nixos/estuary: Add config for Frys-IX

nixos/boxes/colony/vms/estuary/bgp.nix

@@ -26,6 +26,9 @@ in
 
           define DUB1IP6 = 2a0e:97c0:4df:0:2::1;
 
+          define PREFIXP = 110;
+          define PREFPEER = 120;
+
           #function should_export6() {
           #	return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6);
           #}
@@ -156,18 +159,43 @@ in
             neighbor 2a02:898:0:20::e1 as 8283;
           }
 
+          protocol bgp peer4_frysix_rs1 from peer_bgp4 {
+            description "Frys-IX route server 1 (IPv4)";
+            neighbor 185.1.203.253 as 56393;
+            ipv4 { preference PREFIXP; };
+          }
+          protocol bgp peer6_frysix_rs1 from peer_bgp6 {
+            description "Frys-IX route server 1 (IPv6)";
+            neighbor 2001:7f8:10f::dc49:253 as 56393;
+            ipv6 { preference PREFIXP; };
+          }
+
+          protocol bgp peer4_frysix_rs2 from peer_bgp4 {
+            description "Frys-IX route server 2 (IPv4)";
+            neighbor 185.1.203.254 as 56393;
+            ipv4 { preference PREFIXP; };
+          }
+          protocol bgp peer6_frysix_rs2 from peer_bgp6 {
+            description "Frys-IX route server 2 (IPv6)";
+            neighbor 2001:7f8:10f::dc49:254 as 56393;
+            ipv6 { preference PREFIXP; };
+          }
+
           protocol bgp peer4_luje from peer_bgp4 {
             description "LUJE.net (IPv4)";
             neighbor 94.142.240.20 as 212855;
+            ipv4 { preference PREFPEER; };
           }
           protocol bgp peer6_luje from peer_bgp6 {
             description "LUJE.net (IPv6)";
             neighbor 2a02:898:0:20::166:1 as 212855;
+            ipv6 { preference PREFPEER; };
           }
           protocol bgp peer6_luje_labs from peer_bgp6 {
             description "LUJE.net labs (IPv6)";
-            neighbor 2a07:cd40:1::9 as 202413;
             multihop 3;
+            neighbor 2a07:cd40:1::9 as 202413;
+            ipv6 { preference PREFPEER; };
           }
         '';
       };

nixos/boxes/colony/vms/estuary/default.nix

@@ -140,6 +140,7 @@ in
               };
             };
 
+            #systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
             systemd.network = {
               config = {
                 networkConfig = {
@@ -147,9 +148,31 @@ in
                 };
               };
 
+              netdevs = {
+                "25-frys-ix-base" = {
+                  netdevConfig = {
+                    Name = "frys-ix-base";
+                    Kind = "vlan";
+                  };
+                  vlanConfig.Id = 409;
+                };
+                "25-frys-ix" = {
+                  netdevConfig = {
+                    Name = "frys-ix";
+                    Kind = "vlan";
+                  };
+                  vlanConfig.Id = 2605;
+                };
+              };
+
               links = {
                 "10-wan" = {
-                  matchConfig.MACAddress = "d0:50:99:fa:a7:99";
+                  matchConfig = {
+                    Driver = "igb";
+                    Path = "pci-0000:01:00.0";
+                    # Matching against MAC address seems to break VLAN interfaces (since they share the same MAC address)
+                    #MACAddress = "d0:50:99:fa:a7:99";
+                  };
                   linkConfig = {
                     Name = "wan";
                     RxBufferSize = 4096;
@@ -171,6 +194,7 @@ in
               networks = {
                 "80-wan" = {
                   matchConfig.Name = "wan";
+                  vlan = [ "frys-ix-base" ];
                   DHCP = "no";
                   address = with assignments.internal; [
                     (with ipv4; "${address}/${toString mask}")
@@ -187,6 +211,33 @@ in
                     IPv6AcceptRA = false;
                   };
                 };
+                "85-frys-ix-base" = {
+                  matchConfig = {
+                    Name = "frys-ix-base";
+                    Kind = "vlan";
+                  };
+                  vlan = [ "frys-ix" ];
+                  networkConfig = {
+                    LinkLocalAddressing = "no";
+                    DHCP = "no";
+                    LLDP = false;
+                    EmitLLDP = false;
+                    IPv6AcceptRA = false;
+                  };
+                };
+                "85-frys-ix" = {
+                  matchConfig.Name = "frys-ix";
+                  address = [
+                    "185.1.203.196/24"
+                    "2001:7f8:10f::3:3850:196/64"
+                  ];
+                  networkConfig = {
+                    DHCP = "no";
+                    LLDP = false;
+                    EmitLLDP = false;
+                    IPv6AcceptRA = false;
+                  };
+                };
 
                 "80-base" = mkMerge [
                   (networkdAssignment "base" assignments.base)
@@ -296,10 +347,20 @@ in
                       meta l4proto udp ct state new jump routing-udp
                       return
                     }
+                    chain ixp {
+                      ether type != { ip, ip6, arp, vlan } reject
+                      return
+                    }
+
                     chain forward {
-                      iifname wan oifname base jump filter-routing
+                      iifname { wan, frys-ix } oifname base jump filter-routing
+                      oifname frys-ix jump ixp
                       oifname as211024 accept
                     }
+                    chain output {
+                      oifname frys-ix-base ether type != vlan reject
+                      oifname frys-ix jump ixp
+                    }
                   }
                   table inet nat {
                     chain prerouting {