tjo-cloud/network
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: more subnet documentation and ipv6 change

Browse source
This commit is contained in:
Tine 2024-11-05 19:51:03 +01:00
parent 30d762f151
commit 255eaa7eca
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
3 changed files with 51 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
README.md
View file

@ -15,25 +15,40 @@ __ingress.tjo.cloud__ has port-forwarded all public ports to it (22, 25, 80, 443
__network.tjo.cloud__ establishes Tailscale VPN connection between other network.tjo.cloud VMs. Using subnet routing it makes it possible that each VM can connect to all other VMs on any Proxmox host. __network.tjo.cloud__ establishes Tailscale VPN connection between other network.tjo.cloud VMs. Using subnet routing it makes it possible that each VM can connect to all other VMs on any Proxmox host.
# Subnets # Subnets
We are using `10.0.0.0/16` range for IPv4 as well as `fd74:6a6f:0::/48` for IPv6.
## Designations
| Host | IPv4 | IPv6 | | Host | IPv4 | IPv6 |
|------------|---------------|-----------------------| |------------|---------------|-----------------------|
| _reserved_ | 10.0.0.0/20 | fd9b:5314:0:0000::/52 | | _reserved_ | 10.0.0.0/20 | fd74:6a6f:0:0000::/52 |
| batuu | 10.0.16.0/20 | fd9b:5314:0:1000::/52 | | batuu | 10.0.16.0/20 | fd74:6a6f:0:1000::/52 |
| jakku | 10.0.32.0/20 | fd9b:5314:0:2000::/52 | | jakku | 10.0.32.0/20 | fd74:6a6f:0:2000::/52 |
| nevaroo | 10.0.48.0/20 | fd9b:5314:0:3000::/52 | | nevaroo | 10.0.48.0/20 | fd74:6a6f:0:3000::/52 |
| | 10.0.64.0/20 | fd9b:5314:0:4000::/52 | | | 10.0.64.0/20 | fd74:6a6f:0:4000::/52 |
| | 10.0.80.0/20 | fd9b:5314:0:5000::/52 | | | 10.0.80.0/20 | fd74:6a6f:0:5000::/52 |
| | 10.0.96.0/20 | fd9b:5314:0:6000::/52 | | | 10.0.96.0/20 | fd74:6a6f:0:6000::/52 |
| | 10.0.112.0/20 | fd9b:5314:0:7000::/52 | | | 10.0.112.0/20 | fd74:6a6f:0:7000::/52 |
| | 10.0.128.0/20 | fd9b:5314:0:8000::/52 | | | 10.0.128.0/20 | fd74:6a6f:0:8000::/52 |
| | 10.0.144.0/20 | fd9b:5314:0:9000::/52 | | | 10.0.144.0/20 | fd74:6a6f:0:9000::/52 |
| | 10.0.160.0/20 | fd9b:5314:0:a000::/52 | | | 10.0.160.0/20 | fd74:6a6f:0:a000::/52 |
| | 10.0.176.0/20 | fd9b:5314:0:b000::/52 | | | 10.0.176.0/20 | fd74:6a6f:0:b000::/52 |
| | 10.0.192.0/20 | fd9b:5314:0:c000::/52 | | | 10.0.192.0/20 | fd74:6a6f:0:c000::/52 |
| | 10.0.208.0/20 | fd9b:5314:0:d000::/52 | | | 10.0.208.0/20 | fd74:6a6f:0:d000::/52 |
| | 10.0.224.0/20 | fd9b:5314:0:e000::/52 | | | 10.0.224.0/20 | fd74:6a6f:0:e000::/52 |
| | 10.0.240.0/20 | fd9b:5314:0:f000::/52 | | | 10.0.240.0/20 | fd74:6a6f:0:f000::/52 |
Each subnet gives us 4096 IP addresses per host.
### Per host designations
| Use | IPv4 | IPv6 |
|------------------|------------------|-----------------------|
| Virtual Machines | 10.0.(y+0).0/22 | fd74:6a6f:0:y000::/54 |
| Kubernetes | 10.0.(y+4).0/22 | fd74:6a6f:0:y400::/54 |
| | 10.0.(y+8).0/22 | fd74:6a6f:0:y800::/54 |
| | 10.0.(y+12).0/22 | fd74:6a6f:0:yc00::/54 |
Each section gives us 1024 IP addresses.
# Setting up new Host # Setting up new Host
@ -53,7 +68,13 @@ opkg update
opkg install ca-bundle kmod-tun iptables-nft kmod-ipt-conntrack kmod-ipt-conntrack-extra kmod-ipt-conntrack-label kmod-ipt-nat kmod-nft-nat opkg install ca-bundle kmod-tun iptables-nft kmod-ipt-conntrack kmod-ipt-conntrack-extra kmod-ipt-conntrack-label kmod-ipt-nat kmod-nft-nat
/etc/init.d/tailscale start /etc/init.d/tailscale start
/etc/init.d/tailscale enable /etc/init.d/tailscale enable
tailscale up --accept-routes --advertise-routes=$IPV4_SUBNET,$IPV6_SUBNET --accept-dns=false --ssh
# Batuu
tailscale up --accept-routes --advertise-routes=10.0.16.0/20,fd74:6a6f:0:1000::/52 --accept-dns=false --ssh
# Jakku
tailscale up --accept-routes --advertise-routes=10.0.32.0/20,fd74:6a6f:0:2000::/52 --accept-dns=false --ssh
# Nevaroo
tailscale up --accept-routes --advertise-routes=10.0.48.0/20,fd74:6a6f:0:3000::/52 --accept-dns=false --ssh
``` ```
### 6. Configure. ### 6. Configure.
@ -62,9 +83,9 @@ Once tailscale is up and manually configured (see the config files for guide).
We can use automated way of maintaining config. We can use automated way of maintaining config.
``` ```
just deploy-config batuu 10.0.16.1 fd9b:5314:0:1000:: just deploy-config batuu 10.0.16.1 fd74:6a6f:0:1000::
just deploy-config jakku 10.0.32.1 fd9b:5314:0:2000:: just deploy-config jakku 10.0.32.1 fd74:6a6f:0:2000::
just deploy-config nevaroo 10.0.48.1 fd9b:5314:0:3000:: just deploy-config nevaroo 10.0.48.1 fd74:6a6f:0:3000::
``` ```
# TODO # TODO

4
openwrt/etc/config/dhcp
View file

@ -16,7 +16,9 @@ config dnsmasq
config dhcp 'lan' config dhcp 'lan'
option interface 'lan' option interface 'lan'
option start '1' option start '1'
option limit '254' # 1/4 of the subnet space.
# The rest is reserved for other uses.
option limit '1021'
option leasetime '24h' option leasetime '24h'
option dhcpv4 'server' option dhcpv4 'server'
option dhcpv6 'server' option dhcpv6 'server'

7
terraform/node.tf
View file

@ -53,7 +53,12 @@ resource "proxmox_virtual_environment_vm" "nodes" {
name = "${each.value.host}.${each.value.domain}" name = "${each.value.host}.${each.value.domain}"
node_name = each.value.host node_name = each.value.host
description = "OpenWRT instance for ${each.value.host}." description = <<EOT
An network.tjo.cloud instance for ${each.value.host}.
Repo: https://code.tjo.space/tjo-cloud/network
EOT
tags = [each.value.domain] tags = [each.value.domain]
stop_on_destroy = true stop_on_destroy = true