mans/as205079-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Automatically create wireguard and ibgp mesh between nodes #1

Merged
mans merged 3 commits from new-automation into main 2025-11-09 13:31:40 +00:00
Conversation 0 Commits 3 Files Changed 13 +109 -12
3 changed files with 109 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b5a76b3f10 - Show all commits

63
ansible/config/common.yaml
View File

@@ -1,6 +1,6 @@
asn: 205079 asn: 205079
bgp: bgp: {}
my_as_set: "AS205079:AS-MANS" afis: [4, 6]
ospf: ospf:
default_cost: 100 default_cost: 100
@@ -14,4 +14,61 @@ ospf:
- "2a02:898:0:20::424:1/128" # ColoClue shared subnet IP - "2a02:898:0:20::424:1/128" # ColoClue shared subnet IP
- "2a02:898:424::/48+" # ColoClue space - "2a02:898:424::/48+" # ColoClue space
afis: [4, 6] routers:
"rtr1.nlams1":
fqdn: rtr1.nlams1.as205079.net
ipv4: 94.142.240.55
ipv6: 2001:678:10ec:2201::1
site_name: "NLAMS1"
site_id: 2
graceful_shutdown: false
maintenance_mode: false
"rtr1.nlape1":
fqdn: rtr1.nlape1.as205079.net
ipv4: 194.28.98.155
ipv6: 2001:678:10ec:3201::1
site_name: "NLAPE1"
site_id: 3
graceful_shutdown: false
maintenance_mode: false
"rtr1.nlwie1":
fqdn: rtr1.nlwie1.as205079.net
pub_ipv4: 86.94.191.237
ipv4: 10.20.10.23 # router is behind NAT
ipv6: 2001:678:10ec:1201::1
site_name: "NLWIE1"
site_id: 1
graceful_shutdown: false
maintenance_mode: false
ixp_map:
bgpexch_amsterdam:
pdb_id: 3822
ipv6_prefix: 2a0e:8f01:1000:11::/64
present_on:
- rtr1.nlape1
bgpexch_berlin:
pdb_id: 4842
ipv6_prefix: 2a0e:8f01:1000:13::/64
present_on:
- rtr1.nlape1
bgpexch_dusseldorf:
pdb_id: 3844
ipv6_prefix: 2a0e:8f01:1000:46::/64
present_on:
- rtr1.nlape1
bgpexch_frankfurt:
pdb_id: 3829
ipv6_prefix: 2a0e:8f01:1000:24::/64
present_on:
- rtr1.nlape1
bgpexch_london:
pdb_id: 3821
ipv6_prefix: 2a0e:8f01:1000:10::/64
present_on:
- rtr1.nlape1
locix:
pdb_id: 2601
ipv6_prefix: 2a0c:b641:700::/64
present_on:
- rtr1.nlape1

3
ansible/config/rtr1.nlams1.as205079.net.yaml
View File

@@ -39,9 +39,6 @@ interfaces:
- nic: "loop0" - nic: "loop0"
description: "Loopback interface" description: "Loopback interface"
stub: true stub: true
# - nic: "eno1"
# description: "Uplink"
# stub: true
- nic: "INT-RTR1NLAPE1" - nic: "INT-RTR1NLAPE1"
- nic: "INT-RTR1NLWIE1" - nic: "INT-RTR1NLWIE1"
- nic: "vmbr1" - nic: "vmbr1"

43
docs/roadmap.md Normal file
View File

@@ -0,0 +1,43 @@
# Roadmap for AS205079
- [ ] Self-service peering portal
- [x] PeeringDB DB sync
- [ ] Bandwidth monitoring/ flow logging
- [ ] Pmacct deployment
- [ ] Akvorado deployment
- [ ] SNMP?
- [ ] Better automation
- [ ] Rewrite Bird2 config
- [ ] Simpler ansible config
- [ ] Looking glass
- [ ] Authoritative DNS
- [ ] PowerDNS deployment
- [ ] nsedit deployment
- [ ] Migrate domains
- [ ] NTP server
- [ ] Web server
- [ ] Looking glass
- [x] Write LG v1
- [ ] Improve security
- [x] Proxmox firewall
- [ ] VM firewall
- nftables or iptables?
- statefull or stateless
- [ ] Move away from gre?
- Key auth?
- Wireguard?
- [ ] Backups
- [ ] Replace home firewall
- Host HAProxy elsewhere?
- Move away from L4 LB?
- [ ] RDS server
- [ ] Anycast important services
- [ ] OSPF anycast
- [ ] Web server
- [ ] Auth DNS
- [ ] Find ifupdown2 alternative?
- Solve issues with ifupdown2
- [ ] FastNetMon deployment
- [ ] Alerting
- [ ] Dropping traffic from source-ip
- [ ] Blackholing at transit