Merge branch 'master' of code.ungleich.ch:ungleich-public/ungleich-graphviz
This commit is contained in:
commit
9c1ff59bbd
29 changed files with 761 additions and 42 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -2,3 +2,4 @@
|
|||
*.pdf
|
||||
*.svg
|
||||
*.jpg
|
||||
*.eps
|
||||
|
|
15
Makefile
15
Makefile
|
@ -1,13 +1,18 @@
|
|||
all:
|
||||
for dot in *.dot; do make $${dot%%.dot}.png; done
|
||||
for dot in *.dot; do make $${dot%%.dot}.pdf; done
|
||||
for dot in *.dot; do make $${dot%%.dot}.svg; done
|
||||
all: $(addsuffix .png, $(basename $(wildcard *.dot))) $(addsuffix .pdf, $(basename $(wildcard *.dot))) $(addsuffix .svg, $(basename $(wildcard *.dot)))
|
||||
|
||||
# all:
|
||||
# for dot in *.dot; do make $${dot%%.dot}.png; done
|
||||
# for dot in *.dot; do make $${dot%%.dot}.pdf; done
|
||||
# for dot in *.dot; do make $${dot%%.dot}.svg; done
|
||||
|
||||
clean:
|
||||
rm -f *.png *.pdf *.svg
|
||||
|
||||
%.png: %.dot
|
||||
dot -Tpng < $< > $@
|
||||
dot -Tpng -Gdpi=300 < $< > $@
|
||||
|
||||
%.eps: %.dot
|
||||
dot -Teps < $< > $@
|
||||
|
||||
%.jpg: %.dot
|
||||
dot -Tjpg < $< > $@
|
||||
|
|
17
active-active-firewall.dot
Normal file
17
active-active-firewall.dot
Normal file
|
@ -0,0 +1,17 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
upstream [ label="Upstream Router" ];
|
||||
upstreamswitch [ label="Upstream Switch" ];
|
||||
router1 [ label="Router1" ];
|
||||
router2 [ label="Router2" ];
|
||||
clients [ label="Clients" ];
|
||||
|
||||
upstreamswitch->{router1,router2} [ label="Receive packets from 'outside'" ]
|
||||
|
||||
{router1,router2}->upstream [ label="BGP peering" ]
|
||||
clients->{router1,router2} [ label="Connect to either router via 'virtual' IP address" ]
|
||||
|
||||
router1->router2 [ label="Exchange of session database" ]
|
||||
router2->router1 [ label="Exchange of session database" ]
|
||||
}
|
27
dev-cdn.dot
Normal file
27
dev-cdn.dot
Normal file
|
@ -0,0 +1,27 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
label="Development Environment CDN"
|
||||
|
||||
apu1 [ label="apu1\nRemote access" ]
|
||||
apu2 [ label="apu2\nRemote access (Backup)" ]
|
||||
cisco [ label="Nexus 3064 Switch" shape=doubleoctagon color="#40a9e3", style="filled" ]
|
||||
upstreamswitch [ label="Upstream Switch" shape=doubleoctagon ]
|
||||
upstreamrouter [ label="Upstream Router\nAS213081" ]
|
||||
servers [ label="Servers 1-10" color="#40a9e3", style="filled"]
|
||||
downstreamrouter [ label="Downstream Router\nAS399354" color="#40a9e3", style="filled" ]
|
||||
|
||||
apu1->cisco [ label="serial: ttyUSB0" ]
|
||||
apu1->cisco [ label="apu1: eth2\nNexus: ether13" ]
|
||||
apu2->cisco [ label="apu1: eth2\nNexus: ether14" ]
|
||||
apu1->upstreamswitch [ label="eth0\n2a0a:e5c0:1:f::a1/64\n147.78.195.3/29" ]
|
||||
apu2->upstreamswitch [ label="eth0\n2a0a:e5c0:1:f::a2/64\n147.78.195.4/29" ]
|
||||
cisco->upstreamswitch [ label="Nexus:\nether1" ]
|
||||
|
||||
upstreamrouter->upstreamswitch [ label="2a0a:e5c0:1:f::50/64\n147.78.195.1/29" ]
|
||||
downstreamrouter->cisco [ label="2a0a:e5c0:1:e::ffff/64\n147.78.195.5/29" ]
|
||||
servers->cisco [ label="Nexus:\nether3-12" ]
|
||||
|
||||
upstreamrouter->downstreamrouter [ label="BGP session\nfull table" ]
|
||||
downstreamrouter->upstreamrouter [ label="Announce (parts of)\n2606:2BC0::/32\n104.219.56.0/21" ]
|
||||
}
|
16
dns-easy.dot
Normal file
16
dns-easy.dot
Normal file
|
@ -0,0 +1,16 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
#rankdir=LR;
|
||||
|
||||
label="
|
||||
DNS lookups at ungleich.ch\n
|
||||
No systemd, no network manager, no resolvconf, no systemd-resolved."
|
||||
|
||||
start [ shape=Mdiamond ] ;
|
||||
resolvconf [ label="/etc/resolv.conf exists?" shape=oval ];
|
||||
lookup [ label="Do DNS lookup" shape=doubleoctagon ];
|
||||
|
||||
start->resolvconf
|
||||
resolvconf->lookup [ label="yes" ];
|
||||
|
||||
}
|
41
dynamic-ips.dot
Normal file
41
dynamic-ips.dot
Normal file
|
@ -0,0 +1,41 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
rankdir=LR;
|
||||
|
||||
label="ungleich Dynamic IP access"
|
||||
|
||||
client [ label="IPv6 client" ];
|
||||
vpnserver [ label="ungleich Server" ];
|
||||
|
||||
v6net [ label="IPv6 Internet" ];
|
||||
v4net [ label="IPv4 Internet" ];
|
||||
|
||||
v4ip1 [ label="IPv4 address #1\nProvider 1" ]
|
||||
v4ip2 [ label="IPv4 address #2\nProvider 2" ]
|
||||
v4ipn [ label="IPv4 address #n\nProvider x" ]
|
||||
|
||||
dnsserver [ label="ungleich DNS Server\nSource based DNS routing" ]
|
||||
|
||||
client->vpnserver [ label="Establishes VPN" ]
|
||||
vpnserver->client [ label="Routes 2001:db8::/48 IPv6 network" ]
|
||||
|
||||
vpnserver->{v4ip1, v4ip2, v4ipn} [ label="Outgoing connection" ]
|
||||
|
||||
client->v4ip1 [ label="Access IPv4 Internet\nvia
|
||||
2001:db8:0:1:0:1::/96" style=dashed ]
|
||||
client->v4ip2 [ label="Access IPv4 Internet\nvia
|
||||
2001:db8:0:1:0:2::/96" style=dashed ]
|
||||
client->v4ipn [ label="Access IPv4 Internet\nvia
|
||||
2001:db8:0:1:0:n::/96" style=dashed ]
|
||||
{v4ip1, v4ip2, v4ipn}->v4net [ label="Specific IPv4 Source" ]
|
||||
|
||||
client->v6net [ label="Source: 2001:db8:2::/64" style=dashed ]
|
||||
|
||||
client->dnsserver [ label="(Optional) Request AAAA address"
|
||||
style=dotted ]
|
||||
dnsserver->client [ label="Source address based answer"
|
||||
style=dotted ]
|
||||
|
||||
|
||||
|
||||
}
|
52
ipv4-as-a-service-mapping.dot
Normal file
52
ipv4-as-a-service-mapping.dot
Normal file
|
@ -0,0 +1,52 @@
|
|||
digraph G {
|
||||
node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled" ]
|
||||
label="IPv4 as a service\nby ungleich.ch"
|
||||
|
||||
# rankdir=LR
|
||||
|
||||
# subgraph cluster_v6_vm {
|
||||
# label="IPv6 only VM"
|
||||
# ipv6onlyvm [ label="IPv6 only VM" color="#ee1100" ]
|
||||
# }
|
||||
|
||||
subgraph cluster_client {
|
||||
label="Anywhere"
|
||||
|
||||
client [ label="Server, VM, Notebook, Desktop" color="#ee1100" ]
|
||||
# vm [ label="Virtual Machine" color="#ee1100" ]
|
||||
# server [ label="Server" color="#ee1100" ]
|
||||
# notebook [ label="Notebook" color="#ee1100" ]
|
||||
# desktop [ label="Desktop" color="#ee1100" ]
|
||||
}
|
||||
|
||||
subgraph cluster_internet {
|
||||
label="The Internet"
|
||||
|
||||
v4host [ label="IPv4 host\na.b.c.d" shape=oval ]
|
||||
v6host [ label="IPv6 host" shape=oval ]
|
||||
}
|
||||
|
||||
subgraph cluster_dcl {
|
||||
label="Data Center Light in Switzerland"
|
||||
|
||||
vpnserver [ label="VPN Server" ]
|
||||
nat64 [ label="NAT64 translator" ]
|
||||
}
|
||||
|
||||
# {vm,server,notebook,desktop}->vpnserver [ label="Connect to VPN" ]
|
||||
# vpnserver->{vm,server,notebook,desktop} [ label="Route static /48 IPv6 Network\n2001:db8:42::/48" ]
|
||||
# nat64->{vm,server,notebook,desktop} [ label="Maps 192.0.2.1\nto 2001:db8:42:b00::192.0.2.1/96" ]
|
||||
# v6host->{vm,server,notebook,desktop} [ label="Native access to 2001:db8:42::/48" ]
|
||||
|
||||
client->vpnserver [ label="Connect to VPN" ]
|
||||
vpnserver->client [ label="Route static /48 IPv6 Network\n2001:db8:42::/48" ]
|
||||
nat64->client [ label="Maps 192.0.2.1\nto 2001:db8:42:b00::192.0.2.1/96" ]
|
||||
|
||||
v4host->nat64 [ label="Accesses 192.0.2.1" ]
|
||||
v4host->client [ label="Accesses 192.0.2.1" style=dashed ]
|
||||
v6host->client [ label="Native access to 2001:db8:42::/48" ]
|
||||
|
||||
client->v4host [ label="Access any IPv4 host" style=dashed ]
|
||||
client->nat64 [ label="Access any IPv4 host\nvia 2001:db:c001::a.b.c.d/96" ]
|
||||
|
||||
}
|
15
ipv4-as-a-service-simple.dot
Normal file
15
ipv4-as-a-service-simple.dot
Normal file
|
@ -0,0 +1,15 @@
|
|||
graph G {
|
||||
node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled" ]
|
||||
label="IPv4 as a service\n(simplified)\nby ungleich.ch"
|
||||
|
||||
concentrate=true
|
||||
|
||||
client [ label="Notebook, Desktop,\nServer, IoT device" color="#ee1100" ]
|
||||
|
||||
ipv4internet [ label="IPv4 Internet" shape=oval ]
|
||||
ipv6internet [ label="IPv6 Internet" shape=oval ]
|
||||
|
||||
ipv6internet--client [ label="Access via VPN" ]
|
||||
|
||||
ipv4internet--client [ label="Access via NAT64 translator" ]
|
||||
}
|
|
@ -1,44 +1,60 @@
|
|||
digraph G {
|
||||
node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled" ]
|
||||
label="IPv4 as a service\nby ungleich"
|
||||
label="IPv4 as a service\nby ungleich.ch"
|
||||
|
||||
subgraph cluster_v6_vm {
|
||||
label="IPv6 only VM"
|
||||
ipv6onlyvm [ label="IPv6 only VM" color="#ee1100" ]
|
||||
}
|
||||
# rankdir=LR
|
||||
|
||||
subgraph cluster_roadwarrior {
|
||||
label="Roadwarrior"
|
||||
#
|
||||
|
||||
notebook [ label="Notebook" color="#ee1100" ]
|
||||
desktop [ label="Desktop" color="#ee1100" ]
|
||||
}
|
||||
# Merge double edges into single one
|
||||
# concentrate=true
|
||||
|
||||
subgraph cluster_roadwarrior {
|
||||
label="Roadwarrior"
|
||||
# allow edges to subgraphs
|
||||
# compound=true
|
||||
|
||||
notebook [ label="Notebook" color="#ee1100" ]
|
||||
}
|
||||
# subgraph cluster_endpoints {
|
||||
# label="IPv6 and IPv4 reachable hosts"
|
||||
|
||||
subgraph cluster_internet {
|
||||
label="The Internet"
|
||||
client [ label="Notebook, Desktop,\nServer, IoT device" color="#ee1100" ]
|
||||
// notebook [ label="Notebook" color="#ee1100" ]
|
||||
// desktop [ label="Desktop" color="#ee1100" ]
|
||||
// ipv6onlyvm [ label="IPv6 only VM" color="#ee1100" ]
|
||||
# }
|
||||
|
||||
// subgraph cluster_roadwarrior {
|
||||
// label="Roadwarrior"
|
||||
|
||||
// notebook [ label="Notebook" color="#ee1100" ]
|
||||
// }
|
||||
|
||||
# subgraph cluster_internet {
|
||||
# label="The Internet"
|
||||
|
||||
ipv4internet [ label="IPv4 Internet" shape=oval ]
|
||||
ipv6internet [ label="IPv6 Internet" shape=oval ]
|
||||
}
|
||||
# }
|
||||
|
||||
subgraph cluster_dcl {
|
||||
label="Data Center Light in Switzerland"
|
||||
|
||||
vpnserver [ label="VPN Server in\nData Center Light" ]
|
||||
|
||||
vpnserver [ label="VPN Server" ]
|
||||
nat64t [ label="NAT64 translator (inbound)" ]
|
||||
nat64tout [ label="NAT64 translator (outbound)" ]
|
||||
}
|
||||
|
||||
ipv6onlyvm->ipv6internet [ label="Connect via IPv6" ]
|
||||
{desktop,notebook}->{ipv4internet,ipv6internet} [ label="Connect either way" ]
|
||||
{ipv4internet,ipv6internet}->vpnserver [ label="Connect to VPN" ]
|
||||
ipv4internet->client [ label="Access via NAT64 translator" style=dashed ]
|
||||
ipv4internet->nat64t [ label="Access via IPv4" ]
|
||||
|
||||
vpnserver->{ipv6onlyvm, desktop, notebook} [ label="Route IPv4 address via VPN" ]
|
||||
ipv6internet->client [ label="Access via IPv6" style=dashed ]
|
||||
ipv6internet->vpnserver [ label="Access via VPN server" ]
|
||||
|
||||
client->ipv4internet [ label="Access IPv4 Internet\nvia 2a0a:e5c0:1e:c001::a.b.c.d/96" style=dashed ]
|
||||
client->nat64tout [ label="IPv4 via IPv6 access" ]
|
||||
nat64tout->ipv4internet [ label="Translate mapped IPv4 to native IPv4" ]
|
||||
client->vpnserver [ label="Connects to" ]
|
||||
|
||||
nat64t->vpnserver [ label="Translate IPv4 traffic to IPv6" ]
|
||||
|
||||
vpnserver->client [ label="Route IPv6 network" ]
|
||||
|
||||
}
|
||||
|
|
18
ipv4-ipv6-nat-asymmetric.dot
Normal file
18
ipv4-ipv6-nat-asymmetric.dot
Normal file
|
@ -0,0 +1,18 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
rankdir=LR;
|
||||
|
||||
|
||||
label="Asymmetry in mapping IPv6 <-> IPv4"
|
||||
|
||||
v4hosts [ label="IPv4 only network\n192.0.2.0/24" ]
|
||||
v4internet [ label="IPv4 Internet\n0.0.0.0/0" ]
|
||||
# nat64 [ label="NAT64 translator" ]
|
||||
v6internet [ label="IPv6 Internet\n::/0" ]
|
||||
|
||||
v6lan [ label="IPv6 only network\n2001:db8::/64 " ]
|
||||
v6lan->v4internet [ label="Mapped as 64:ff9b::/96" ]
|
||||
|
||||
v4hosts->v6internet [ label="No 1:1 mapping possible" style=dashed ]
|
||||
|
||||
}
|
14
ipv4-nat.dot
Normal file
14
ipv4-nat.dot
Normal file
|
@ -0,0 +1,14 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
label="Standard IPv4 NAT"
|
||||
|
||||
v4lan [ label="IPv4 LAN\n192.168.x.y/24" ]
|
||||
router [ label="Router/Firewall\nPublic IP address" ]
|
||||
v4internet [ label="IPv4 Internet\n0.0.0.0/0" ]
|
||||
|
||||
v4lan->v4internet [ label="Connects via NAT" style=dashed ]
|
||||
v4lan->router [ label="Connects via default route" ]
|
||||
router->v4internet [ label="Masquerades 192.168.x.y\nto public IP address" ]
|
||||
|
||||
}
|
13
ipv4-only-island-ipv6-reachable.dot
Normal file
13
ipv4-only-island-ipv6-reachable.dot
Normal file
|
@ -0,0 +1,13 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
label="Enabling IPv4 islands with stateful NAT64"
|
||||
|
||||
v4island [ label="IPv4 only network\n192.0.2.0/24" ]
|
||||
nat64 [ label="NAT64 translator" ]
|
||||
v6internet [ label="IPv6 Internet\n::/0" ]
|
||||
|
||||
v6internet->v4island [ label="Allow access\nfrom the IPv6 Internet" style=dashed ]
|
||||
v6internet->nat64 [ label="Connects to\n2001:db8:cafe::/120" ]
|
||||
nat64->v4island [ label="Translates 2001:db8:cafe::/120 to\n192.0.2.0/24\nSquashes ::/0 to 192.0.2.1" ]
|
||||
}
|
32
ipv4-over-ipv6-static-tunnel.dot
Normal file
32
ipv4-over-ipv6-static-tunnel.dot
Normal file
|
@ -0,0 +1,32 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
label="ungleich IPv4-over-IPv6-Tunnels"
|
||||
|
||||
subgraph cluster_remote {
|
||||
label="Local site accessing remote"
|
||||
vpnbox2 [ label="ungleich VPN box\nWith Firewall" ]
|
||||
clients2 [ label="IPv4 Client device" ];
|
||||
clients3 [ label="IPv6 Client device" ];
|
||||
}
|
||||
|
||||
|
||||
subgraph cluster_site {
|
||||
label="Remote site with devices"
|
||||
vpnbox [ label="ungleich VPN box\nWith Firewall" ]
|
||||
clients [ label="Client devices\nin private IPv4 network\nf.i. 10.0.0.0/8" ];
|
||||
}
|
||||
vpnbox->clients [ label="IPv6 connectivity" ]
|
||||
|
||||
clients2->clients [ label="Access 10.0.0.1 via 2001:db8::10.0.0.1"
|
||||
style=dashed ]
|
||||
clients2->vpnbox2 [ label="1. Access 10.0.0.1:\nlocal vpnbox translates to 2001:db8::10.0.0.1" ]
|
||||
clients3->clients [ label="Directly access 10.0.0.1 as 2001:db8::10.0.0.1"
|
||||
style=dashed ]
|
||||
clients3->vpnbox2
|
||||
|
||||
vpnbox2->vpnbox [ label="2. Sends packet to 2001:db8::10.0.0.1" ]
|
||||
vpnbox->clients [ label="3. Translates 2001:db8::10.0.0.1\nto 10.0.0.1" ]
|
||||
|
||||
|
||||
}
|
13
ipv4-via-ipv6-nat64-siit.dot
Normal file
13
ipv4-via-ipv6-nat64-siit.dot
Normal file
|
@ -0,0 +1,13 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
label="IPv4 via IPv6 (NAT64/SIIT) by ungleich.ch pu"
|
||||
|
||||
v4island [ label="IPv4 only network\n192.0.2.0/24" ]
|
||||
nat64 [ label="NAT64 translator" ]
|
||||
v6internet [ label="IPv6 Internet\n::/0" ]
|
||||
|
||||
v6internet->v4island [ label="Allow access\nfrom the IPv6 Internet" style=dashed ]
|
||||
v6internet->nat64 [ label="Connects to\n2001:db8:cafe::/120" ]
|
||||
nat64->v4island [ label="Translates 2001:db8:cafe::/120 to\n192.0.2.0/24\nSquashes ::/0 to 192.0.2.1" ]
|
||||
}
|
52
ipv6-dr.dot
Normal file
52
ipv6-dr.dot
Normal file
|
@ -0,0 +1,52 @@
|
|||
digraph G {
|
||||
node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled" ]
|
||||
|
||||
# rankdir="LR"
|
||||
|
||||
ipv6internet [ label="The IPv6 Internet" shape=oval ];
|
||||
ipv4internet [ label="The IPv4 Internet" shape=oval ];
|
||||
ipv6vpn [ label="IPv6VPN.ch\nIPv6 via wireguard" shape=oval ];
|
||||
|
||||
subgraph cluster_regular {
|
||||
label="Non-enhanced mobile connection (DR)"
|
||||
|
||||
subgraph cluster_onedev {
|
||||
label="One end device"
|
||||
mobile1 [ label="Mobile device" ]
|
||||
}
|
||||
|
||||
subgraph cluster_multidev {
|
||||
label="Multiple end devices"
|
||||
router2 [ label="Router w/ mobile uplink" ];
|
||||
dev1 [ label="Desktop" ];
|
||||
dev2 [ label="NAS" ];
|
||||
dev3 [ label="Printer" ];
|
||||
}
|
||||
}
|
||||
|
||||
subgraph cluster_enhanced {
|
||||
label="Enhanced mobile connection (DR+ungleich)"
|
||||
|
||||
subgraph cluster_onedev_enhanced {
|
||||
label="One end device"
|
||||
mobile1plus [ label="Mobile device" ]
|
||||
}
|
||||
subgraph cluster_multidev_enhanced {
|
||||
label="Multiple end devices"
|
||||
router2plus [ label="Router w/ mobile uplink" ];
|
||||
dev1plus [ label="Desktop" ];
|
||||
dev2plus [ label="NAS" ];
|
||||
dev3plus [ label="Printer" ];
|
||||
}
|
||||
}
|
||||
|
||||
{router2,mobile1,router2plus,mobile1plus}->ipv4internet [ label="Outgoing connections work" ]
|
||||
{router2,mobile1}->ipv6internet [ shape=dashed label="Inaccessible" ]
|
||||
{router2plus,mobile1plus}->ipv6vpn [ shape=dashed label="Establish IPv6 connection" ]
|
||||
{dev1,dev2,dev3}->router2 [ label="Connect via router" ]
|
||||
|
||||
ipv4internet->mobile1 [ label="Incoming connections don't work" ]
|
||||
ipv6vpn->ipv6internet [ label="Access the IPv6 Internet" ]
|
||||
ipv6internet->{router2plus,mobile1plus,dev2plus,dev3plus,dev1plus} [ label="Access via IPv6" ]
|
||||
|
||||
}
|
80
ipv6-eye.dot
Normal file
80
ipv6-eye.dot
Normal file
|
@ -0,0 +1,80 @@
|
|||
graph G {
|
||||
node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled" ]
|
||||
|
||||
label="The IPv6 eye"
|
||||
|
||||
subgraph cluster_sample {
|
||||
wired [ label="Wired Internet" ]
|
||||
wifi [ label="WiFi Internet" ]
|
||||
modem0 [ label="4G Internet" ]
|
||||
ipv6vpn [ label="IPv6VPN.ch" shape=oval ]
|
||||
|
||||
label="Any eye"
|
||||
|
||||
eye0 [ label="Eye Base" ]
|
||||
|
||||
}
|
||||
|
||||
subgraph cluster_regular {
|
||||
label="The eye"
|
||||
|
||||
eye1 [ label="Eye Base" ]
|
||||
cam1 [ label="USB Camera" ]
|
||||
eye1--cam1
|
||||
|
||||
}
|
||||
|
||||
eye0--{wifi,wired,modem0} [ style=dotted ]
|
||||
{wired,wifi,modem0}--ipv6vpn [ style=dotted ]
|
||||
|
||||
|
||||
subgraph cluster_auto {
|
||||
label="The autonomous eye"
|
||||
|
||||
eye2 [ label="Eye Base" ]
|
||||
usb2 [ label="USB Hub" ]
|
||||
cam2 [ label="USB Camera" ]
|
||||
modem2 [ label="4G modem" ]
|
||||
bat2 [ label="Battery" ]
|
||||
|
||||
eye2--usb2
|
||||
usb2--cam2
|
||||
usb2--modem2
|
||||
bat2--eye2
|
||||
}
|
||||
|
||||
subgraph cluster_fully_auto {
|
||||
label="The fully autonomous eye"
|
||||
|
||||
eye3 [ label="Eye Base" ]
|
||||
usb3 [ label="USB Hub" ]
|
||||
cam3 [ label="USB Camera" ]
|
||||
modem3 [ label="4G modem" ]
|
||||
bat3 [ label="Battery" ]
|
||||
solar3 [ label="Solar Panel" ]
|
||||
|
||||
eye3--usb3
|
||||
usb3--cam3
|
||||
usb3--modem3
|
||||
solar3--bat3
|
||||
bat3--eye3
|
||||
}
|
||||
|
||||
|
||||
|
||||
subgraph cluster_car {
|
||||
label="The car eye"
|
||||
|
||||
eye4 [ label="Eye Base" ]
|
||||
usb4 [ label="USB Hub" ]
|
||||
cam4 [ label="USB Camera" ]
|
||||
modem4 [ label="4G modem" ]
|
||||
carusb4 [ label="Car USB Charger" ]
|
||||
|
||||
eye4--usb4
|
||||
usb4--cam4
|
||||
usb4--modem4
|
||||
carusb4--eye4
|
||||
}
|
||||
|
||||
}
|
13
ipv6-ipv4-stateful-mapping.dot
Normal file
13
ipv6-ipv4-stateful-mapping.dot
Normal file
|
@ -0,0 +1,13 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
label="Stateful NAT64 for masquarading IPv6 networks"
|
||||
|
||||
v6net [ label="IPv6 Network\n2001:db8:0:0::/64\n(64 bit)" ]
|
||||
v4net [ label="IPv4 Internet\n0.0.0.0/0\n(32 bit)" ]
|
||||
nat64 [ label="NAT64 translator" ]
|
||||
|
||||
v6net->v4net [ label="Allow access\nfrom an IPv6 network" style=dashed ]
|
||||
v6net->nat64 [ label="Connects to\n2001:db8:0:0:c001::/96\n(32 bit)" ]
|
||||
nat64->v4net [ label="Squashes 2001:db8::/64 to 192.0.2.1" ]
|
||||
}
|
16
ipv6-ipv4-stateless-mapping.dot
Normal file
16
ipv6-ipv4-stateless-mapping.dot
Normal file
|
@ -0,0 +1,16 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
rankdir=LR;
|
||||
|
||||
v6lan [ label="IPv6 only hosts\n2001:db8::/120 " ]
|
||||
v4hosts [ label="IPv4 addresses\n192.0.2.0/24" ]
|
||||
v6lan->v4hosts [ label="Map 8 bits of IPv6 to IPv4" ]
|
||||
v4hosts->v6lan [ label="Map 8 bits of IPv4 to IPv6" ]
|
||||
|
||||
v6lan1 [ label="2001:db8::1 " ]
|
||||
v4hosts1 [ label="192.0.2.1" ]
|
||||
v6lan1->v4hosts1 [ label="Map IPv6 address to IPv4" ]
|
||||
v4hosts1->v6lan1 [ label="Map IPv4 address to IPv6" ]
|
||||
|
||||
label="Stateless NAT64 (SIIT)"
|
||||
}
|
36
ipv6-naming-with-proxy.dot
Normal file
36
ipv6-naming-with-proxy.dot
Normal file
|
@ -0,0 +1,36 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
# rankdir=LR;
|
||||
|
||||
label="Hostnames for IPv6 only hosts"
|
||||
|
||||
serverv6 [ label="Server (IPv6 only)" ];
|
||||
proxy [ label="Proxy (IPv4+IPv6)" ];
|
||||
|
||||
http [ label="HTTP(s) for\nwww.example.com" ]
|
||||
dns [ label="DNS for www.example.com" ]
|
||||
|
||||
dnsv6 [ label="v6.example.com" ]
|
||||
dnsv6->serverv6 [ label="Only AAAA entry configured" ]
|
||||
|
||||
clientv4 [ label="IPv4 client" ];
|
||||
clientv6 [ label="IPv6 client" ];
|
||||
clientdual [ label="Dual Stack client" ];
|
||||
|
||||
dns->proxy [ label="A entry points to proxy" style=dashed ]
|
||||
dns->serverv6 [ label="AAAA entry points to the server" style=dashed ]
|
||||
|
||||
{clientv4,clientv6,clientdual}->dns [ label="1. perform a DNS lookup" ]
|
||||
|
||||
clientdual->{proxy,serverv6} [ label="2. Accesses either way" style=dashed ]
|
||||
|
||||
clientv4->proxy [ label="2. Accesses server via proxy" ]
|
||||
clientv6->serverv6 [ label="2. Accesses server directly" ]
|
||||
|
||||
proxy->serverv6 [ label="Forwards HTTP/HTTPS requests" ]
|
||||
serverv6->http [ label="Serves content for" ]
|
||||
|
||||
{clientv6,clientdual}->serverv6 [ label="3. Access via\nv6.example.com\nAlways directly" ]
|
||||
|
||||
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
rankdir=TB!;
|
||||
rankdir=TB;
|
||||
|
||||
label="IPv4-to-IPv6 proxy by ungleich.ch"
|
||||
|
||||
|
|
62
ipv6-viwib.dot
Normal file
62
ipv6-viwib.dot
Normal file
|
@ -0,0 +1,62 @@
|
|||
digraph G {
|
||||
node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled" ]
|
||||
|
||||
label="The VIWVIB in action"
|
||||
node [ shape=box ]
|
||||
|
||||
rankdir=LR
|
||||
|
||||
|
||||
ipv6internet [ label="The IPv6 Internet" shape=oval ]
|
||||
ipv4internet [ label="The IPv4 Internet" shape=oval ]
|
||||
ipv6vpn [ label="IPv6VPN.ch\nIPv6 via wireguard" shape=oval ]
|
||||
|
||||
lan [ label="Your regular LAN" shape=oval ];
|
||||
lan_v6 [ label="IPv6 only lan" shape=oval ]
|
||||
|
||||
lanclients [ label="Clients in the lan" ]
|
||||
lan_v6_clients [ label="IPv6 only clients" ]
|
||||
|
||||
wificlients [ label="WiFi clients" ]
|
||||
wifi [ label="IPv6 only wifi\n'IPv6 everywhere'" shape=oval ]
|
||||
|
||||
|
||||
subgraph cluster_viwib {
|
||||
viwib [ label="The VIWIB" color="#ee1100" ];
|
||||
viwib_lan [ label="LAN Port" color="#ee1100" ];
|
||||
viwib_wan [ label="WAN Port" color="#ee1100" ];
|
||||
viwib_wifi [ label="WiFi" color="#ee1100" ];
|
||||
|
||||
viwib->{viwib_lan,viwib_wan,viwib_wifi};
|
||||
}
|
||||
|
||||
viwib_wan->ipv4internet [ label="Connects to" ]
|
||||
ipv4internet->ipv6vpn [ label="Connected to" ]
|
||||
|
||||
viwib_lan->lan_v6 [ label="Creating IPv6 only LAN" style=dashed ]
|
||||
viwib_lan->lan [ label="Enabling existing LAN with IPv6" style=dashed ]
|
||||
|
||||
lan_v6_clients->lan_v6 [ label="Assign themselves IPv6" ]
|
||||
lanclients->lan [ label="Assign themselves IPv6" ]
|
||||
|
||||
{lan_v6,wifi}->ipv4internet [ label="via DNS64/NAT64" style=dashed ]
|
||||
{lan_v6,wifi}->ipv6internet [ label="Direct access" ]
|
||||
|
||||
ipv6vpn->viwib [ label="Gets /48 IPv6 network via VPN" ]
|
||||
|
||||
|
||||
viwib_wifi->wifi [ label="Provides IPv6 only WiFi" ]
|
||||
wificlients->wifi [ label="Assign IPv6 address themselves" ]
|
||||
wifi->ipv6internet [ label="Connect to" ]
|
||||
|
||||
|
||||
ipv6vpn->ipv6internet [ label="Is connected to" ]
|
||||
|
||||
// ipv6internet->{wificlients,lanclients} [
|
||||
// label="SSH, HTTP, HTTPS\nports are open" ]
|
||||
}
|
||||
|
||||
|
||||
|
||||
# viwib_wan->lan [ label="1. Gets IPv4 via cable" ]
|
||||
# viwib->ipv6vpn [ label="Connect the VPN to IPv6VPN.ch" ]
|
32
nicos-ipv6-vpn-routing-issue.dot
Normal file
32
nicos-ipv6-vpn-routing-issue.dot
Normal file
|
@ -0,0 +1,32 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
label="Why IPv6 upstream on test devices does not work
|
||||
ICMP works as it's on 1 reply
|
||||
SSH does not work
|
||||
Testdev only receives first syn, not 2nd ack packet
|
||||
Notebook receives duplicated syn-ack packets from testdev
|
||||
Likely problem: router does not see return packet and drops the packet, no session entry?
|
||||
It's an outgoing packet, so this should not be a problem
|
||||
Router seems only to send first syn packet from the client
|
||||
VERIFIED by disabling ip6tables / flushing rules"
|
||||
|
||||
notebook [ label="Notebook: 2a0a:e5c0:13::a/64" ]
|
||||
router [ label="Router: 2a0a:e5c0:13::42/64" ]
|
||||
testdev [ label="Testdev: 2a0a:e5c0:13::zz/64" ]
|
||||
|
||||
vpnserver [ label="VPN server" ]
|
||||
|
||||
vpnserver->testdev [ label="Route for 2a0a:e5c1:VPN::/48" ]
|
||||
|
||||
notebook->router [ label="1. Connect to 2a0a:e5c1:VPN::42\nWith MAC
|
||||
of router" ]
|
||||
router->vpnserver [ label="2. Forwarding packing for Testdev to
|
||||
router" ]
|
||||
vpnserver->testdev [ label="3. Forwarding packing for Testdev via
|
||||
VPN" ]
|
||||
testdev->notebook [ label="4. Reply directly to notebook\n
|
||||
testdev has same local network as notebook
|
||||
Using a different mac address than the router has" ]
|
||||
|
||||
|
||||
}
|
|
@ -6,7 +6,6 @@ digraph G {
|
|||
|
||||
nico [ label="Nico Schottelius (CH, VR, GL)" ];
|
||||
sanghee [ label="Sanghee Kim (CH)" ];
|
||||
balazs [ label="Balazs Unyi (CH)" ]
|
||||
timothee [ label="Timothee Floure (CH)" ]
|
||||
dominique [ label="Dominique Roux (CH)" ]
|
||||
samuel [ label="Samuel Hailu (CH)" ]
|
||||
|
@ -15,7 +14,6 @@ digraph G {
|
|||
mondi [ label="Mondi Ravi (IN)" ]
|
||||
jinguk [ label="Jinguk Kwon (KR)" ]
|
||||
jason [ label="Jason Kim (KR)" ]
|
||||
youngrong [ label="Young-Rong Park (KR)" ]
|
||||
youngjin [ label="Young-Jin Han (KR)" ]
|
||||
jerry [ label="Jerry Padavath (CH, VR)" ]
|
||||
|
||||
|
@ -29,11 +27,11 @@ digraph G {
|
|||
|
||||
subgraph cluster_ch {
|
||||
label="Schweiz"
|
||||
nico->{sanghee, balazs, timothee, marc, dominique, samuel};
|
||||
nico->{sanghee, timothee, marc, dominique, samuel};
|
||||
}
|
||||
subgraph cluster_international {
|
||||
label="International"
|
||||
nico->{ahmed, mondi, jinguk,jason,youngrong,youngjin}
|
||||
nico->{ahmed, mondi, jinguk,jason,youngjin}
|
||||
}
|
||||
|
||||
|
||||
|
|
20
routing-multirouter-stateful-bad.dot
Normal file
20
routing-multirouter-stateful-bad.dot
Normal file
|
@ -0,0 +1,20 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
upstreamrouter1 [ label="Upstream Router 1\nStateless routing" ];
|
||||
upstreamrouter2 [ label="Upstream Router 2\nStateless routing" ];
|
||||
|
||||
router1 [ label="Internal Router 1\nStateful routing" ];
|
||||
router2 [ label="Internal Router 2\nStateful routing" ];
|
||||
|
||||
servers [ label="Servers" ]
|
||||
internet [ label="Internet" shape=oval ]
|
||||
|
||||
servers->router1 [ label="Use as default router" ]
|
||||
router1->{upstreamrouter1,upstreamrouter2} [ label="Forward packet" ]
|
||||
{upstreamrouter1,upstreamrouter2}->internet [ label="Forward packet" ]
|
||||
internet->{upstreamrouter1,upstreamrouter2} [ label="Send answers" ]
|
||||
{upstreamrouter1,upstreamrouter2}->router2 [ label="Return anwers from the Internet" ]
|
||||
router2->servers [ label="Drop the answer, no state entry" ]
|
||||
|
||||
}
|
19
routing-multirouter-stateful-good.dot
Normal file
19
routing-multirouter-stateful-good.dot
Normal file
|
@ -0,0 +1,19 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
|
||||
upstreamrouter1 [ label="Upstream Router 1\nStateless routing" ];
|
||||
upstreamrouter2 [ label="Upstream Router 2\nStateless routing" ];
|
||||
|
||||
router1 [ label="Internal Router 1\nStateful routing" ];
|
||||
|
||||
servers [ label="Servers" ]
|
||||
internet [ label="Internet" shape=oval ]
|
||||
|
||||
servers->router1 [ label="Use as default router" ]
|
||||
router1->{upstreamrouter1,upstreamrouter2} [ label="Forward packet" ]
|
||||
{upstreamrouter1,upstreamrouter2}->internet [ label="Forward packet" ]
|
||||
internet->{upstreamrouter1,upstreamrouter2} [ label="Send answer" ]
|
||||
{upstreamrouter1,upstreamrouter2}->router1 [ label="Return anwers from the Internet" ]
|
||||
router1->servers [ label="Forward the answer" ]
|
||||
|
||||
}
|
21
routing-multirouter-stateful.dot
Normal file
21
routing-multirouter-stateful.dot
Normal file
|
@ -0,0 +1,21 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
# rankdir=LR;
|
||||
|
||||
upstreamrouter1 [ label="Upstream Router 1\nStateless routing" ];
|
||||
upstreamrouter2 [ label="Upstream Router 2\nStateless routing" ];
|
||||
|
||||
router1 [ label="Internal Router 1\nStateful routing" ];
|
||||
router2 [ label="Internal Router 2\nStateful routing" ];
|
||||
|
||||
servers [ label="Servers" ]
|
||||
internet [ label="Internet" shape=oval ]
|
||||
|
||||
servers->{router1,router2} [ label="Use as default router\nSend packets via either" ]
|
||||
{router1,router2}->{upstreamrouter1,upstreamrouter2} [ label="Announce 2001:db8::/64\n via BGP\nUse as default router" ]
|
||||
{upstreamrouter1,upstreamrouter2}->internet [ label="Forward packets" ]
|
||||
internet->{upstreamrouter1,upstreamrouter2} [ label="Send answers" ]
|
||||
{upstreamrouter1,upstreamrouter2}->{router1,router2} [ label="Return anwers from the Internet" ]
|
||||
{router1,router2}->servers [ label="Forward the answer" ]
|
||||
|
||||
}
|
|
@ -327,4 +327,8 @@ graph G {
|
|||
redp7--saltlte;
|
||||
server1p11--mythicbeasts [ label="Default Route" ];
|
||||
|
||||
|
||||
# BGP / routing / logic networking
|
||||
|
||||
|
||||
}
|
||||
|
|
65
ungleich-network.dot
Normal file
65
ungleich-network.dot
Normal file
|
@ -0,0 +1,65 @@
|
|||
digraph G {
|
||||
node [ shape=rect ];
|
||||
|
||||
label="Data Center Light networking/routing (2021-04-11)"
|
||||
|
||||
{router1p5,router2p5}->sunrise;
|
||||
|
||||
sunrise->igp [ label="Add sunrise on-link routes" ]
|
||||
netstream->igp [ label="Add netstream on-link routes" ]
|
||||
vpnserver->routers [ label="eBGP: Announce /40's (reprop)" ]
|
||||
|
||||
apurouters->routers [ label="Announce (internal) /64's" ]
|
||||
apurouters->igp [ label="Announce internal on-link routes (these
|
||||
are /64's" ]
|
||||
|
||||
k8s->apurouters [ label="Announce /122, /128 routes (iBGP/eBGP)" ]
|
||||
|
||||
something->switches [ label="Re-Announce k8s routes for ECMP" ]
|
||||
|
||||
# Questions:
|
||||
# Do VPN servers import routes? Probably not, can use default route
|
||||
# Do APU routers import routes? Yes from k8s
|
||||
# Do APU routers import routes from routers? Maybe.
|
||||
# Maybe not: can have default route to routers
|
||||
# Maybe yes: to learn k8s routes
|
||||
# Will announce k8s routes via eBGP, nexthop reset. not what we want
|
||||
|
||||
# Can we use iBGP + separate table instead of ospf/babel?
|
||||
|
||||
######################################################################
|
||||
# Switch interaction
|
||||
# Either OSPF or BGP
|
||||
#
|
||||
# Primary objective: ecmp routes for k8s nodes / pods
|
||||
# Secondary objective (maybe) routing for the switch
|
||||
#
|
||||
# BGP: f.i. connecting to a route reflector; or routes come in via
|
||||
# eBGP
|
||||
# BGP / maybe RR seems a bit more native
|
||||
# OSPF: MTU mismatch showing, automatic join, only internal routes
|
||||
|
||||
######################################################################
|
||||
#
|
||||
#
|
||||
|
||||
|
||||
######################################################################
|
||||
# k8s
|
||||
# k8s systems could in theory peer with switches -> security
|
||||
# design not so eay
|
||||
#
|
||||
# k8s systems could peer with routers (multihop, iBGP)
|
||||
#
|
||||
# k8s systems could peer with apu-routers (direct, iBGP)
|
||||
# apu-routers would need to become route-reflector towards routers
|
||||
#
|
||||
# k8s systems could peer with apu-routers (direct, eBGP)
|
||||
#
|
||||
# routers can re-export to APUs as route reflectors
|
||||
|
||||
# How do the routers reach k8s system? Need route from apu routers
|
||||
# probably via igb
|
||||
|
||||
|
||||
}
|
21
v6onlyvm-vs-dualstackvm-dns64-nat64.dot
Normal file
21
v6onlyvm-vs-dualstackvm-dns64-nat64.dot
Normal file
|
@ -0,0 +1,21 @@
|
|||
digraph G {
|
||||
node [ shape=box ]
|
||||
# rankdir=LR;
|
||||
|
||||
v6only [ label="IPv6 only VM\nIPv6 network (A)" ];
|
||||
dualvm [ label="Dual Stack VM\nIPv6 network (B)" ];
|
||||
dnsserver [ label="DNS server" ]
|
||||
nat64 [ label="NAT64 translator" ]
|
||||
v4onlysite [ label="IPv4 destination" ]
|
||||
|
||||
v6only->dnsserver [ label="A1. Request AAAA entry for IPv4 only site" ]
|
||||
dnsserver->v6only [ label="A2. Returns fake AAAA entry for IPv4 only site" ]
|
||||
|
||||
v6only->nat64 [ label="A3. Send request via IPv6" ]
|
||||
nat64->v4onlysite [ label="A4. Translate and send request via IPv4" ]
|
||||
|
||||
dualvm->dnsserver [ label="B1. Request A entry for IPv4 only site" ]
|
||||
dnsserver->dualvm [ label="B2. Returns fake A entry for IPv4 only site" ]
|
||||
dualvm->v4onlysite [ label="B3. Connect via IPv4" ]
|
||||
|
||||
}
|
Loading…
Reference in a new issue