Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[READY] - dev-server to support bond and vlans for test environment #809

Merged
merged 6 commits into from
Jan 22, 2025
Merged

[READY] - dev-server to support bond and vlans for test environment #809

merged 6 commits into from
Jan 22, 2025

Conversation

sarcasticadmin
Copy link
Member

@sarcasticadmin sarcasticadmin commented Dec 31, 2024
edited
Loading

Description of PR

Relates to #807

In an effort to stand up a working ipv6 network with a expo network configuration on the dev-server in the colo. We've added a 4 port LACP interface bond0 with VLANs to simulate expo building along with the various out network configuration that was needed.

Previous Behavior

  • no bond0 interface

New Behavior

  • bond0 interface
  • Scale Expo bridged VLANs added to dev-server bond0 interface
  • IP static addresses and routes for 10.0.3.5 for the dev-server
  • Static ipv4 and ipv6 routes for the 10.0.0.0/8 and 2001:470:f026::/48 networks
  • Disabling all ipv6 RAs on existing interfaces without addressing

Tests

  • nixos-rebuild switch --flake github:socallinuxexpo/scale-network/rh/issue-807-dhcp#devServer --refresh works cleanly
  • pinging across bond0 to HE gateway
  • pinging across Scale network to Scale gateways:
[root@dev-server:~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
64 bytes from 10.0.3.1: icmp_seq=1 ttl=64 time=0.503 ms
64 bytes from 10.0.3.1: icmp_seq=2 ttl=64 time=0.502 ms
^C
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1019ms
rtt min/avg/max/mdev = 0.502/0.502/0.503/0.000 ms
[root@dev-server:~]# ping 2001:470:f026:103::1
PING 2001:470:f026:103::1 (2001:470:f026:103::1) 56 data bytes
64 bytes from 2001:470:f026:103::1: icmp_seq=1 ttl=64 time=1.90 ms
64 bytes from 2001:470:f026:103::1: icmp_seq=2 ttl=64 time=0.958 ms
^C
--- 2001:470:f026:103::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.958/1.429/1.901/0.471 ms

owendelong
owendelong approved these changes Dec 31, 2024
View reviewed changes
Copy link
Collaborator

@owendelong owendelong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sarcasticadmin @owendelong
nix.nixos-configurations.dev-server: wait-online.enable=false
9370cf2 
Without this a `nixos-rebuild switch` would hang until the
systemd.network.wait-online service timedout and failed to start.

Co-authored-by: Owen DeLong <[email protected]>
@sarcasticadmin sarcasticadmin force-pushed the rh/issue-807 branch 3 times, most recently from b5463f1 to fb38bfb Compare January 21, 2025 07:48
sarcasticadmin and others added 5 commits January 21, 2025 07:49
@sarcasticadmin @owendelong
nix.nixos-configurations.dev-server: 4 nic LACP and expo vlans
e40b0f2 
This change introduces a 4 nic LACP and bridges for each expo vlan. This
allows the tech team the ability to test across any of the networks we
deploy in the expo building. Most likely we will only be using the
management vlan (vlan103) initially.

Co-authored-by: Owen DeLong <[email protected]>
@sarcasticadmin @owendelong
nix.nixos-configurations.dev-server: systctl to disable RA on ipv6
a032972 
This might be problematic if we try to pass bridges into a hypervisor
which want ipv6 addresses. But we'll cross that "bridge" when we get to
it.

Co-authored-by: Owen DeLong <[email protected]>
@sarcasticadmin @owendelong
nix.nixos-configurations.dev-server: systctl to disable privacy ipv6 …
28ef2db 
…stuff

TODO: this would probably be disabled across the board for all ipv6
nixos hosts.

Co-authored-by: Owen DeLong <[email protected]>
@sarcasticadmin @owendelong
nix.nixos-configurations.dev-server: ipv4 static route for bridge103
343f034 
Unlike the hypervisors during the show: The dev-server has multiple
networks that its apart of: HE Tunnel + Scale Expo Network. Thus we must
be explicit about which route the entire 10.0.0.0/8 should take.

Co-authored-by: Owen DeLong <[email protected]>
@sarcasticadmin @owendelong
nix.nixos-configurations.dev-server: ipv6 static route for bridge103
e98c5da 
Explicit routes for ipv6 since we have multiple networks in the colo at
HE: HE itself and Scale Expo Network.

Co-authored-by: Owen DeLong <[email protected]>
@sarcasticadmin sarcasticadmin changed the title [WIP] - dev-server to support vlans for test environment [READY] - dev-server to support bond and vlans for test environment Jan 21, 2025
@sarcasticadmin sarcasticadmin mentioned this pull request Jan 21, 2025
Open
ruebenramirez
ruebenramirez reviewed Jan 22, 2025
View reviewed changes
nix/nixos-configurations/dev-server/default.nix
enable = true;
netdevs = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't familiar with netdev configuration, so thanks for the TIL! :)

ruebenramirez
ruebenramirez approved these changes Jan 22, 2025
View reviewed changes
Copy link
Contributor

@ruebenramirez ruebenramirez left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the explicit approach here. (crafty loops intending to lower the line count seem to make things harder to grok)

kylerisse
kylerisse approved these changes Jan 22, 2025
View reviewed changes
Copy link
Member

@kylerisse kylerisse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Way more VLANs than I was expecting. Will help if we ever want to test implementing proper ACLs and test from any subnet. Awesome work @owendelong and @sarcasticadmin !

nix/nixos-configurations/dev-server/default.nix
"net.ipv6.conf.bridge112.autoconf" = false;
"net.ipv6.conf.bridge499.autoconf" = false;
# completely disable IPv6 temporary addresses
"net.ipv6.conf.default.use_tempaddr" = lib.mkForce 0;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@kylerisse
Copy link
Member

I like the explicit approach here. (crafty loops intending to lower the line count seem to make things harder to grok)

Totally agree here. This could have been a really ugly combination of attribute set and map function or something even more sinister.

@sarcasticadmin
Copy link
Member Author

Thanks for the reviews @ruebenramirez and @kylerisse . Glad you both appreciate the approach :shipit:

@sarcasticadmin sarcasticadmin merged commit 6f65d7b into master Jan 22, 2025
6 checks passed
@sarcasticadmin sarcasticadmin deleted the rh/issue-807 branch January 22, 2025 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruebenramirez ruebenramirez ruebenramirez approved these changes

@kylerisse kylerisse kylerisse approved these changes

@owendelong owendelong Awaiting requested review from owendelong

@djacu djacu Awaiting requested review from djacu

@MatthewCroughan MatthewCroughan Awaiting requested review from MatthewCroughan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sarcasticadmin @kylerisse @ruebenramirez @owendelong