From 86b853e6e5bd81d0878cc0684fd5a34e687a750e Mon Sep 17 00:00:00 2001 From: Stefan Hoffmann Date: Wed, 11 May 2016 00:08:06 +0200 Subject: [PATCH] troidorf1 Config Pre-Final --- files/bird-troisdorf1.conf | 28 ++++++++++----- files/bird6-troisdorf1.conf | 28 +++++++++------ files/interfaces-troisdorf1 | 71 +++++++++++++++++++++++++++---------- 3 files changed, 90 insertions(+), 37 deletions(-) diff --git a/files/bird-troisdorf1.conf b/files/bird-troisdorf1.conf index 708bfe5..682386b 100644 --- a/files/bird-troisdorf1.conf +++ b/files/bird-troisdorf1.conf @@ -48,7 +48,7 @@ function is_freifunk() { } filter hostroute { - if net ~ 185.66.193.105/32 then accept; + if net ~ 185.66.193.104/32 then accept; reject; }; @@ -63,22 +63,32 @@ template bgp uplink { }; protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 100.64.2.151; - neighbor 100.64.2.150 as 201701; + source address 100.64.6.13; + neighbor 100.64.6.12 as 201701; }; protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 100.64.2.153; - neighbor 100.64.2.152 as 201701; + source address 100.64.6.19; + neighbor 100.64.6.18 as 201701; }; protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 100.64.2.155; - neighbor 100.64.2.154 as 201701; + source address 100.64.6.17; + neighbor 100.64.6.16 as 201701; }; protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 100.64.2.157; - neighbor 100.64.2.156 as 201701; + source address 100.64.6.23; + neighbor 100.64.6.22 as 201701; +}; + +protocol bgp ffrl_bb_a_fra3_fra from uplink { + source address 100.64.6.15; + neighbor 100.64.6.14 as 201701; +}; + +protocol bgp ffrl_bb_b_fra3_fra from uplink { + source address 100.64.6.21; + neighbor 100.64.6.20 as 201701; }; diff --git a/files/bird6-troisdorf1.conf b/files/bird6-troisdorf1.conf index 633ac39..08566f9 100644 --- a/files/bird6-troisdorf1.conf +++ b/files/bird6-troisdorf1.conf @@ -10,8 +10,6 @@ router id 10.188.255.1; protocol direct { -# interface "*"; # Restrict network interfaces it works with -# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with } @@ -60,23 +58,33 @@ template bgp uplink { protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 2a03:2260:0:155::2; - neighbor 2a03:2260:0:155::1 as 201701; + source address 2a03:2260:0:306::2; + neighbor 2a03:2260:0:306::1 as 201701; } protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 2a03:2260:0:156::2; - neighbor 2a03:2260:0:156::1 as 201701; + source address 2a03:2260:0:309::2; + neighbor 2a03:2260:0:309::1 as 201701; } protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 2a03:2260:0:157::2; - neighbor 2a03:2260:0:157::1 as 201701; + source address 2a03:2260:0:308::2; + neighbor 2a03:2260:0:308::1 as 201701; } protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 2a03:2260:0:158::2; - neighbor 2a03:2260:0:158::1 as 201701; + source address 2a03:2260:0:30b::2; + neighbor 2a03:2260:0:30b::1 as 201701; +} + +protocol bgp ffrl_bb_a_fra3_fra from uplink { + source address 2a03:2260:0:307::2; + neighbor 2a03:2260:0:307::1 as 201701; +} + +protocol bgp ffrl_bb_b_fra3_fra from uplink { + source address 2a03:2260:0:30a::2; + neighbor 2a03:2260:0:30a::1 as 201701; } diff --git a/files/interfaces-troisdorf1 b/files/interfaces-troisdorf1 index 83048a3..1b51546 100644 --- a/files/interfaces-troisdorf1 +++ b/files/interfaces-troisdorf1 @@ -6,10 +6,10 @@ source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback - up ip address add 185.66.193.105/32 dev lo + up ip address add 185.66.193.104/32 dev lo iface lo inet6 loopback - up ip address add 2a03:2260:121::105/48 dev lo + up ip address add 2a03:2260:121::104/48 dev lo # The primary network interface @@ -31,34 +31,34 @@ auto 6to4 # Berlin Router A auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static - address 100.64.2.151 + address 100.64.6.13 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.195.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-a.ak.ber inet6 static - address 2a03:2260:0:155::2/64 + address 2a03:2260:0:306::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 # Berlin Router B auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static - address 100.64.2.153 + address 100.64.6.19 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.195.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-b.ak.ber inet6 static - address 2a03:2260:0:156::2/64 + address 2a03:2260:0:309::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 @@ -66,17 +66,17 @@ iface gre-bb-b.ak.ber inet6 static # Duesseldorf Router A auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static - address 100.64.2.155 + address 100.64.6.17 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.193.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-a.ix.dus inet6 static - address 2a03:2260:0:157::2/64 + address 2a03:2260:0:308::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 @@ -84,16 +84,51 @@ iface gre-bb-a.ix.dus inet6 static # Duesseldorf Router B auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static - address 100.64.2.157 + address 100.64.6.23 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.193.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-b.ix.dus inet6 static - address 2a03:2260:0:158::2/64 + address 2a03:2260:0:30b::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + +# Frankfurt Router A +auto gre-bb-a.ix.dus +iface gre-bb-a.ix.dus inet static + address 100.64.6.15v + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.194.0 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 + post-down ip tunnel del $IFACE + +iface gre-bb-a.ix.dus inet6 static + address 2a03:2260:0:307::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + + +# Frankfurt Router B +auto gre-bb-b.ix.dus +iface gre-bb-b.ix.dus inet static + address 100.64.6.21 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.194.1 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 + post-down ip tunnel del $IFACE + +iface gre-bb-b.ix.dus inet6 static + address 2a03:2260:0:30a::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 \ No newline at end of file