Differences

This shows you the differences between two versions of the page.

--- infrastructure:servers:chaosknoten [2025-05-20 17:26 UTC] – fix SSH jump-host config jtbx
+++ infrastructure:servers:chaosknoten [2026-02-24 13:44 UTC] (current) – fix netbox domain lilly
@@ Line 34: / Line 34: @@
 ===== Gast-VMs =====
-Die VMs sind in Netbox dokumentiert: [[https://netbox.ccchh.net/virtualization/virtual-machines/?cluster_id=2|Virtual Machines Cluster=chaosknoten]]
+Die VMs sind in Netbox dokumentiert: [[https://netbox.hamburg.ccc.de/virtualization/virtual-machines/?cluster_id=2|Virtual Machines Cluster=chaosknoten]]
 ===== Firewall-Freischaltung =====
@@ Line 42: / Line 42: @@
   * stb: 213.240.180.39 und 2a01:170:118b::1
   * haegar: 136.243.3.21, 136.243.3.60, 2a01:4f8:211:1c94::2, 82.66.166.90
 ===== Netzwerkanbindung =====
@@ Line 62: / Line 63: @@
 ''vmbr4'' hat die Adresse ''212.12.48.126/24'' für SSH und Management-Webinterface von Proxmox.
-DIe VMs haben Adressen aus verschiedenen Netzen. Siehe [[https://netbox.ccchh.net/ipam/prefixes/?site_id=2|Netbox Prefixes IRZ42]]
+Die VMs haben Adressen aus verschiedenen Netzen. Siehe [[https://netbox.ccchh.net/ipam/prefixes/?site_id=2|Netbox Prefixes IRZ42]]
 ==== IPMI-iDRAC-Interface ====
@@ Line 72: / Line 73: @@
   * Hostname ''chaosknoten-ipmi.hamburg.ccc.de'' / 44.128.124.4
+==== Network Design ====
-==== IPv4 ====
+Currently only some traffic is going through the old router VM (turing) and other VMs are routed by Wieske.
+We intend to move over to a setup where all traffic is going through a new router VM ([[https://netbox.hamburg.ccc.de/virtualization/virtual-machines/77/|router.hamburg.ccc.de]]).
+There are requirements for 3 main networks:
+  * v4-NAT: VMs without public IPv4 address behind the public reverse proxy
+  * public: VMs with public IPv4 address
+  * VMs without public interface at all, e.g. CI runners
+Internal networks are all running on one linux bridge interface ''vmbr0'' using VLANs to separate them.
+See [[https://netbox.hamburg.ccc.de/ipam/vlans/?group_id=3|NetBox VLANs IRZ42]] for available VLAN IDs and [[https://netbox.hamburg.ccc.de/virtualization/interfaces/80/|NetBox router net0]] for those assigned to ''vmbr0''/''net0'' of the router VM.
+Internal IPv4 addresses shall use ''10.32.0.0/16'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/43/|NetBox-Link]]).
+Each VLAN shall use it's own ''/24''-network with the third byte matching the VLAN ID, if private IPs are needed.
+The router will have additional network interfaces for the uplink bridge devices ''vmbr3'' ([[https://netbox.hamburg.ccc.de/virtualization/interfaces/81/|net1]]) and ''vmbr4'' ([[https://netbox.hamburg.ccc.de/virtualization/interfaces/83/|net2]]) which match the physical interfaces.
+=== How to add VMs ===
+To add a new VM:
+  * Generate new public IPv6 and add to Netbox, e.g. in [[https://netbox.hamburg.ccc.de/ipam/prefixes/47/ip-addresses/|v4-NAT network]]
+  * Add records to DNS server
+    * AAAA record on ''$hostname.hosts.hamburg.ccc.de''
+    * A and AAAA records for ''$service.hamburg.ccc.de'' as needed, e.g. via public-reverse-proxy
+  * Create VM in Proxmox and note MAC address
+  * Add VM in [[https://netbox.hamburg.ccc.de/virtualization/virtual-machines/?cluster_id=2|NetBox]]
+    * Create interface in ''net0'' with the MAC address from Proxmox and the suitable VLAN
+    * Configure the chosen IPv6 address in cloud-init, IPv4 shall be DHCP
+  * Setup firewall in Proxmox as needed
+  * When in v4-NAT network: Re-deploy public-reverse-proxy
+==== Legacy IPv4 Networks ====
 === Public IPv4s ===
@@ Line 90: / Line 124: @@
   * ''172.31.17.0/25'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/16/|NetBox-Link]])
-==== IPv6 ====
+==== Legacy IPv6 Networks ====
-We have 2 IPv6-64-Prefixes, which map to corresponding IPv4-Prefixes/-Ranges.
+The new prefix for IPv6 connectivity is ''2a00:14b0:42:100::/56'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/46/|NetBox-Link]]).
+It is routed through our new router VM (which shall have ''2a00:14b0:4200:3500::130:2/112'') and the uplink router on ''2a00:14b0:4200:3500::130:1''.
+Please see the NetBox which sub-prefixes are used for what!
+Legacy: We have 2 IPv6-64-Prefixes, which map to corresponding IPv4-Prefixes/-Ranges.
 === 2a00:14b0:4200:3000::/64 ===
@@ Line 123: / Line 161: @@
 ===== Zugriff auf VMs =====
-SSH auf allen VMs läuft auf nicht-Standard-Ports, normalerweise 42666.
+SSH auf alten VMs läuft auf nicht-Standard-Ports, normalerweise 42666.
-Alle VMs, die eine RFC1918-Adresse haben, können über turing-router oder turing-main als Jumphost erreicht werden. Als Beispiel hier ein Snippet für ''.ssh/config''.
+VMs sollten per IPv6 direkt erreichbar sein.
+Falls Zugriff aus einem Netz ohne IPv6 erforderlich ist, kann die Router-VM als Jumphost verwendet werden.
+Alte VMs, die eine RFC1918-Adresse haben, können über turing-router oder turing-main als Jumphost erreicht werden. Als Beispiel hier ein Snippet für ''.ssh/config''.
 <code>
+Host ccchh-router
+    User chaos
+    Hostname router.hamburg.ccc.de
+Host *.host.hamburg.ccc.de
+    User chaos
+    ProxyJump ccchh-router
+## legacy
 Host ccchh-jumphost
     User chaos