首頁 探索 說明
註冊 登入
AFS
/
infrastructure-notes
2
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 056aff9755
分支列表 標籤列表
infrastructure-...
/
Interconnects Notes.md

Interconnects Notes.md 2.2 KB
文件歷史 原始文件

Interconnects Notes

The Interconnect servers allow for traffic between the AWS Transit Gateways. They are located in test and prod AWS mdr-x-c2-gov account. The interconnects are redundant.

2 servers for GC TEST and 2 servers for GC Prod. 4 total servers.

Redundent VPNs are used to connect from the transit gateway to the interconnect servers. Each interconnect server has 4 VPN connections, two per transit gateway.

Software

08/10/2020

Strongswan

strongswan is the VPN IPSEC tunnels software used to connect to the AWS VPN tunnel. Salt is being used to configure the software. It used the vpn_info pillar.

Quagga

Quagga contains zebra and behaves like a Cisco router. It is where the BGP is configured.

Primary iteraction is via the shell, which behaves like a Cisco router:

vtysh

In vtysh, run commands like on a router, such as:

show run
show ip bgp neighbor summary
show ip bgp neighbor

2 services for quagga

systemctl status bgpd
systemctl status zebra

Troubleshooting Steps

  1. Check interfaces ifconfig (should be 4 vti interface). If no interfaces, restart strongswan.
  2. Ensure you can ping the link-local 169.* address. Subtract 1 from the IP address to ping the remote/AWS-side VPN IP address

IPs

dev-interconnect-0

server IP: 169.254.230.198
AWS Side: 169.254.230.197

server IP: 169.254.142.234
AWS Side: 169.254.142.233

server IP: 169.254.221.230
AWS Side: 169.254.221.229

server IP: 169.254.145.142
AWS Side: 169.254.145.141

dev-interconnect-1

server IP: 169.254.186.190
AWS Side: 169.254.186.189

server IP: 169.254.119.74
AWS Side: 169.254.119.73

server IP: 169.254.20.162
AWS Side: 169.254.20.161

server IP: 169.254.128.190
AWS Side: 169.254.128.189

prod-interconnect-0

server IP: 169.254.152.218
AWS Side: 169.254.152.217

server IP: 169.254.88.106
AWS side: 169.254.88.105

server IP: 169.254.253.46
AWS Side: 169.254.253.45

server IP: 169.254.91.130
AWS Side: 169.254.91.129

prod-interconnect-1

server IP: 169.254.247.158
AWS Side: 169.254.247.157

server IP: 169.254.246.158
AWS Side: 169.254.246.157

server IP: 169.254.22.22
AWS Side: 169.254.22.21

server IP: 169.254.38.14
AWS Side: 169.254.38.13