# This is the configuration file to use an enterprise multihomed setup in # Gentoo. # # Unlike the home ISP dusl-homed setup example, we do not have large sets of # netblocks that we must reach via a specific interface. # # Author: Robin H. Johnson # # Censored: # --------- # LA.NN.ET.xx = LAN network range, RFC1918 # PU.BN.ET.xx = Public network range # PR.IV.AD.DR = OOB admin address # PR.IV.AD.NT = OOB admin network # PR.IV.AD.GW = OOB admin gateway # BG.PN.T1.xx = first BGP network # BG.PO.OB.xx = BGP OOB admin network, not internet reachable # # Interfaces: # ----------- # bond0 -> LAN # eth0 -> WAN, OOB admin network # eth1 -> WAN, public services # eth2 -> slave in bond0 # eth3 -> slave in bond0 # eth4 -> nothing # eth5 -> WAN, BGP peering & BGP OOB # # Logic: # ------ # 1. Traffic bound to a specific address stays on that address. # 2. For non-specific traffic, pick the first available: # 2.1. (4xx) Public services (eth1) # 2.2. (5xx) OOB admin (eth0) # 2.3. (6xx) BGP network (eth5) # 2.5. (7xx) LAN (bond0) # # Contents of /etc/iproute2/rt_tables # ----------------------------------- # 255 local # 254 main # 253 default # 0 unspec # 1 internal # 2 oob # 3 external # 4 bgp # # Prefer iproute2 over ifconfig modules=( "iproute2" ) config_bond0=( "LA.NN.ET.51/24" ) slaves_bond0="eth2 eth3" RC_NEED_bond0="net.eth2 net.eth3" config_eth0=( "PR.IV.AD.DR/27" ) config_eth1=( "PU.BN.ET.51/24" ) config_eth2=( "null" ) config_eth3=( "null" ) config_eth4=( "null" ) config_eth5=( "BG.PN.T1.22/30" "BG.PO.OB.190/30" ) # jumbo packets everywhere # we do PMTU instead mtu_eth0="9000" mtu_eth1="9000" mtu_eth2="9000" mtu_eth3="9000" mtu_eth4="9000" mtu_eth5="1500" mtu_bond0="9000" # Routing routes_bond0=( "LA.NN.ET.0/8 dev bond0 table internal scope link" "default via LA.NN.ET.2 dev bond0 table internal" ) routes_eth0=( "PR.IV.AD.NT/27 dev eth0 table oob scope link" "default via PR.IV.AD.GW dev eth0 table oob mtu 1500" ) routes_eth1=( "PU.BN.ET.0/24 dev eth1 table external scope link" "default via PU.BN.ET.1 dev eth1 table external mtu 1500" ) routes_eth5=( "BG.PN.T1.21/30 dev eth5 table bgp scope link" "default via BG.PN.T1.21 dev eth5 table bgp" ) # Route priority handling rules_bond0=( "from LA.NN.ET.0/24 table internal priority 700 dev bond0" "to LA.NN.ET.0/24 table internal priority 750 dev bond0" ) rules_eth0=( "from PR.IV.AD.NT/27 table oob priority 500" "to PR.IV.AD.NT/27 table oob priority 550" ) rules_eth1=( "from PU.BN.ET.0/24 table external priority 400" "to PU.BN.ET.0/24 table external priority 450" ) rules_eth5=( "from BG.PN.T1.20/30 table bgp priority 600" "to BG.PN.T1.20/30 table bgp priority 650" ) # Now some fun functionality. # This flushes the Linux route cache # It is important on failover to do this # otherwise traffic might try an old route for a while. flush_route_cache() { ebegin "Flushing route cache for ${IFACE}" ip route flush cache dev ${IFACE} ret=$? eend $ret return $ret } # This will take a rules array, and process it. ip_rule_runner() { cmd="$1" rules_iface=rules_${IFACE}[@] rules=( "${!rules_iface}" ) max=$((${#rules[@]} - 1)) cmd="ip rule ${cmd}" for ln in `seq 0 $max`; do ebegin " ${cmd} ${rules[$ln]}" ${cmd} ${rules[$ln]} eend $? done } postup() { einfo "Adding rules" ip_rule_runner add flush_route_cache } predown() { einfo "Removing rules" ip_rule_runner del flush_route_cache } check_link() { ethtool "${IFACE}" | grep -q 'Link detected: yes' } preup() { case $IFACE in ppp*|ippp*|isdn*|plip*|lo*|irda*|dummy*|ipsec*|tun*|tap*) ;; bond*) if ! grep -a ${IFACE} /sys/class/net/bonding_masters 1>&2 2>/dev/null ; then echo "... adding ${IFACE} to bonding_masters" echo "+${IFACE}" > /sys/class/net/bonding_masters fi ;; ;; eth*) # Try to force link up first, for e1000 special case i=0 while [ $i -lt 5 ] && ! check_link; do [ $i -gt 0 ] && sleep 0.2 ip link set ${IFACE} up i=$(($i+1)) done if ! check_link; then ewarn "No link on ${IFACE}, aborting configuration" ip link set $IFACE down # commented out for the moment, we need to check if we are in a bond # TODO: this needs work, rc-depend for 1.13 #return 1 fi ;; esac return 0 } # Do not use the metric calculation code # It is slow with lots of routes. metric=0 metric_eth0=0 metric_eth1=0 metric_eth2=0 metric_eth3=0 metric_eth4=0 metric_eth5=0 metric_eth6=0 metric_bond0=0 # vim: set filetype=gentoo-conf-d: