صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
AFS
/
infrastructure-notes
2
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 9fe6830ac7
شاخه‌ها تگ‌ها
infrastructure-...
/
Interconnects Notes.md

Interconnects Notes.md 2.1 KB
تاريخچه خام

Interconnects Notes

The Interconnect servers allow for traffic between the AWS Transit Gateways. They are located in test and prod AWS mdr-x-c2-gov account. The interconnects are redundent.

2 servers for test and 2 servers for prod. 4 total servers.

Redundent VPNs are used to connect from the transit gateway to the interconnect servers. Each interconnect server has 4 VPN connections, two per transit gateway.

Software

08/10/2020

Strongswan

strongswan is the VPN IPSEC tunnels software used to connect to the aws VPN tunnel. Salt is being used to configure the software. It used the vpn_info pillar.

Quagga

Quagga contains zebra and behaves like a cisco router. It is where the BGP is configured.

Primary iteraction is via the shell, which behaves like a cisco router:

vtysh

In vtysh, run commands like on a router, such as:

show run
show ip bgp neighbor summary
show ip bgp neighbor

2 services for quagga

systemctl status bgpd
systemctl status zebra

Troubleshooting Steps

  1. check interfaces ifconfig (should be 4 vti interface). If no interfaces, restart strongswan.
  2. ensure you can ping the link-local 169.* address. Subtract 1 from the IP address to ping the remote/AWS-side VPN IP address

IPs

dev-interconnect-0

server IP: 169.254.230.198 AWS Side: 169.254.230.197

server IP: 169.254.142.234 AWS Side: 169.254.142.233

server IP: 169.254.221.230 AWS Side: 169.254.221.229

server IP: 169.254.145.142 AWS Side: 169.254.145.141

dev-interconnect-1

server IP: 169.254.186.190 AWS Side: 169.254.186.189

server IP: 169.254.119.74 AWS Side: 169.254.119.73

server IP: 169.254.20.162 AWS Side: 169.254.20.161

server IP: 169.254.128.190 AWS Side: 169.254.128.189

prod-interconnect-0

server IP: 169.254.152.218 AWS Side: 169.254.152.217

server IP: 169.254.88.106 AWS side: 169.254.88.105

server IP: 169.254.253.46 AWS Side: 169.254.253.45

server IP: 169.254.91.130 AWS Side: 169.254.91.129

prod-interconnect-1

server IP: 169.254.247.158 AWS Side: 169.254.247.157

server IP: 169.254.246.158 AWS Side: 169.254.246.157

server IP: 169.254.22.22 AWS Side: 169.254.22.21

server IP: 169.254.38.14 AWS Side: 169.254.38.13