cerc-io
/
stack-orchestrator
mirror of https://github.com/cerc-io/stack-orchestrator
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
stack-orchestrator/playbooks/files
History
A. F. Dudley b82d66eeff fix: VRF isolation for mia-sw01 relay, TCP dport mangle for ip_echo 
mia-sw01: Replace PBR-based outbound routing with VRF isolation.
TCAM profile tunnel-interface-acl doesn't support PBR or traffic-policy
on tunnel interfaces. Tunnel100 now lives in VRF "relay" whose default
route sends decapsulated traffic to was-sw01 via backbone, avoiding
BCP38 drops on the ISP uplink for src 137.239.194.65.

biscayne: Add TCP dport mangle rule for ip_echo (port 8001). Without it,
outbound ip_echo probes use biscayne's real IP instead of the Ashburn
relay IP, causing entrypoints to probe the wrong address. Also fix
loopback IP idempotency (handle "already assigned" error).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 		2026-03-07 23:31:18 +00:00
..
ashburn-relay-setup.sh.j2 fix: VRF isolation for mia-sw01 relay, TCP dport mangle for ip_echo 2026-03-07 23:31:18 +00:00
ashburn-routing-ifup.sh fix: ashburn relay playbooks and document DZ tunnel ACL root cause 2026-03-07 01:44:25 +00:00
ashburn-routing-ifup.sh.j2 feat: dedicated GRE tunnel (Tunnel100) bypassing DZ-managed Tunnel500 2026-03-07 01:47:58 +00:00