freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Use link-local IPv6 address for BGP Peering

Browse source
This commit is contained in:
Tobias Hachmer 2019-03-25 20:22:55 +01:00
parent 59045bc400
commit 6cc9776c66
No known key found for this signature in database
GPG key ID: E112788464CA5C60
5 changed files with 3 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
inventory/group_vars/all
View file

@ -40,169 +40,141 @@ bgp_groups:
wireguard_networks: wireguard_networks:
- ipv4: 10.87.253.0/31 - ipv4: 10.87.253.0/31
ipv6: fd86:b4dc:4b1e:fd::/127
peers: peers:
- lotuswurzel - lotuswurzel
- spinat - spinat
port: 50000 port: 50000
- ipv4: 10.87.253.2/31 - ipv4: 10.87.253.2/31
ipv6: fd86:b4dc:4b1e:fd::2/127
peers: peers:
- lotuswurzel - lotuswurzel
- wasserfloh - wasserfloh
port: 50001 port: 50001
- ipv4: 10.87.253.4/31 - ipv4: 10.87.253.4/31
ipv6: fd86:b4dc:4b1e:fd::4/127
peers: peers:
- lotuswurzel - lotuswurzel
- uffschnitt - uffschnitt
port: 50002 port: 50002
- ipv4: 10.87.253.6/31 - ipv4: 10.87.253.6/31
ipv6: fd86:b4dc:4b1e:fd::6/127
peers: peers:
- lotuswurzel - lotuswurzel
- ingwer - ingwer
port: 50003 port: 50003
- ipv4: 10.87.253.8/31 - ipv4: 10.87.253.8/31
ipv6: fd86:b4dc:4b1e:fd::8/127
peers: peers:
- spinat - spinat
- wasserfloh - wasserfloh
port: 50004 port: 50004
- ipv4: 10.87.253.10/31 - ipv4: 10.87.253.10/31
ipv6: fd86:b4dc:4b1e:fd::a/127
peers: peers:
- spinat - spinat
- uffschnitt - uffschnitt
port: 50005 port: 50005
- ipv4: 10.87.253.12/31 - ipv4: 10.87.253.12/31
ipv6: fd86:b4dc:4b1e:fd::c/127
peers: peers:
- spinat - spinat
- ingwer - ingwer
port: 50006 port: 50006
- ipv4: 10.87.253.14/31 - ipv4: 10.87.253.14/31
ipv6: fd86:b4dc:4b1e:fd::e/127
peers: peers:
- ingwer - ingwer
- wasserfloh - wasserfloh
port: 50007 port: 50007
- ipv4: 10.87.253.16/31 - ipv4: 10.87.253.16/31
ipv6: fd86:b4dc:4b1e:fd::10/127
peers: peers:
- wasserfloh - wasserfloh
- uffschnitt - uffschnitt
port: 50008 port: 50008
- ipv4: 10.87.253.18/31 - ipv4: 10.87.253.18/31
ipv6: fd86:b4dc:4b1e:fd::12/127
peers: peers:
- ingwer - ingwer
- uffschnitt - uffschnitt
port: 50009 port: 50009
- ipv4: 10.87.253.20/31 - ipv4: 10.87.253.20/31
ipv6: fd86:b4dc:4b1e:fd::14/127
peers: peers:
- lotuswurzel - lotuswurzel
- kichererbse - kichererbse
port: 50010 port: 50010
- ipv4: 10.87.253.22/31 - ipv4: 10.87.253.22/31
ipv6: fd86:b4dc:4b1e:fd::16/127
peers: peers:
- spinat - spinat
- kichererbse - kichererbse
port: 50011 port: 50011
- ipv4: 10.87.253.24/31 - ipv4: 10.87.253.24/31
ipv6: fd86:b4dc:4b1e:fd::18/127
peers: peers:
- wasserfloh - wasserfloh
- kichererbse - kichererbse
port: 50012 port: 50012
- ipv4: 10.87.253.26/31 - ipv4: 10.87.253.26/31
ipv6: fd86:b4dc:4b1e:fd::1a/127
peers: peers:
- uffschnitt - uffschnitt
- kichererbse - kichererbse
port: 50013 port: 50013
- ipv4: 10.87.253.28/31 - ipv4: 10.87.253.28/31
ipv6: fd86:b4dc:4b1e:fd::1c/127
peers: peers:
- ingwer - ingwer
- kichererbse - kichererbse
port: 50014 port: 50014
- ipv4: 10.87.253.30/31 - ipv4: 10.87.253.30/31
ipv6: fd86:b4dc:4b1e:fd::1e/127
peers: peers:
- lotuswurzel - lotuswurzel
- suesskartoffel - suesskartoffel
port: 50015 port: 50015
- ipv4: 10.87.253.32/31 - ipv4: 10.87.253.32/31
ipv6: fd86:b4dc:4b1e:fd::20/127
peers: peers:
- spinat - spinat
- suesskartoffel - suesskartoffel
port: 50016 port: 50016
- ipv4: 10.87.253.34/31 - ipv4: 10.87.253.34/31
ipv6: fd86:b4dc:4b1e:fd::22/127
peers: peers:
- ingwer - ingwer
- suesskartoffel - suesskartoffel
port: 50017 port: 50017
- ipv4: 10.87.253.36/31 - ipv4: 10.87.253.36/31
ipv6: fd86:b4dc:4b1e:fd::24/127
peers: peers:
- wasserfloh - wasserfloh
- suesskartoffel - suesskartoffel
port: 50018 port: 50018
- ipv4: 10.87.253.38/31 - ipv4: 10.87.253.38/31
ipv6: fd86:b4dc:4b1e:fd::26/127
peers: peers:
- uffschnitt - uffschnitt
- suesskartoffel - suesskartoffel
port: 50019 port: 50019
- ipv4: 10.87.253.40/31 - ipv4: 10.87.253.40/31
ipv6: fd86:b4dc:4b1e:fd::28/127
peers: peers:
- kichererbse - kichererbse
- suesskartoffel - suesskartoffel
port: 50020 port: 50020
- ipv4: 10.87.253.42/31 - ipv4: 10.87.253.42/31
ipv6: fd86:b4dc:4b1e:fd::2a/127
peers: peers:
- ingwer - ingwer
- linse - linse
port: 50021 port: 50021
- ipv4: 10.87.253.44/31 - ipv4: 10.87.253.44/31
ipv6: fd86:b4dc:4b1e:fd::2c/127
peers: peers:
- lotuswurzel - lotuswurzel
- linse - linse
port: 50022 port: 50022
- ipv4: 10.87.253.46/31 - ipv4: 10.87.253.46/31
ipv6: fd86:b4dc:4b1e:fd::2e/127
peers: peers:
- spinat - spinat
- linse - linse
port: 50023 port: 50023
- ipv4: 10.87.253.48/31 - ipv4: 10.87.253.48/31
ipv6: fd86:b4dc:4b1e:fd::30/127
peers: peers:
- uffschnitt - uffschnitt
- linse - linse
port: 50024 port: 50024
- ipv4: 10.87.253.50/31 - ipv4: 10.87.253.50/31
ipv6: fd86:b4dc:4b1e:fd::32/127
peers: peers:
- wasserfloh - wasserfloh
- linse - linse
port: 50025 port: 50025
- ipv4: 10.87.253.52/31 - ipv4: 10.87.253.52/31
ipv6: fd86:b4dc:4b1e:fd::34/127
peers: peers:
- suesskartoffel - suesskartoffel
- linse - linse
port: 50026 port: 50026
- ipv4: 10.87.253.54/31 - ipv4: 10.87.253.54/31
ipv6: fd86:b4dc:4b1e:fd::36/127
peers: peers:
- kichererbse - kichererbse
- linse - linse

2
roles/network-routing/templates/ffmwu-add-static-routes.sh.j2
View file

@ -6,10 +6,8 @@
{% for network in my_wireguard_networks %} {% for network in my_wireguard_networks %}
{% if magic < network.remote_magic %} {% if magic < network.remote_magic %}
/sbin/ip -4 route add {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('address') }} table mwu /sbin/ip -4 route add {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('address') }} table mwu
/sbin/ip -6 route add {{ network.ipv6 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv6 | ipaddr('network') }} table mwu
{% else %} {% else %}
/sbin/ip -4 route add {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('1') | ipaddr('address') }} table mwu /sbin/ip -4 route add {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('1') | ipaddr('address') }} table mwu
/sbin/ip -6 route add {{ network.ipv6 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv6 | ipaddr('1') | ipaddr('address') }} table mwu
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if server_type == 'gateway' or server_type == 'monitoring' %} {% if server_type == 'gateway' or server_type == 'monitoring' %}

2
roles/network-routing/templates/ffmwu-del-static-routes.sh.j2
View file

@ -6,10 +6,8 @@
{% for network in my_wireguard_networks %} {% for network in my_wireguard_networks %}
{% if magic < network.remote_magic %} {% if magic < network.remote_magic %}
/sbin/ip -4 route del {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('address') }} table mwu /sbin/ip -4 route del {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('address') }} table mwu
/sbin/ip -6 route del {{ network.ipv6 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv6 | ipaddr('network') }} table mwu
{% else %} {% else %}
/sbin/ip -4 route del {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('1') | ipaddr('address') }} table mwu /sbin/ip -4 route del {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('1') | ipaddr('address') }} table mwu
/sbin/ip -6 route del {{ network.ipv6 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv6 | ipaddr('1') | ipaddr('address') }} table mwu
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if server_type == 'gateway' or server_type == 'monitoring' %} {% if server_type == 'gateway' or server_type == 'monitoring' %}

10
roles/service-bird/templates/mwu_ipv6_peers.conf.j2
View file

@ -4,13 +4,9 @@
{% for network in my_wireguard_networks %} {% for network in my_wireguard_networks %}
protocol bgp mwu_{{ network.remote }} from ibgp_mwu { protocol bgp mwu_{{ network.remote }} from ibgp_mwu {
{% if magic < network.remote_magic %} interface "wg-{{ network.remote[:11] }}";
source address {{ network.ipv6 | ipaddr('network') }}; source address {{ 'fe80::/64' | ipaddr(magic) | ipaddr('address') }};
neighbor {{ network.ipv6 | ipaddr('1') | ipaddr('address') }} as mwu_as; neighbor {{ 'fe80::/64' | ipaddr(network.remote_magic) | ipaddr('address') }} as mwu_as;
{% else %}
source address {{ network.ipv6 | ipaddr('1') | ipaddr('address') }};
neighbor {{ network.ipv6 | ipaddr('network') }} as mwu_as;
{% endif %}
}; };
{% endfor %} {% endfor %}

2
roles/wireguard/templates/wireguard.j2
View file

@ -12,10 +12,8 @@ iface wg-{{ network.remote[:11] }}
ipv6-addrgen off ipv6-addrgen off
{% if magic < network.remote_magic %} {% if magic < network.remote_magic %}
address {{ network.ipv4 | ipaddr('ip/prefix') }} address {{ network.ipv4 | ipaddr('ip/prefix') }}
address {{ network.ipv6 | ipaddr('ip/prefix') }}
{% else %} {% else %}
address {{ network.ipv4 | ipaddr('1') | ipaddr('ip/prefix') }} address {{ network.ipv4 | ipaddr('1') | ipaddr('ip/prefix') }}
address {{ network.ipv6 | ipaddr('1') | ipaddr('ip/prefix') }}
{% endif %} {% endif %}
address {{ 'fe80::/64' | ipaddr(magic) | ipaddr('ip/prefix') }} address {{ 'fe80::/64' | ipaddr(magic) | ipaddr('ip/prefix') }}
pre-up ip link add dev $IFACE type wireguard pre-up ip link add dev $IFACE type wireguard