aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAsbjørn Sloth Tønnesen <asbjorn@labitat.dk>2021-09-13 14:39:08 +0000
committerAsbjørn Sloth Tønnesen <asbjorn@labitat.dk>2021-09-13 15:10:49 +0000
commita8fab3916c0ec8ec7307de636522f4de8849543b (patch)
tree2e3705465ca2866d5977dd6c10c8da7f1e26ef48 /roles
parent30aa929a02402ba58221cbc347fb1580dd79fd32 (diff)
downloadlabitat-ansible-a8fab3916c0ec8ec7307de636522f4de8849543b.tar.gz
labitat-ansible-a8fab3916c0ec8ec7307de636522f4de8849543b.tar.xz
labitat-ansible-a8fab3916c0ec8ec7307de636522f4de8849543b.zip
space_server: bond all 3 gigabit ports, and enjoy 3x1G uplink3x1g-bond
Before: - enp1s0: wan - enp2s0: lan (with VLANs) - enp3s0: mgt Changes in this patch: - wan is moved to VLAN id 5 - bond0 is created, replacing lan as lower device for VLANs - mgt config is removed (could be reconfigured as a VLAN, and made a available on a switch port) - all 3 ports are enslaved in bond0 From the switch towards the space server load-balance algorithm src-dst-ip* is used. From the space server towards the switch L3+L4 is used. Therefore a single IP pair will always use the same 1G from the swith to the space server, a client therefore needs to multiplex over multiple IPs in order to *) The src-dst-ip algorithm on the switch hasn't been tested with IPv6 yet. Hopefully we can find a better switch at some point, so we can include the L4 ports in the hashing on the switch. Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
Diffstat (limited to 'roles')
-rw-r--r--roles/space_server/files/networkd/10-bond0.netdev11
-rw-r--r--roles/space_server/files/networkd/10-bond0.network (renamed from roles/space_server/files/networkd/10-lan.network)3
-rw-r--r--roles/space_server/files/networkd/10-enp1s0.network (renamed from roles/space_server/files/networkd/10-wan.link)4
-rw-r--r--roles/space_server/files/networkd/10-enp2s0.network (renamed from roles/space_server/files/networkd/10-lan.link)4
-rw-r--r--roles/space_server/files/networkd/10-enp3s0.network (renamed from roles/space_server/files/networkd/10-mgt.link)4
-rw-r--r--roles/space_server/files/networkd/10-mgt.network23
-rw-r--r--roles/space_server/files/networkd/10-wan.netdev6
-rw-r--r--roles/space_server/files/networkd/10-wan.network3
-rw-r--r--roles/space_server/files/nftables.service2
9 files changed, 30 insertions, 30 deletions
diff --git a/roles/space_server/files/networkd/10-bond0.netdev b/roles/space_server/files/networkd/10-bond0.netdev
new file mode 100644
index 0000000..824f3f6
--- /dev/null
+++ b/roles/space_server/files/networkd/10-bond0.netdev
@@ -0,0 +1,11 @@
+[NetDev]
+Name=bond0
+Kind=bond
+
+[Bond]
+Mode=802.3ad
+LACPTransmitRate=fast
+MIIMonitorSec=1s
+UpDelaySec=2s
+DownDelaySec=8s
+TransmitHashPolicy=layer2+3
diff --git a/roles/space_server/files/networkd/10-lan.network b/roles/space_server/files/networkd/10-bond0.network
index 1221be8..39695a4 100644
--- a/roles/space_server/files/networkd/10-lan.network
+++ b/roles/space_server/files/networkd/10-bond0.network
@@ -1,5 +1,5 @@
[Match]
-Name=lan
+Name=bond0
[Link]
ARP=no
@@ -11,6 +11,7 @@ IPv6AcceptRA=no
LinkLocalAddressing=no
LLMNR=no
MulticastDNS=no
+VLAN=wan
VLAN=lan10
VLAN=lan11
VLAN=lan12
diff --git a/roles/space_server/files/networkd/10-wan.link b/roles/space_server/files/networkd/10-enp1s0.network
index 47a7270..1395f3a 100644
--- a/roles/space_server/files/networkd/10-wan.link
+++ b/roles/space_server/files/networkd/10-enp1s0.network
@@ -1,5 +1,5 @@
[Match]
Path=pci-0000:01:00.0
-[Link]
-Name=wan
+[Network]
+Bond=bond0
diff --git a/roles/space_server/files/networkd/10-lan.link b/roles/space_server/files/networkd/10-enp2s0.network
index 996917e..9a987a6 100644
--- a/roles/space_server/files/networkd/10-lan.link
+++ b/roles/space_server/files/networkd/10-enp2s0.network
@@ -1,5 +1,5 @@
[Match]
Path=pci-0000:02:00.0
-[Link]
-Name=lan
+[Network]
+Bond=bond0
diff --git a/roles/space_server/files/networkd/10-mgt.link b/roles/space_server/files/networkd/10-enp3s0.network
index 715f409..a07d57a 100644
--- a/roles/space_server/files/networkd/10-mgt.link
+++ b/roles/space_server/files/networkd/10-enp3s0.network
@@ -1,5 +1,5 @@
[Match]
Path=pci-0000:03:00.0
-[Link]
-Name=mgt
+[Network]
+Bond=bond0
diff --git a/roles/space_server/files/networkd/10-mgt.network b/roles/space_server/files/networkd/10-mgt.network
deleted file mode 100644
index d2b34b9..0000000
--- a/roles/space_server/files/networkd/10-mgt.network
+++ /dev/null
@@ -1,23 +0,0 @@
-[Match]
-Name=mgt
-
-[Link]
-RequiredForOnline=no
-
-[Network]
-DHCP=no
-IPv6AcceptRA=no
-LinkLocalAddressing=no
-Address=192.168.112.1/24
-IPForward=ipv4
-DHCPServer=yes
-LLMNR=yes
-MulticastDNS=yes
-LLDP=yes
-EmitLLDP=yes
-
-[DHCPServer]
-EmitDNS=yes
-DNS=185.38.175.0
-EmitNTP=no
-EmitTimezone=yes
diff --git a/roles/space_server/files/networkd/10-wan.netdev b/roles/space_server/files/networkd/10-wan.netdev
new file mode 100644
index 0000000..ea4d8b4
--- /dev/null
+++ b/roles/space_server/files/networkd/10-wan.netdev
@@ -0,0 +1,6 @@
+[NetDev]
+Name=wan
+Kind=vlan
+
+[VLAN]
+Id=5
diff --git a/roles/space_server/files/networkd/10-wan.network b/roles/space_server/files/networkd/10-wan.network
index 36b2230..095bcfe 100644
--- a/roles/space_server/files/networkd/10-wan.network
+++ b/roles/space_server/files/networkd/10-wan.network
@@ -1,6 +1,9 @@
[Match]
Name=wan
+[Link]
+ARP=yes
+
[Network]
DHCP=no
IPv6AcceptRA=no
diff --git a/roles/space_server/files/nftables.service b/roles/space_server/files/nftables.service
index 54efd9c..2bd976f 100644
--- a/roles/space_server/files/nftables.service
+++ b/roles/space_server/files/nftables.service
@@ -1,6 +1,7 @@
[Unit]
Description=Netfilter Tables
Documentation=man:nft(8)
+Requires=sys-devices-virtual-net-wan.device
Requires=sys-devices-virtual-net-lan10.device
Requires=sys-devices-virtual-net-lan11.device
Requires=sys-devices-virtual-net-lan12.device
@@ -10,6 +11,7 @@ Requires=sys-devices-virtual-net-lan15.device
Requires=sys-devices-virtual-net-lan20.device
Requires=sys-devices-virtual-net-lan21.device
Requires=sys-devices-virtual-net-nat64.device
+After=sys-devices-virtual-net-wan.device
After=sys-devices-virtual-net-lan10.device
After=sys-devices-virtual-net-lan11.device
After=sys-devices-virtual-net-lan12.device