makes it a bit more secure on fairly wide open BGP rules 2019-02-05 20:42:36 -08:00
toby b9d53909b8 starting to use ceph on ipv6 as well .... 2019-02-05 20:23:44 -08:00
toby c99727567d frr.conf: setting timers manually that would be set by the --enable-datacenter flag on frr. this way we don't have to compile our own frr. --enable-cumulus at this point only enables and alias for bgp address-family of evpn vs address-family l2vpn evpn. which we don't use anyway or already do it the right way 2019-02-05 19:16:03 -08:00
toby 48abb08b5a setting loopback source IP on all bgp routes for IPv6 as well - did this on ipv4 but may need patching as I wanted to use only the public IP for public routes on IPv4. may still break if for whatever reason it prefers the mgmtgw/ipmigw IP like it just happened on ipv6 2019-02-04 18:09:28 -08:00
toby d8245c2223 limiting lldp to only mgmt interfaces and avoid VMs to see lldp neigh requests 2019-01-30 11:36:56 -08:00
toby 78d6e4d4ff less output on qemu ifup scripts 2019-01-29 22:31:07 -08:00
toby 2af76bb4e8 qemu-ifup/public scritps, replaced dig loopback lookup with ip, for more stability and better all round support for outside of libvirt 2019-01-29 18:51:02 +00:00
toby 39d7830086 IPsec: ipsec.conf config items typoed. auth vs authby need to make sure it does't break but this shuold be the right way 2019-01-24 14:12:41 -08:00
toby c3df5d6f12 just some comments and to test the new signing machinery ... 2019-01-23 14:50:54 -08:00
toby a1d5439422 firewall: allowing ipmi calles to be routed so that VPN clients and other boxes can make calls to ipmi 2019-01-11 18:09:37 +01:00
toby 0de30974af fixing the copyright in debian to be GPLv3 2019-01-09 23:20:40 +01:00
toby 277cd58eaa completely removing grub left overs 2019-01-08 21:00:46 +01:00
toby afdcd416b7 removing ssh-password less which is now default anyway, and also remove grub config which needs to be broken out since it differes on various platforms like arm and s86 2019-01-08 19:11:29 +01:00
toby 643519147d removing grub-pc from dependencies again, PXE has more issues anyway and we wanna work towards the EFI boot options and it bites grub-efi 2019-01-03 15:48:13 +01:00
toby e88b13e51d adding customer interface bgp firewall fules 2019-01-02 22:29:23 +01:00
toby 7468e4fddf more work on customer link support on edges 2019-01-02 22:05:35 +01:00
toby 2a4150aa41 firewall cleanup and organization 2018-12-21 17:41:04 +01:00
toby 83332a7f74 just formatting 2018-12-20 15:28:27 +01:00
toby 6114dffa19 Merge branch 'prometheus-exporters' of netops/wit-network-config into master 2018-12-20 08:21:00 +00:00
Tim Sogard dfa58f6089 Allow hosts to communicate with prometheus exporters 2018-12-20 02:27:37 -05:00
toby fcfdc8b19c mistakenly commited initial work for customer peering. so fixing the problem now by disabling the parts that would break things 2018-12-20 00:01:59 +01:00
toby 279648eeb3 adding frr-pythontools and grub-pc as dependencies 2018-12-19 23:53:35 +01:00
toby d0d6eacce6 adding strongswan-swanctl to the dependencies, this is nice to have 2018-12-12 00:34:21 +01:00
toby 3032bf9edb tweaking threads a bit more 2018-12-09 22:55:54 +01:00
toby 7fb7552c90 firewall: removing upstream NTP and adding bgp rules for edge ibgp links 2018-12-07 23:27:09 +01:00
toby e3fe47275c we now have full support for various components in the repo, so cleaning it up a bit 2018-12-07 18:51:53 +01:00
toby d81c621bd0 ipsec tweaks for stability ... hopefully.... 2018-12-07 18:08:11 +01:00
toby b5710ce2fd fixing bug if no GRE tunnel is defined 2018-12-06 23:19:52 +01:00
toby 4714fb8981 yeah yeah I know I'm anal 2018-12-06 23:12:57 +01:00