Rearrange sysctl for rp_filtering off on bridge

This commit is contained in:
Joshua Boniface 2019-03-17 20:05:58 -04:00
parent 4050c452d6
commit 013f75111a
1 changed files with 28 additions and 26 deletions

View File

@ -303,32 +303,7 @@ logger.out(' Kernel: {}'.format(staticdata[1]))
logger.out('Starting pvcd on host {}'.format(myfqdn), state='s') logger.out('Starting pvcd on host {}'.format(myfqdn), state='s')
############################################################################### ###############################################################################
# PHASE 1d - Prepare sysctl for pvcd # PHASE 2a - Create local IP addresses for static networks
###############################################################################
if enable_networking:
# Enable routing functions
common.run_os_command('sysctl net.ipv4.ip_forward=1')
common.run_os_command('sysctl net.ipv6.ip_forward=1')
# Send redirects
common.run_os_command('sysctl net.ipv4.conf.all.send_redirects=1')
common.run_os_command('sysctl net.ipv4.conf.default.send_redirects=1')
common.run_os_command('sysctl net.ipv6.conf.all.send_redirects=1')
common.run_os_command('sysctl net.ipv6.conf.default.send_redirects=1')
# Accept source routes
common.run_os_command('sysctl net.ipv4.conf.all.accept_source_route=1')
common.run_os_command('sysctl net.ipv4.conf.default.accept_source_route=1')
common.run_os_command('sysctl net.ipv6.conf.all.accept_source_route=1')
common.run_os_command('sysctl net.ipv6.conf.default.accept_source_route=1')
# Disable RP filtering on the VNI dev interface (to allow traffic pivoting from primary)
common.run_os_command('sysctl net.ipv4.conf.{}.rp_filter=0'.format(config['vni_dev']))
common.run_os_command('sysctl net.ipv6.conf.{}.rp_filter=0'.format(config['vni_dev']))
###############################################################################
# PHASE 2 - Create local IP addresses for static networks
############################################################################### ###############################################################################
if enable_networking: if enable_networking:
@ -365,6 +340,33 @@ if enable_networking:
if upstream_dev_gateway: if upstream_dev_gateway:
common.run_os_command('ip route add default via {} dev {}'.format(upstream_dev_gateway, upstream_dev)) common.run_os_command('ip route add default via {} dev {}'.format(upstream_dev_gateway, upstream_dev))
###############################################################################
# PHASE 2b - Prepare sysctl for pvcd
###############################################################################
if enable_networking:
# Enable routing functions
common.run_os_command('sysctl net.ipv4.ip_forward=1')
common.run_os_command('sysctl net.ipv6.ip_forward=1')
# Send redirects
common.run_os_command('sysctl net.ipv4.conf.all.send_redirects=1')
common.run_os_command('sysctl net.ipv4.conf.default.send_redirects=1')
common.run_os_command('sysctl net.ipv6.conf.all.send_redirects=1')
common.run_os_command('sysctl net.ipv6.conf.default.send_redirects=1')
# Accept source routes
common.run_os_command('sysctl net.ipv4.conf.all.accept_source_route=1')
common.run_os_command('sysctl net.ipv4.conf.default.accept_source_route=1')
common.run_os_command('sysctl net.ipv6.conf.all.accept_source_route=1')
common.run_os_command('sysctl net.ipv6.conf.default.accept_source_route=1')
# Disable RP filtering on the VNI dev and bridge interfaces (to allow traffic pivoting)
common.run_os_command('sysctl net.ipv4.conf.all.rp_filter=0'.format(config['vni_dev']))
common.run_os_command('sysctl net.ipv4.conf.brcluster.rp_filter=0')
common.run_os_command('sysctl net.ipv6.conf.all.rp_filter=0'.format(config['vni_dev']))
common.run_os_command('sysctl net.ipv6.conf.brcluster.rp_filter=0')
############################################################################### ###############################################################################
# PHASE 3a - Determine coordinator mode # PHASE 3a - Determine coordinator mode
############################################################################### ###############################################################################