FRI servers

These Ansible roles set up servers running various Linux distributions to participate in BGP routing. Device and IP address data are pulled from NetBox. A separate VRF mgmt is configured for a L2 management interface.

This project is licensed under 0BSD.

Setup

Each physical server should have the following information recorded in NetBox:

• network interfaces mgmt*: used for management (Ansible) access; must define MAC and IP address
• network interfaces lan*: used for BGP routing; must define MAC address
• network interface lo: must define the IP address to announce over BGP, also serves as router ID

For virtual machines, network interfaces should be named as in the hypervisor. In Proxmox, this is typically net*.

MAC addresses are used to rename interfaces in the host OS. Prefix for the management IP address should define the gateway custom field.

For Windows hosts the platform must be defined in NetBox to configure connection parameters.

All inbound traffic to devices and VMs is dropped by default. To allow requests to one or more ports for a device or VM, define in NetBox appropriate services with the custom fields allowed_{ips,prefixes,vlans,clusters}. If no limits are given, the service is open to everyone.

Run

Create a read-only token in NetBox. Define required variables:

export NETBOX_API=<url>
export NETBOX_TOKEN=<token>

Run one-off tasks with (add --key-file or other options as necessary):

ansible -m ping 'server-*'

Run a playbook with:

ansible-playbook setup.yml -l 'server-*'