diff --git a/Makefile b/Makefile index 22a85963..22b5ac59 100644 --- a/Makefile +++ b/Makefile @@ -254,11 +254,11 @@ ssh-machine: )) ssh -F files/ssh/config $(machine) $(COMMAND) -.PHONY: connect-to-cloudflare -connect-to-cloudflare: - @echo "Attempting to connect to Cloudflare..." +.PHONY: connect-to-www +connect-to-www: + @echo "Attempting to connect to container www..." @for i in $$(seq 1 $(MAX_RETRIES)); do \ - if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent https://1.1.1.1" > /dev/null 2>&1; then \ + if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent http://203.0.113.3" > /dev/null 2>&1; then \ echo "Connected successfully"; \ exit 0; \ else \ diff --git a/files/inet/frr.conf b/files/inet/frr.conf index 78df378c..fd5a1eb3 100644 --- a/files/inet/frr.conf +++ b/files/inet/frr.conf @@ -6,11 +6,7 @@ ipv6 forwarding vrf vrfInternet vni 104009 ip route 0.0.0.0/0 203.0.113.1 -exit-vrf -! -vrf vrfInternet6 - vni 106009 - ipv6 route ::/0 2001:db8:1::1 + ipv6 route ::/0 2001:db8:1::42 exit-vrf ! interface eth1 @@ -58,23 +54,12 @@ router bgp 4200000021 vrf vrfInternet redistribute static exit-address-family ! - address-family l2vpn evpn - advertise ipv4 unicast - exit-address-family -! -route-map LOOPBACKS permit 10 - match interface lo -! - -router bgp 4200000021 vrf vrfInternet6 - bgp router-id 10.0.0.21 - bgp bestpath as-path multipath-relax - ! address-family ipv6 unicast redistribute static exit-address-family ! address-family l2vpn evpn + advertise ipv4 unicast advertise ipv6 unicast exit-address-family ! diff --git a/files/inet/network.sh b/files/inet/network.sh index 36ffa501..54265bb8 100644 --- a/files/inet/network.sh +++ b/files/inet/network.sh @@ -5,11 +5,6 @@ ip link add vrfInternet type vrf table 1000 ip link set dev vrfInternet up ip link set dev ext master vrfInternet -# IPv6 -ip link add vrfInternet6 type vrf table 1006 -ip link set dev vrfInternet6 up -ip link set dev eth0 master vrfInternet6 - ip link add name bridge type bridge stp_state 0 ip link set dev bridge type bridge vlan_filtering 1 ip link set dev bridge mtu 9000 @@ -22,12 +17,6 @@ bridge vlan del vid 1 dev bridge self bridge vlan add vid 1000 dev bridge self ip link set dev vlanInternet up -# IPv6 -ip link add link bridge up name vlanInternet6 type vlan id 1006 -ip link set dev vlanInternet6 mtu 9000 -ip link set dev vlanInternet6 master vrfInternet6 -bridge vlan add vid 1006 dev bridge self -ip link set dev vlanInternet6 up ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning ip link set dev vniInternet mtu 9000 @@ -38,17 +27,5 @@ bridge vlan add vid 1000 dev vniInternet bridge vlan add vid 1000 untagged pvid dev vniInternet ip link set up dev vniInternet -# IPv6 -ip link add vniInternet6 type vxlan id 106009 dstport 4789 local 10.0.0.21 nolearning -ip link set dev vlanInternet6 mtu 9000 -ip link set dev vniInternet6 master bridge -bridge vlan del vid 1 dev vniInternet6 -bridge vlan del vid 1 untagged pvid dev vniInternet6 -bridge vlan add vid 1006 dev vniInternet6 -bridge vlan add vid 1006 untagged pvid dev vniInternet6 -ip link set up dev vniInternet6 - # Does not have a ipv6 address on eth0 on startup, fix this -ip ad add 2001:db8:1::42/64 dev eth0 - -iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +ip ad add 2001:db8:1::42/64 dev eth0 \ No newline at end of file diff --git a/files/rules.yaml b/files/rules.yaml index 2b20c744..55f7595e 100644 --- a/files/rules.yaml +++ b/files/rules.yaml @@ -1,5 +1,11 @@ --- egress: + - comment: allow outgoing http + ports: + - 80 + protocol: TCP + to: + - 0.0.0.0/0 - comment: allow outgoing https ports: - 443 diff --git a/mini-lab.cumulus.yaml b/mini-lab.cumulus.yaml index 194bf4fe..30e43971 100644 --- a/mini-lab.cumulus.yaml +++ b/mini-lab.cumulus.yaml @@ -38,10 +38,17 @@ topology: binds: - /dev:/dev - scripts:/mini-lab - + www: + kind: linux + image: docker.io/library/nginx:alpine-slim + network-mode: none + exec: + - ip addr add 203.0.113.3/24 dev ext + - ip route add 203.0.113.128/25 via 203.0.113.2 dev ext links: - endpoints: ["inet:ext", "mini_lab_ext:inet"] mtu: 9000 + - endpoints: ["www:ext", "mini_lab_ext:www"] - endpoints: ["leaf01:swp1", "vms:lan0"] - endpoints: ["leaf02:swp1", "vms:lan1"] - endpoints: ["leaf01:swp2", "vms:lan2"] diff --git a/mini-lab.sonic.yaml b/mini-lab.sonic.yaml index b309fcd5..4e2e82df 100644 --- a/mini-lab.sonic.yaml +++ b/mini-lab.sonic.yaml @@ -41,9 +41,17 @@ topology: binds: - /dev:/dev - scripts:/mini-lab + www: + kind: linux + image: docker.io/library/nginx:alpine-slim + network-mode: none + exec: + - ip addr add 203.0.113.3/24 dev ext + - ip route add 203.0.113.128/25 via 203.0.113.2 dev ext links: - endpoints: ["inet:ext", "mini_lab_ext:inet"] mtu: 9000 + - endpoints: ["www:ext", "mini_lab_ext:www"] - endpoints: ["leaf01:eth1", "inet:eth1"] - endpoints: ["leaf02:eth1", "inet:eth2"] - endpoints: ["leaf01:eth2", "vms:lan0"] diff --git a/test/integration.sh b/test/integration.sh index bb6fae07..543583e7 100755 --- a/test/integration.sh +++ b/test/integration.sh @@ -43,7 +43,7 @@ done echo "$phoned/$minPhoned machines have phoned home" echo "Test connectivity to outside" -make connect-to-cloudflare +make connect-to-www echo "Test connectivity from outside" ssh -o StrictHostKeyChecking=no -o "PubkeyAcceptedKeyTypes +ssh-rsa" -i files/ssh/id_rsa metal@203.0.113.130 -C exit