rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
network/roles
History
Timotej Lazar 5a9f0ac26a exit: strip own AS prefix from routes received by firewalls 
For some reason routes with own ASN are not imported into default VRF.
Maybe also others. These routes forward packets through the firewalls.
As long as both exits are up this is not a problem, because routes
going to peer exit don’t include this exit’s own ASN.

If the peer goes down, all remaining routes sent by firewalls have our
own ASN and are not imported into default VRF, so L3 servers lose
connectivity to internal networks.

If the exit strips own ASN from received routes, importing works OK.
We strip both our and peer’s ASNs to keep path lengths the same.

This has involved an indecent amount of poking knobs and knobbing
pokes and it might cause other issues elsewhere.
2024-09-21 16:32:28 +02:00
..
access access: add voice VLAN support 2024-09-01 10:37:11 +02:00
exit exit: strip own AS prefix from routes received by firewalls 2024-09-21 16:32:28 +02:00
fabric exit: enable forwarding directed broadcasts for WoL 2024-09-18 14:27:30 +02:00
facts/tasks exit: support custom VRF imports 2024-07-15 14:22:42 +02:00
firewall firewall: add convenience nftables set for AD ports 2024-09-19 16:25:51 +02:00
leaf Query prefixes once for all hosts 2024-04-28 12:14:05 +02:00
spine Initial commit, squashed 2023-12-18 12:55:47 +01:00