diff options
author | Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | 2021-09-13 14:39:08 +0000 |
---|---|---|
committer | Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | 2021-09-13 15:10:49 +0000 |
commit | a8fab3916c0ec8ec7307de636522f4de8849543b (patch) | |
tree | 2e3705465ca2866d5977dd6c10c8da7f1e26ef48 /roles/space_server | |
parent | 30aa929a02402ba58221cbc347fb1580dd79fd32 (diff) | |
download | labitat-ansible-a8fab3916c0ec8ec7307de636522f4de8849543b.tar.gz labitat-ansible-a8fab3916c0ec8ec7307de636522f4de8849543b.tar.xz labitat-ansible-a8fab3916c0ec8ec7307de636522f4de8849543b.zip |
space_server: bond all 3 gigabit ports, and enjoy 3x1G uplink3x1g-bond
Before:
- enp1s0: wan
- enp2s0: lan (with VLANs)
- enp3s0: mgt
Changes in this patch:
- wan is moved to VLAN id 5
- bond0 is created, replacing lan as lower device for VLANs
- mgt config is removed (could be reconfigured as a VLAN, and
made a available on a switch port)
- all 3 ports are enslaved in bond0
From the switch towards the space server load-balance algorithm
src-dst-ip* is used.
From the space server towards the switch L3+L4 is used.
Therefore a single IP pair will always use the same 1G
from the swith to the space server, a client therefore
needs to multiplex over multiple IPs in order to
*) The src-dst-ip algorithm on the switch hasn't been
tested with IPv6 yet. Hopefully we can find a better
switch at some point, so we can include the L4 ports in
the hashing on the switch.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
Diffstat (limited to 'roles/space_server')
-rw-r--r-- | roles/space_server/files/networkd/10-bond0.netdev | 11 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-bond0.network (renamed from roles/space_server/files/networkd/10-lan.network) | 3 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-enp1s0.network (renamed from roles/space_server/files/networkd/10-wan.link) | 4 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-enp2s0.network (renamed from roles/space_server/files/networkd/10-lan.link) | 4 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-enp3s0.network (renamed from roles/space_server/files/networkd/10-mgt.link) | 4 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-mgt.network | 23 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-wan.netdev | 6 | ||||
-rw-r--r-- | roles/space_server/files/networkd/10-wan.network | 3 | ||||
-rw-r--r-- | roles/space_server/files/nftables.service | 2 |
9 files changed, 30 insertions, 30 deletions
diff --git a/roles/space_server/files/networkd/10-bond0.netdev b/roles/space_server/files/networkd/10-bond0.netdev new file mode 100644 index 0000000..824f3f6 --- /dev/null +++ b/roles/space_server/files/networkd/10-bond0.netdev @@ -0,0 +1,11 @@ +[NetDev] +Name=bond0 +Kind=bond + +[Bond] +Mode=802.3ad +LACPTransmitRate=fast +MIIMonitorSec=1s +UpDelaySec=2s +DownDelaySec=8s +TransmitHashPolicy=layer2+3 diff --git a/roles/space_server/files/networkd/10-lan.network b/roles/space_server/files/networkd/10-bond0.network index 1221be8..39695a4 100644 --- a/roles/space_server/files/networkd/10-lan.network +++ b/roles/space_server/files/networkd/10-bond0.network @@ -1,5 +1,5 @@ [Match] -Name=lan +Name=bond0 [Link] ARP=no @@ -11,6 +11,7 @@ IPv6AcceptRA=no LinkLocalAddressing=no LLMNR=no MulticastDNS=no +VLAN=wan VLAN=lan10 VLAN=lan11 VLAN=lan12 diff --git a/roles/space_server/files/networkd/10-wan.link b/roles/space_server/files/networkd/10-enp1s0.network index 47a7270..1395f3a 100644 --- a/roles/space_server/files/networkd/10-wan.link +++ b/roles/space_server/files/networkd/10-enp1s0.network @@ -1,5 +1,5 @@ [Match] Path=pci-0000:01:00.0 -[Link] -Name=wan +[Network] +Bond=bond0 diff --git a/roles/space_server/files/networkd/10-lan.link b/roles/space_server/files/networkd/10-enp2s0.network index 996917e..9a987a6 100644 --- a/roles/space_server/files/networkd/10-lan.link +++ b/roles/space_server/files/networkd/10-enp2s0.network @@ -1,5 +1,5 @@ [Match] Path=pci-0000:02:00.0 -[Link] -Name=lan +[Network] +Bond=bond0 diff --git a/roles/space_server/files/networkd/10-mgt.link b/roles/space_server/files/networkd/10-enp3s0.network index 715f409..a07d57a 100644 --- a/roles/space_server/files/networkd/10-mgt.link +++ b/roles/space_server/files/networkd/10-enp3s0.network @@ -1,5 +1,5 @@ [Match] Path=pci-0000:03:00.0 -[Link] -Name=mgt +[Network] +Bond=bond0 diff --git a/roles/space_server/files/networkd/10-mgt.network b/roles/space_server/files/networkd/10-mgt.network deleted file mode 100644 index d2b34b9..0000000 --- a/roles/space_server/files/networkd/10-mgt.network +++ /dev/null @@ -1,23 +0,0 @@ -[Match] -Name=mgt - -[Link] -RequiredForOnline=no - -[Network] -DHCP=no -IPv6AcceptRA=no -LinkLocalAddressing=no -Address=192.168.112.1/24 -IPForward=ipv4 -DHCPServer=yes -LLMNR=yes -MulticastDNS=yes -LLDP=yes -EmitLLDP=yes - -[DHCPServer] -EmitDNS=yes -DNS=185.38.175.0 -EmitNTP=no -EmitTimezone=yes diff --git a/roles/space_server/files/networkd/10-wan.netdev b/roles/space_server/files/networkd/10-wan.netdev new file mode 100644 index 0000000..ea4d8b4 --- /dev/null +++ b/roles/space_server/files/networkd/10-wan.netdev @@ -0,0 +1,6 @@ +[NetDev] +Name=wan +Kind=vlan + +[VLAN] +Id=5 diff --git a/roles/space_server/files/networkd/10-wan.network b/roles/space_server/files/networkd/10-wan.network index 36b2230..095bcfe 100644 --- a/roles/space_server/files/networkd/10-wan.network +++ b/roles/space_server/files/networkd/10-wan.network @@ -1,6 +1,9 @@ [Match] Name=wan +[Link] +ARP=yes + [Network] DHCP=no IPv6AcceptRA=no diff --git a/roles/space_server/files/nftables.service b/roles/space_server/files/nftables.service index 54efd9c..2bd976f 100644 --- a/roles/space_server/files/nftables.service +++ b/roles/space_server/files/nftables.service @@ -1,6 +1,7 @@ [Unit] Description=Netfilter Tables Documentation=man:nft(8) +Requires=sys-devices-virtual-net-wan.device Requires=sys-devices-virtual-net-lan10.device Requires=sys-devices-virtual-net-lan11.device Requires=sys-devices-virtual-net-lan12.device @@ -10,6 +11,7 @@ Requires=sys-devices-virtual-net-lan15.device Requires=sys-devices-virtual-net-lan20.device Requires=sys-devices-virtual-net-lan21.device Requires=sys-devices-virtual-net-nat64.device +After=sys-devices-virtual-net-wan.device After=sys-devices-virtual-net-lan10.device After=sys-devices-virtual-net-lan11.device After=sys-devices-virtual-net-lan12.device |