Task #7180
Updated by Nico Schottelius about 5 years ago
* router1-new is up and running
h2. Steps
* Verify / update cdist configuration
* Checkout IP configuration
** Add VRRP IPs to loopback interface (will be used instead of keepalived)
* Verify sysctl configuration
* Rerun cdist, exclude announcing of routes
* Adjust radvd configuration
** lower interval
** lower life time
h2. cdist configuration
Was written for Devuan/keepalived. Need to check step-by-step.
* __ungleich_bgp_router: *TEMPFIX*
** contains static route announcements
** can only be used once the upstream networking is verified
* __dcl_node_exporter: still makes sense
** Is debian/devuan specific, needs changes
* __ungleich_ipv6_radvd --config router-$dc
** 80% done
** restart needs to be implemented
* __ungleich_nftables --config router-$dc
* --__dcl_router_resolvconf --search-path "$d"--: done
** no changes required
* __dcl_tftp_http_pxe_bootserver
** ok, needs to be tested for alpine
** needs to be updated for ipv6 only boot
** could be moved to APUs
* -require="__dcl_router_network" __dcl_router_keepalived --master-: done
** Needs to be ported to loopback + bgp
** -commented out statement for place6 routers-: done
* __dcl_router_network --ipsuffix 5
** Need to add keepalived IPs
* # __dcl_nat64 --mtu 9000
h2. Networking
* Update interfaces for alpine
** -place6-
** place5
h2. Implementing virtual IPs with BGP
* Announce the IPv6/128 IPv4/32 address
** Or network alone is enough?
* -Add the addresses to the loopback interface-: done
** all done locally on router1-new
** Needs to be put back into cdist
* Add addresses for place5
h2. Firewalling
h2. Change router advertisements
We will have 2 active routers now with both advertising with radvd at the same time.
This is part of replacing keepalived.
* -Change router advertisement lifetime to 10 seconds-
* -Change advertisement interval to 3..5-
* Modify cdist type to restart/reload radvd on changes
<pre>
MinRtrAdvInterval 3;
MaxRtrAdvInterval 5;
AdvDefaultLifetime 10;
</pre>
h2. Switch configuration
* Switches *might* need ipv4 bgp peering for providing virtual IPv4 address support
* Don't see traffic on router1-new from upstream
** Need to verify trunk configuration on switches
<pre>
switch5-place6(config)#vlan 100
switch5-place6(config-vlan-100)#name netstream
switch5-place6(config-vlan-100)#write
Copy completed successfully.
switch6-place6#configure
switch6-place6(config)#vlan 100
switch6-place6(config-vlan-100)#name netstream
switch6-place6(config-vlan-100)#write
Copy completed successfully.
</pre>
h2. Building jool
Requirements:
<pre>
apk add alpine-sdk
apk add libnl3-dev
apk add iptables-dev
apk add linux-vanilla-dev
</pre>
Build:
<pre>
wget https://github.com/NICMx/Jool/releases/download/v4.0.1/jool_4.0.1.tar.gz
tar xvfz jool_4.0.1.tar.gz
cd jool-4.0.1/
./configure && make
</pre>
Last encountered error:
<pre>
gcc -DPACKAGE_NAME=\"Jool\" -DPACKAGE_TARNAME=\"jool\" -DPACKAGE_VERSION=\"4.0.1\" -DPACKAGE_STRING=\"Jool\ 4.0.1\" -DPACKAGE_BUGREPORT=\"jool@nic.mx\" -DPACKAGE_URL=\"\" -DPACKAGE=\"jool\" -DVERSION=\"4.0.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_ARPA_INET_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_UNISTD_H=1 -DHAVE__BOOL=1 -DHAVE_INET_NTOA=1 -DHAVE_MEMSET=1 -DHAVE_STRCASECMP=1 -DHAVE_STRTOL=1 -DHAVE_POW=1 -I. -Wall -O2 -I./../../ -I/usr/include/libnl3 -g -O2 -MT ../common/jool_siit-wargp.o -MD -MP -MF ../common/.deps/jool_siit-wargp.Tpo -c -o ../common/jool_siit-wargp.o `test -f '../common/wargp.c' || echo './'`../common/wargp.c
In file included from ../common/wargp.c:1:
../common/wargp.h:4:10: fatal error: argp.h: No such file or directory
4 | #include <argp.h>
| ^~~~~~~~
compilation terminated.
make[2]: *** [Makefile:813: ../common/jool_siit-wargp.o] Error 1
make[2]: Leaving directory '/root/jool-4.0.1/src/usr/siit'
make[1]: *** [Makefile:318: all-recursive] Error 1
make[1]: Leaving directory '/root/jool-4.0.1/src/usr'
make: *** [Makefile:344: all-recursive] Error 1
</pre>