Interconnects Notes.md 2.1 KB
Interconnects Notes
The Interconnect servers allow for traffic between the AWS Transit Gateways. They are located in test and prod AWS mdr-x-c2-gov account. The interconnects are redundent.
2 servers for test and 2 servers for prod. 4 total servers.
Redundent VPNs are used to connect from the transit gateway to the interconnect servers. Each interconnect server has 4 VPN connections, two per transit gateway.
Software
08/10/2020
Strongswan
strongswan is the VPN IPSEC tunnels software used to connect to the aws VPN tunnel. Salt is being used to configure the software. It used the vpn_info pillar.
Quagga
Quagga contains zebra and behaves like a cisco router. It is where the BGP is configured.
Primary iteraction is via the shell, which behaves like a cisco router:
vtysh
In vtysh, run commands like on a router, such as:
show run
show ip bgp neighbor summary
show ip bgp neighbor
2 services for quagga
systemctl status bgpd
systemctl status zebra
Troubleshooting Steps
- check interfaces
ifconfig(should be 4vtiinterface). If no interfaces, restart strongswan. - ensure you can ping the link-local
169.*address. Subtract 1 from the IP address to ping the remote/AWS-side VPN IP address
IPs
dev-interconnect-0
server IP: 169.254.230.198 AWS Side: 169.254.230.197
server IP: 169.254.142.234 AWS Side: 169.254.142.233
server IP: 169.254.221.230 AWS Side: 169.254.221.229
server IP: 169.254.145.142 AWS Side: 169.254.145.141
dev-interconnect-1
server IP: 169.254.186.190 AWS Side: 169.254.186.189
server IP: 169.254.119.74 AWS Side: 169.254.119.73
server IP: 169.254.20.162 AWS Side: 169.254.20.161
server IP: 169.254.128.190 AWS Side: 169.254.128.189
prod-interconnect-0
server IP: 169.254.152.218 AWS Side: 169.254.152.217
server IP: 169.254.88.106 AWS side: 169.254.88.105
server IP: 169.254.253.46 AWS Side: 169.254.253.45
server IP: 169.254.91.130 AWS Side: 169.254.91.129
prod-interconnect-1
server IP: 169.254.247.158 AWS Side: 169.254.247.157
server IP: 169.254.246.158 AWS Side: 169.254.246.157
server IP: 169.254.22.22 AWS Side: 169.254.22.21
server IP: 169.254.38.14 AWS Side: 169.254.38.13