@arichtman actually the biggest availability issue would be the router appliance that all my k8s nodes would be behind. i could carp it tho
@astrid very true. My virtualized router is easily one of the most critical things. Second only to the hypervisor it's on I guess
@arichtman I have several virtualized routers happening
1. inferno/Lucifer, the one hooked to the modem, it's a firewall
2. asmodeus, who will handle dn42 peering
3. charon, who will handle all packets entering my production services
4. nyaanet, the wifi router
Lucifer is opnsense and I don't like opnsense very much after almost a year of using it and I might just move the role into nyaanet.
1. inferno/Lucifer, the one hooked to the modem, it's a firewall
2. asmodeus, who will handle dn42 peering
3. charon, who will handle all packets entering my production services
4. nyaanet, the wifi router
Lucifer is opnsense and I don't like opnsense very much after almost a year of using it and I might just move the role into nyaanet.
@astrid whew that's complicated! What ticked you off about opnsense? Seems more libre than pfsense and not trash GUI like openwrt?
Also - if you really wanna have fun, you can use bgo peering for the worker nodes to advertise their ipv6 routes to your main router and skip virtual load balancing.
@arichtman doesn't allow next hop to use link local routes. maybe i should just submit a patch tho. also honestly I wanna just have a really basic front-of-house so I don't kill the Internet with my shenanigans