742e84e3b0
Root cause: the doublezero-agent on mia-sw01 manages Tunnel500's ACL (SEC-USER-500-IN) and drops outbound gossip with src 137.239.194.65. The agent overwrites any custom ACL entries. Fix: create a separate GRE tunnel (Tunnel100) using mia-sw01's free LAN IP (209.42.167.137) as tunnel source. This tunnel goes over the ISP uplink, completely independent of the DZ overlay: - mia-sw01: Tunnel100 src 209.42.167.137, dst 186.233.184.235 - biscayne: gre-ashburn src 186.233.184.235, dst 209.42.167.137 - Link addresses: 169.254.100.0/31 Playbook changes: - ashburn-relay-mia-sw01: Tunnel100 + Loopback101 + SEC-VALIDATOR-100-IN - ashburn-relay-biscayne: gre-ashburn tunnel + updated policy routing - New template: ashburn-routing-ifup.sh.j2 for boot persistence Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| arista-scraped | ||
| switch-configs | ||
| arista-eos-reference.md | ||
| ashburn-validator-relay.md | ||
| blue-green-upgrades.md | ||
| bug-ashburn-tunnel-port-filtering.md | ||
| bug-laconic-so-etcd-cleanup.md | ||
| bug-laconic-so-ingress-conflict.md | ||
| doublezero-multicast-access.md | ||
| doublezero-status.md | ||
| feature-kind-local-registry.md | ||
| known-issues.md | ||
| shred-collector-relay.md | ||
| tvu-shred-relay.md | ||