Skip to content

Commit

Permalink
more ip addr management
Browse files Browse the repository at this point in the history
  • Loading branch information
@ifd3f
ifd3f committed Mar 23, 2024
1 parent 1af5453 commit effd074
Showing 1 changed file with 35 additions and 23 deletions.
58 changes: 35 additions & 23 deletions docs/ipam.sexp
View file
Original file line number Diff line number Diff line change
@@ -1,50 +1,59 @@
(net ULA fc00::/7
(net CA7DC fd:ca7:ca7::/48
(net ULA-V6 fc00::/7
(net CA7DC fca7:b01:f00d::/48
(description "IPs for the primary datacenter")

(net CA7DC-PROD fd:ca7:ca7::/49
(description "service running space")
(net CA7DC-DEVVM fca7:b01:f00d:de7::/64
(description "Developer VMs")
(attr trust-level TRUSTED)
(attr vlan 50)
(attr vlan 300)
)

(net CA7DC-K8S fd:ca7:ca7:1000::/56
(description "k8s host space")
)
(net CA7DC-SERVICE fca7:b01:f00d:cafe::/64
(description "Public service IP space")
(attr trust-level TRUSTED)
(attr vlan 100)
)

(net CA7DC-MGMT fd:ca7:ca7:9000::/56
(description "iLO, hypervisors, switch config interfaces")
(net CA7DC-MGMT fca7:b01:f00d:6969::/64
(alias-v4 192.168.69.0/24)
(description "iLO, switch config interfaces")
(attr trust-level FULLY-TRUSTED)
(attr vlan 69)

(host lucifer 192.168.69.1
(description "Firewall"))
(host inferno 192.168.69.10
(description "Firewall hypervisor"))
(host belphegor 192.168.69.11
(description "Living room switch"))
(host beelzebub 192.168.69.15
(description "Datacenter switch"))
)
(net CA7DC-IOT fd:ca7:ca7:9100::/56

(net CA7DC-IOT fca7:b01:f00d:9900::/64
(alias-v4 192.168.99.0/24)
(description "IoT devices")
(attr trust-level UNTRUSTED)
(attr vlan 107)
)
(net CA7DC-DEVVM fd:ca7:ca7:de00::/56
(description "Developer VMs")
(attr trust-level TRUSTED)
(attr vlan 300)
)
)

(net CA7NET-VPN fd:ca7:f8a3::/48
(description "VPN subnet")

(net CA7NET-VPN-USER fd:ca7:f8a3:100::/56
(net CA7NET-VPN-USER fd:ca7:f8a3:100::/64
(description "VPN for general user access. Allowed to be used for traffic rerouting.")
(attr trust-level UNTRUSTED)
)
(net CA7NET-VPN-MON fd:ca7:f8a3:200::/56
(net CA7NET-VPN-MON fd:ca7:f8a3:200::/64
(description "VPN for monitoring services.")
(attr trust-level TRUSTED)
)
(net CA7NET-VPN-PUSH fd:ca7:f8a3:300::/56
(net CA7NET-VPN-PUSH fd:ca7:f8a3:300::/64
(description "VPN for the continuous deployment agent. Has access over almost everything!")
(attr trust-level FULLY-TRUSTED)
)
(net CA7NET-VPN-ADMIN fd:ca7:f8a3:400::/56
(net CA7NET-VPN-ADMIN fd:ca7:f8a3:400::/64
(description "VPN for me to perform total system administration! Has access over literally everything! Very dangerous!")
(attr trust-level FULLY-TRUSTED)
)
Expand All @@ -55,12 +64,15 @@
(description "Sonic gave me this IP for my house")
)

(net SONIC-PROVIDED-V6 2001:5a8:657::/56
(net SONIC-PROVIDED-V6 2001:5a8:4002:9300::/56
(description "Sonic gave me this prefix for my house")
(net HOME-USERS-V6 2001:5a8:657:a::/58
(net PROD-PUBLIC 2001:5a8:4002:9301::/64
(description "Address space for public services")
)
(net HOME-USERS-V6 2001:5a8:4002:930a::/64
(description "IP space for ethernet connected users")
)
(net HOME-WUSERS-V6 2001:5a8:657:b::/58
(net HOME-WUSERS-V6 2001:5a8:4002:930b::/58
(description "IP space for wireless connected users")
)
)

0 comments on commit effd074

Please sign in to comment.