Partner/yap
12
0
Fork 0
Code Pull Requests Projects Releases Activity
2 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
James Oakley adffaf4970 VRF support
2018-12-04 13:50:02 -08:00
salt
VRF support
2018-12-04 13:50:02 -08:00
Makefile
Initial Commit
2018-11-30 08:39:47 -08:00
README.rst
Initial Commit
2018-11-30 08:39:47 -08:00
yap
VRF support
2018-12-04 13:50:02 -08:00

README.rst

YAP: Yet Another Private WAN

This is an alternative method of providing private WAN in bonding. Instead of funneling traffic into private WAN routers via GRE tunnels, it peers space tables directly on VLANs off the aggregators using OSPF. This allows for the following improvemements over standard private WAN:

  • Custom, more efficient backhauls can be used, improving speed in most cases
  • Tables can be peered with any switches or routers in the data centers
  • Reduces processing load on aggregators due to simplified rulesets

If a backhaul is not already set up in a data center, additional "VXR" boxes can be added to each data center to provide an overlay backhaul using VXLAN-over-IPSEC.

Initial installation

First, install the software on the bondingadmin server:

make install

Then add a read-only user in the Bondingadmin web interface allow the tool to query the API. Add the user details using the yap tool:

yap auth-set user@example.com mypassword

Setting up regions

Each region will have a series of aggregators and VLAN assignments for the spaces. To add a region:

yap region-add yvr

Setting up spaces

To add the space with key foo:

yap space-add add foo

Setting VLAN region associations

If a VLAN is not associated to a space in a region, none of the nodes in that region will set up peering for the space. To add a VLAN association for space foo in region yvr on vlan 1234:

yap vlan-set foo yvr 1234

Enabling IPSEC

To enable IPSEC:

yap ipsec-enable

Setting up a VXR

If using VXR hosts to provide a backhaul overlay, install the latest openSUSE Leap distribution on a host, set up the base networking, then install and setup salt-minion.

Assuming we are going to call the node yvr-vxr01 and our Bondingadmin host is bondingadmin.mydomain.com:

zypper in salt-minion
echo yvr-vxr01 > /etc/salt/minion_id
echo "master: bondingadmin.mydomain.com" > /etc/salt/minion.d/yap.conf
echo -e "grains:\n  type: vxr" >> /etc/salt/minion.d/yap.conf
systemctl enable --now salt-minion

On the Bondingadmin server, accept the salt key for the box:

salt-key -a yvr-vxr01

Then add a record using yap, with the name, ip, region, and VLAN trunk port:

yap vxr-add yvr-vxr01 1.2.3.4 yvr eth1

The necessary software will be installed automatically.

Adding aggregators

To add an aggregator, get the ID from Bondingadmin, select a region for it, setup a vlan trunk interface, then add it:

yap agg-add 1 yvr eth1

This will install some software on the aggregator to maintain the VLANs and OSPF peering on the eth1 trunk port.

Showing status

On each Aggregator and VXR, there is a yap command that manages the local state. to show the state of space foo:

yap status foo

From the bondingadmin server, you can check state on multiple hosts simultaneously by specifying a node list to the salt cmd.run command. For example, to show the state of space foo on the VXR yvr-vxr01 and the aggregator with ID 1:

salt -C 'L@yvr-vxr01,node-1' cmd.run "yap status foo"
Description
Yet Another Private WAN (DEPRECATED as of bonding 6.5)
Readme 145 KiB
Languages
Shell 93%
SaltStack 6%
Makefile 1%