blob: d567ab5866b40187a7ad1a5ed0655e6fbe058e05 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
---
tags:
- work
---
[[GroupVPS Migration]]
API:
- Prepare subnet : cidr
- Migrate IP
- os set allowed address pair
- tun src: add /32
- Migrate gateway
Kevin meet:
tunnel-dst vm in openstack
tunnel-src hardware ding
puppet op tunnels
stap 1 paars = api doet: op os router route voor elk ip in subnet aanmaken en proxy arp shit per subnet. AllowedAddrPair op port tunnel-dst. In eerste instantie gewoon alle IPs uit het subnet toevoegen.
Beide IPv4 en IPv6 (6 kan iets later)
Alle stappen moeten reversable zijn.
stap 2 roze: test vm, routes op os verwijderen, op src net toevoegen
stap 3 geel: switch network naar openstack, switch gateway ip
# Meeting @ 23 jun 2025
*cidr/24 subnet scope link maybe monitor for its existence.*
To handle failover the static routes we configure on the tunnel-dst should not have a nexthop, but a nexthop id. This points the route to a virtual nexthop - if it is updated, all routes pointing to that are updated.
`ip route add 192.168.0.1/32 nhid 1`
tunnel-src also just add ip routes
failover: just periodically cmp route and push diff
![[Pasted image 20250623162525.png]]
```
#!/bin/sh
# Check all /32 for migrated networks
(ip r; ip -6 r) | grep -E "dev wg. (scope link|metric)" | cut -d ' ' -f1 | grep -v default | sort >/tmp/A
sort routes-in-dst.txt >/tmp/B
for X in $(comm -13 /tmp/A /tmp/B); do echo ip route add $X dev wg0; done
for X in $(comm -23 /tmp/A /tmp/B); do echo ip route del $X dev wg0; done
# Check for missing IPv6 proxy NDP entries
ip -6 neigh show proxy | cut -d ' ' -f1 | sort >/tmp/A
grep -F : routes-in-dst.txt | sort >/tmp/B
for X in $(comm -13 /tmp/A /tmp/B); do echo ip -6 neigh add proxy $X dev vrrp.98; done
```
|
