Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall Precedence #98

Draft
wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

Firewall Precedence #98

wants to merge 13 commits into from

Conversation

mwindower
Copy link
Contributor

Closes #97

Idea: Prolong AS-Path in all directions (except the underlay)

  • for IPs of external networks produced in a cluster
  • for routes to storage
  • for the default routes / internet access of the cluster

@Honigeintopf
Copy link

Honigeintopf commented Nov 6, 2024

I will add the distance to the InstallerConfig in metal hammer, this is used as config to be input from fc to metal-networker.
That way we can also test it better.

https://github.com/metal-stack/metal-hammer/blob/eaceba8987b759f21449ec965c1758da17c5a75a/pkg/api/api.go#L16C1-L43C2

Otherwise I have to manually input the distance from fc to metal-networker and testing it is also not as good that way.

fwDistance := uint8(f.Distance)
a := netconf.NewFrrConfigApplier(netconf.Firewall, *c, tmpFile, fwDistance)

what do you think? @majst01

@majst01
Copy link
Contributor

majst01 commented Nov 6, 2024

I will add the distance to the InstallerConfig in metal hammer, this is used as config to be input from fc to metal-networker. That way we can also test it better.

https://github.com/metal-stack/metal-hammer/blob/eaceba8987b759f21449ec965c1758da17c5a75a/pkg/api/api.go#L16C1-L43C2

Otherwise I have to manually input the distance from fc to metal-networker and testing it is also not as good that way.

fwDistance := uint8(f.Distance)
a := netconf.NewFrrConfigApplier(netconf.Firewall, *c, tmpFile, fwDistance)

what do you think? @majst01

This will not help, it must be done in the firewall controller

@Honigeintopf
Copy link

I will add the distance to the InstallerConfig in metal hammer, this is used as config to be input from fc to metal-networker. That way we can also test it better.
https://github.com/metal-stack/metal-hammer/blob/eaceba8987b759f21449ec965c1758da17c5a75a/pkg/api/api.go#L16C1-L43C2
Otherwise I have to manually input the distance from fc to metal-networker and testing it is also not as good that way.

fwDistance := uint8(f.Distance)
a := netconf.NewFrrConfigApplier(netconf.Firewall, *c, tmpFile, fwDistance)

what do you think? @majst01

This will not help, it must be done in the firewall controller

Sorry wrong issue. This is about the firewall-controller function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Configurable precedence of firewalls
3 participants