| Age | Commit message (Collapse) | Author |
|---|
|
Duplicate all customer BGP sessions, so that there
is one with the old prefix, and one with the new one.
This enables everyone to migrate to the new IP addresses
at their own pace.
Once the migration has been completed, we will remove the
old sessions.
Applied on 2025-04-25.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
Prefix kindly provided by FreeTransit / OpenFactory
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
Prefix kindly provided by Kracon ApS (Svenne)
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
Prefix kindly provided by Toke
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
|
|
|
|
..and let it do its own mDNS
|
|
This host doesn't seem to respond to pings and the MAC address is a
duplicate of snakeskin.s
|
|
This completes the split of Labicolo into two networks.
Henceforth we have two Labicolo network, and any two
Labicolo nodes on different parts of the network will
have to join LabIX, if they want to peer.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
I want to split Labicolo up in two networks, since
it is a bit silly that we have a internet exchange
prefix allocation, when all members of the IX are
already connected to the same layer 2 network, when
they all have transit through the same network.
Therefore by splitting Labicolo into 2 networks,
we ensure that there is a need for the internet
exchange, since not all nodes are able to talk
directly to eachother over the transit layer 2
network.
Since it would be a bit excessive to allocate another
/26 to Labicolo, thereby using half of our IPv4 space
for Labicolo.
This patch reduces the the current Labicolo network to
a /27 network, a subsequent patch will then add a
second Labicolo network with the other /27 network.
The only issue here is that Labicolo machines, which
haven't been updated to have a /27 netmask, will not
be able to reach endpoints in 185.38.175.96/27, before
they fix their netmask.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
|
[esmil: add otbm as a regular user]
|
|
[esmil: call the script just reboot-graceful]
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
Signed-off-by: Emil Renner Berthing <esmil@labitat.dk>
|
|
Finally got around to recreate #51
Co-authored-by: DBras danielbrasholt@gmail.com
|
|
|
|
|
|
|
|
|
|
RIP :(
|
|
RIP :(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
..and add Fiberby's time server as backup too.
|
|
|
|
|
|
Mushbie reports that Windows complains about out of date certificates
even when certbot is running fine, so try restarting radiusd on new
certificates rather than just telling it to reload its configuration.
|
|
|
|
systemd mechanics reworked by Esmil
Co-developed-by: Emil Renner Berthing <esmil@labitat.dk>
|
|
|
|
|
|
|
|
..just reload configuration gracefully with 'configure soft'
|
|
Just so that Esmil can test his Ansible changes.
|
|
Use ipaddress/pxlen{low,high} syntax to allow all
/48 prefixes that are covered by 2a10:2a80::/29.
https://bird.network.cz/?get_doc&v=20&f=bird-5.html#type-set
|
|
|
|
|
|
..to make sure we keep ip addresses in sync everywhere
|
|
This allows us to look up info on specific hosts without searching
through the whole list.
|
|
..to provide space.s alias
|
|
Add new prefix 2a0e:8f02:2190::/48
|
|
..which doesn't work now that wan is a vlan on
bonded interface.
|
|
Before:
- enp1s0: wan
- enp2s0: lan (with VLANs)
- enp3s0: mgt
Changes in this patch:
- wan is moved to VLAN id 5
- bond0 is created, replacing lan as lower device for VLANs
- mgt config is removed (could be reconfigured as a VLAN, and
made a available on a switch port)
- all 3 ports are enslaved in bond0
From the switch towards the space server load-balance algorithm
src-dst-ip* is used.
From the space server towards the switch L3+L4 is used.
Therefore a single IP pair will always use the same 1G
from the swith to the space server, a client therefore
needs to multiplex over multiple IPs in order to
*) The src-dst-ip algorithm on the switch hasn't been
tested with IPv6 yet. Hopefully we can find a better
switch at some point, so we can include the L4 ports in
the hashing on the switch.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
|
