From: stephan48 Date: Sun, 28 Apr 2024 19:38:18 +0000 (+0200) Subject: (no commit message) X-Git-Url: https://blog.stejau.de/gitweb/gitweb.cgi?a=commitdiff_plain;h=f2992febc1a8b54125c41e3d1aa3293f99982b0d;p=stejau-blog.git --- diff --git a/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn b/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn index d7d7e38..c99c9ef 100644 --- a/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn +++ b/posts/2023-08-13-k3s-i-want-a-rootless-cluster-with-bgp-damn-it.mdwn @@ -74,78 +74,62 @@ rankdir=LR # Syntax: firewall1 [shape=none, label="firewall1", labelloc="b"] # node for the firewall -internet [shape=none, label="Internet", labelloc="b"] -router [shape=none, label="Home Router\nNAT for v4\nNo Translation for v6", labelloc="b"] -adapternamespace [shape=none, label="AdapterNS", labelloc="b"] -clusternamespace [shape=none, label="ClusterNS", labelloc="b"] +internet [label="Internet"] -# Syntax: Nets1 [shape=none, label="10.1.1.0/24\ndomainname1"] -# nodes directly connected netsNetz12700132 [shape=none, label="127.0.0.1/32\n"] +# cluster is required otherwhise stuff is not clustered - https://stackoverflow.com/questions/8366314/drawing-a-border-around-a-set-of-vertices-in-graphviz +subgraph cluster_router { + graph[style=dotted]; + label = "Home Router, responsible fo all network foo" -Netz101010029 [shape=none, label="10.10.10.0/29\ninternal"] -Netz202020028 [shape=none, label="20.20.20.0/28\ndmz1"] -Netz808080028 [shape=none, label="80.80.80.0/28\ndmz2"] + router [shape=none, label="NAT for v4\nNo Translation for v6", labelloc="b"] + + routerEXT [shape=Mrecord, label="Internet Uplink|wanv4\n91.x.x.x|wanv6\n2003:e1:y:y:z:z:z:z/64|" href="#test"] + routerINT [shape=Mrecord, label="LAN Network/Interface/Bridge|lanv4\n172.x.x.1/24|gua\n2003:e1:x:x::1/60|ula\nfd91:w:w::1/60|"] + + routerEXT -> router [style=invis] + router -> routerINT [style=invis] +} -# Syntax: Nets1 [shape=none, label="10.1.1.0/24\ndomainname2"] -# nodes for static route nets -Netz303030024 [shape=none, label="30.30.30.0/24\n"] -Netz404040024 [shape=none, label="40.40.40.0/24\n"] -Netz505050024 [shape=none, label="50.50.50.0/24\ndmz3"] -Netz606060024 [shape=none, label="60.60.60.0/24\n"] -Netz707070024 [shape=none, label="70.70.70.0/24\n"] +# cluster is required otherwhise stuff is not clustered - https://stackoverflow.com/questions/8366314/drawing-a-border-around-a-set-of-vertices-in-graphviz +subgraph cluster_adapterNS { + graph[style=dotted]; + label="Network Namespace for Network Translation(Adapter)" + adapternamespace [shape=none, style=invis] + adapterNS_INT [shape=Mrecord, label="Interface Bridged/Connected to LAN/INT of Router|v4\n172.x.x.146|gua\n2003:e1:y:y:z:z:z:z/64|guaprefix\nXXXXX/64|ula\nfd91:w:w::abc/64|ulaprefix\nYYYYY/64|" href="#test"] + adapterNS_CLUSTER [shape=Mrecord, label="Veth Pairling Linking to Cluster|TODO\nTODO|"] + + adapterNS_INT -> adapternamespace [dir=none,style=invis] + adapternamespace -> adapterNS_CLUSTER [dir=none,style=invis] -# Router1 [shape=none, label=""] -# nodes for all next hops +} -Router10101010 [shape=none, label="router1.internal.mycompany.com", labelloc="b"] -Router10101011 [shape=none, label="serverfarmfw1.dmz3.mycompany.com", labelloc="b"] -Router20202010 [shape=none, label="router2.dmz1.mycompany.com", labelloc="b"] +# cluster is required otherwhise stuff is not clustered - https://stackoverflow.com/questions/8366314/drawing-a-border-around-a-set-of-vertices-in-graphviz +subgraph cluster_clusterNS { + graph[style=dotted]; + label="Network Namespace for Cluster(or VLAN)" -# FirewallIFsNR [shape=Mrecord, label="IF1\n10.1.1.1|IF2\n10.1.2.1"] -# record based node for firewall interface table where there is no route + clusternamespace [style=invis] + clusterNS_ADAPTER [shape=Mrecord, label="Veth Pairling Connecting to Adapter|v4\n172.x.x.146|gua\n2003:e1:y:y:z:z:z:z/64|guaprefix\nXXXXX/64|ula\nfd91:w:w::abc/64|ulaprefix\nYYYYY/64|" href="#test"] + clusterNS_CLUSTER [shape=Mrecord, label="Examples for Cluster Resources|v4\n172.x.x.146|gua\n2003:e1:y:y:z:z:z:z/64|guaprefix\nXXXXX/64|ula\nfd91:w:w::abc/64|ulaprefix\nYYYYY/64|" href="#test"] + clusterNS_ADAPTER -> clusternamespace [style=invis] + clusternamespace -> clusterNS_CLUSTER [style=invis] +} -routerEXT [shape=Mrecord, label="wanv4\n91.x.x.x|wanv6\n2003:e1:y:y:z:z:z:z/64" href="#test"] -# FirewallIFsR [shape=Mrecord, label="IF3\n10.1.3.1|IF4\n10.1.4.1"] -# record based node for firewall interface table where there is a route -firewall1IFsR [shape=Mrecord, label="ae1c0\n10.10.10.1|ae2c1\n20.20.20.1|"] -routerINT [shape=Mrecord, label="lanv4\n172.x.x.1/24|gua\n2003:e1:x:x::1/60|ula\nfd91:w:w::1/60"] -# Netz1 -> FirewallIFsNR:IF1 [dir=back] -# edge for firewalls interface with direct networks only +routerINT:lanv4 -> adapterNS_INT:v4 [label="DHCP"] +routerINT:gua -> adapterNS_INT:gua [label="SLAAC"] +routerINT:gua -> adapterNS_INT:guaprefix [label="DHCPv6 PD"] +routerINT:ula -> adapterNS_INT:ula [label="SLAAC"] +routerINT:ula -> adapterNS_INT:ulaprefix [label="DHCPv6 PD"] -Netz12700132 -> firewall1IFsNR:loop0c0 -Netz808080028 -> firewall1IFsNR:ae3c1 -# edge for firewall interface table to firewall -# FirewallIFsNR -> Firewall [dir=none, penwidth=50, color="#8b0000"] -# Firewall -> FirewallIFsR [dir=none, penwidth=50, color="#8b0000"] +adapterNS_CLUSTER -> clusterNS_ADAPTER [label="Namespace Boundary(veth)"] -routerEXT -> router [dir=none, penwidth=50, color="#8b0000"] -router -> routerINT [dir=none, penwidth=50, color="#8b0000"] - -# edge for not direct networks to firewall interface table and to router and to nets -# FirewallIFsR:IF3 -> Netz3 -# Netz3 -> Router1 [headlabel="10.1.3.2"] -# Router1 -> Netz5 - -firewall1IFsR:ae1c0 -> Netz101010029 -firewall1IFsR:ae2c1 -> Netz202020028 - -Netz101010029 -> Router10101010[headlabel="10.10.10.10"] -Netz202020028 -> Router10101011[headlabel="10.10.10.11"] -Netz202020028 -> Router20202010[headlabel="20.20.20.10"] - -Router10101010 -> Netz303030024 -Router10101010 -> Netz404040024 -Router10101010 -> Netz505050024 -Router20202010 -> Netz606060024 -Router10101011 -> Netz707070024 - -internet -> routerEXT +internet -> routerEXT """]]