From 80c6cf0de448f8fdf10c1e4be82cc7e0ef42abc5 Mon Sep 17 00:00:00 2001 From: Hafnium Date: Tue, 11 Oct 2022 20:17:39 +0200 Subject: space_server: networkd: add LocIX connection systemd mechanics reworked by Esmil Co-developed-by: Emil Renner Berthing --- roles/space_server/files/networkd/10-locix.sysctl | 25 +++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 roles/space_server/files/networkd/10-locix.sysctl (limited to 'roles/space_server/files/networkd/10-locix.sysctl') diff --git a/roles/space_server/files/networkd/10-locix.sysctl b/roles/space_server/files/networkd/10-locix.sysctl new file mode 100644 index 0000000..e28f743 --- /dev/null +++ b/roles/space_server/files/networkd/10-locix.sysctl @@ -0,0 +1,25 @@ +# From https://www.ams-ix.net/ams/documentation/config-guide +# file: /etc/sysctl.conf +# These settings should be duplicated for all interfaces that are +# on a peering LAN. + +# Fix the "promiscuous ARP" thing... +net.ipv4.conf.locix.arp_ignore=1 +net.ipv4.conf.locix.arp_announce=1 + +# Turn off RP filtering to allow asymmetric routing +net.ipv4.conf.locix.rp_filter=0 + +# Multiple (non-aggregated) interfaces on the same peering LAN +# READ THE MANUAL FIRST! +#net.ipv4.conf.ifname.arp_filter=1 + +# Keep the IX ARP Police happy :-) +net.ipv4.neigh.locix.base_reachable_time_ms=14400000 +net.ipv6.neigh.locix.base_reachable_time_ms=14400000 + +# No redirects +net.ipv4.conf.locix.accept_redirects=0 +net.ipv4.conf.locix.secure_redirects=0 +net.ipv4.conf.locix.send_redirects=0 +net.ipv6.conf.locix.accept_redirects=0 -- cgit v1.2.1