From: stephan48 Date: Sat, 27 Apr 2024 23:07:18 +0000 (+0200) Subject: (no commit message) X-Git-Url: https://blog.stejau.de/gitweb/gitweb.cgi?a=commitdiff_plain;h=34b7479fcbb368190472d7773d7b492d38a03e83;p=stejau-blog.git --- diff --git a/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn b/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn index 36557e0..1472c68 100644 --- a/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn +++ b/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn @@ -60,3 +60,86 @@ IPv6: Yes because i am a masochist. + + +[[!graph src=""" +rankdir=LR + +# Syntax: firewall1 [shape=none, label="firewall1", labelloc="b"] +# node for the firewall + +internet [shape=none, label="Internet", labelloc="b"] +router [shape=none, label="Home Router\nNAT for v4\nNo Translation for v6", labelloc="b"] +adapternamespace [shape=none, label="AdapterNS", labelloc="b"] +clusternamespace [shape=none, label="ClusterNS", labelloc="b"] + +# Syntax: Nets1 [shape=none, label="10.1.1.0/24\ndomainname1"] +# nodes directly connected netsNetz12700132 [shape=none, label="127.0.0.1/32\n"] + +Netz101010029 [shape=none, label="10.10.10.0/29\ninternal"] +Netz202020028 [shape=none, label="20.20.20.0/28\ndmz1"] +Netz808080028 [shape=none, label="80.80.80.0/28\ndmz2"] + +# Syntax: Nets1 [shape=none, label="10.1.1.0/24\ndomainname2"] +# nodes for static route nets + +Netz303030024 [shape=none, label="30.30.30.0/24\n"] +Netz404040024 [shape=none, label="40.40.40.0/24\n"] +Netz505050024 [shape=none, label="50.50.50.0/24\ndmz3"] +Netz606060024 [shape=none, label="60.60.60.0/24\n"] +Netz707070024 [shape=none, label="70.70.70.0/24\n"] + +# Router1 [shape=none, label=""] +# nodes for all next hops + +Router10101010 [shape=none, label="router1.internal.mycompany.com", labelloc="b"] +Router10101011 [shape=none, label="serverfarmfw1.dmz3.mycompany.com", labelloc="b"] +Router20202010 [shape=none, label="router2.dmz1.mycompany.com", labelloc="b"] + +# FirewallIFsNR [shape=Mrecord, label="IF1\n10.1.1.1|IF2\n10.1.2.1"] +# record based node for firewall interface table where there is no route + +routerEXT [shape=Mrecord, label="wanv4\n91.x.x.x|wanv6\n2003:e1:y:y:z:z:z:z/64"] + +# FirewallIFsR [shape=Mrecord, label="IF3\n10.1.3.1|IF4\n10.1.4.1"] +# record based node for firewall interface table where there is a route + +firewall1IFsR [shape=Mrecord, label="ae1c0\n10.10.10.1|ae2c1\n20.20.20.1|"] + +routerINT [shape=Mrecord, label="lanv4\n172.x.x.1/24|gua\n2003:e1:x:x::1/60|ula\nfd91:w:w::1/60"] + +# Netz1 -> FirewallIFsNR:IF1 [dir=back] +# edge for firewalls interface with direct networks only + +Netz12700132 -> firewall1IFsNR:loop0c0 +Netz808080028 -> firewall1IFsNR:ae3c1 + +# edge for firewall interface table to firewall +# FirewallIFsNR -> Firewall [dir=none, penwidth=50, color="#8b0000"] +# Firewall -> FirewallIFsR [dir=none, penwidth=50, color="#8b0000"] + +routerEXT -> router [dir=none, penwidth=50, color="#8b0000"] +router -> routerINT [dir=none, penwidth=50, color="#8b0000"] + +# edge for not direct networks to firewall interface table and to router and to nets +# FirewallIFsR:IF3 -> Netz3 +# Netz3 -> Router1 [headlabel="10.1.3.2"] +# Router1 -> Netz5 + +firewall1IFsR:ae1c0 -> Netz101010029 +firewall1IFsR:ae2c1 -> Netz202020028 + +Netz101010029 -> Router10101010[headlabel="10.10.10.10"] +Netz202020028 -> Router10101011[headlabel="10.10.10.11"] +Netz202020028 -> Router20202010[headlabel="20.20.20.10"] + +Router10101010 -> Netz303030024 +Router10101010 -> Netz404040024 +Router10101010 -> Netz505050024 +Router20202010 -> Netz606060024 +Router10101011 -> Netz707070024 + +internet -> routerEXT + +"""]] +