---
tags:
  - work
---
[[GroupVPS Migration]]

API:
- Prepare subnet : cidr
- Migrate IP
	- os set allowed address pair
	- tun src: add /32 
- Migrate gateway

Kevin meet:
tunnel-dst vm in openstack
tunnel-src hardware ding
puppet op tunnels

stap 1 paars = api doet: op os router route voor elk ip in subnet aanmaken en proxy arp shit per subnet. AllowedAddrPair op port tunnel-dst. In eerste instantie gewoon alle IPs uit het subnet toevoegen.

Beide IPv4 en IPv6 (6 kan iets later)

Alle stappen moeten reversable zijn.

stap 2 roze: test vm, routes op os verwijderen, op src net toevoegen
stap 3 geel: switch network naar openstack, switch gateway ip

# Meeting @ 23 jun 2025

*cidr/24 subnet scope link maybe monitor for its existence.*

To handle failover the static routes we configure on the tunnel-dst should not have a nexthop, but a nexthop id. This points the route to a virtual nexthop - if it is updated, all routes pointing to that are updated.

`ip route add 192.168.0.1/32 nhid 1`

tunnel-src also just add ip routes
failover: just periodically cmp route and push diff

![[Pasted image 20250623162525.png]]


```
#!/bin/sh

# Check all /32 for migrated networks
(ip r; ip -6 r) | grep -E "dev wg. (scope link|metric)" | cut -d ' ' -f1 | grep -v default | sort >/tmp/A
sort routes-in-dst.txt >/tmp/B
for X in $(comm -13 /tmp/A /tmp/B); do echo ip route add $X dev wg0; done
for X in $(comm -23 /tmp/A /tmp/B); do echo ip route del $X dev wg0; done

# Check for missing IPv6 proxy NDP entries
ip -6 neigh show proxy | cut -d ' ' -f1 | sort >/tmp/A
grep -F : routes-in-dst.txt | sort >/tmp/B
for X in $(comm -13 /tmp/A /tmp/B); do echo ip -6 neigh add proxy $X dev vrrp.98; done
```