Added nva models.

deploy/nva/1-nic+mgmt/cloud-init/20-disable-config-network.cfg

@@ -0,0 +1,2 @@
+network:
+  config: disabled

deploy/nva/1-nic+mgmt/cloud-init/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/cloud/cloud.cfg.d/`.

deploy/nva/1-nic+mgmt/iptables/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/iptables/`.

deploy/nva/1-nic+mgmt/iptables/iptables.rules

@@ -0,0 +1,51 @@
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*filter
+:INPUT ACCEPT [26093:11318598]
+:FORWARD ACCEPT [3795:7962603]
+:OUTPUT ACCEPT [28950:9367807]
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*mangle
+:PREROUTING ACCEPT [6678:10373822]
+:INPUT ACCEPT [5301:2588033]
+:FORWARD ACCEPT [1377:7785789]
+:OUTPUT ACCEPT [6125:2025111]
+:POSTROUTING ACCEPT [7502:9810900]
+-A PREROUTING ! -s 168.63.129.16/32 -i eth1 -j MARK --set-xmark 0x100/0x300    # in eth1 not AzILB probe use route table 0x100.
+-A PREROUTING -s 168.63.129.16/32 -i eth1 -j MARK --set-xmark 0x1000/0x3000    # in eth1 and AzILB probe use route table 0x1000.
+-A PREROUTING -d 20.36.44.155/32 -i eth1 -j MARK --set-xmark 0x1/0xff          # in eth1 and from a LB rule add extra mark for dnat/snat.
+-A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff  # save all marks.
+-A FORWARD -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff  # restore all marks from local.
+-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff   # restore all marks through local.
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*nat
+:PREROUTING ACCEPT [327:17028]
+:INPUT ACCEPT [324:16848]
+:OUTPUT ACCEPT [790:49662]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -i eth1 -p tcp -m mark --mark 0x1/0xff -m tcp --dport 80 -j DNAT --to-destination 10.0.4.12:8080
+-A POSTROUTING -o eth1 -m mark --mark 0x1/0xff -j MASQUERADE
+-A POSTROUTING -o eth1 -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
+-A POSTROUTING -o eth1 -s 10.0.0.0/8 -d 172.16.0.0/12 -j ACCEPT
+-A POSTROUTING -o eth1 -s 10.0.0.0/8 -d 192.168.0.0/16 -j ACCEPT
+-A POSTROUTING -o eth1 -s 172.16.0.0/12 -d 10.0.0.0/8 -j ACCEPT
+-A POSTROUTING -o eth1 -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT
+-A POSTROUTING -o eth1 -s 172.16.0.0/12 -d 192.168.0.0/16 -j ACCEPT
+-A POSTROUTING -o eth1 -s 192.168.0.0/16 -d 10.0.0.0/8 -j ACCEPT
+-A POSTROUTING -o eth1 -s 192.168.0.0/16 -d 172.16.0.0/12 -j ACCEPT
+-A POSTROUTING -o eth1 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
+-A POSTROUTING -o eth1 -j MASQUERADE
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*security
+:INPUT ACCEPT [6718:3316200]
+:FORWARD ACCEPT [1999:7837749]
+:OUTPUT ACCEPT [2587:426353]
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m owner --uid-owner 0 -j ACCEPT
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m conntrack --ctstate INVALID,NEW -j DROP
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021

deploy/nva/1-nic+mgmt/sysctl/99-enable-ipv4-forwarding.conf

@@ -0,0 +1 @@
+net.ipv4.ip_forward = 1

deploy/nva/1-nic+mgmt/sysctl/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/sysctl.d/`.

deploy/nva/1-nic+mgmt/systemd-networkd/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/systemd/network`.

deploy/nva/1-nic+mgmt/systemd-networkd/eth0.network

@@ -0,0 +1,9 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes

deploy/nva/1-nic+mgmt/systemd-networkd/eth1.network

@@ -0,0 +1,39 @@
+[Match]
+Name=eth1
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes
+UseRoutes=no
+UseDNS=no
+
+# Define local route policy for load balancer probe
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x1000/0x00003000
+Table=1000
+
+[Route]
+Destination=168.63.129.16/32
+Gateway=10.0.1.177
+GatewayOnLink=yes
+Metric=10
+Table=1000
+
+# Define routes for this interface
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x100/0x00000300
+Table=100
+
+[Route]
+Destination=0.0.0.0/0
+Gateway=10.0.1.177
+GatewayOnLink=yes
+Metric=10
+Table=100

deploy/nva/1-nic/cloud-init/20-disable-config-network.cfg

@@ -0,0 +1,2 @@
+network:
+  config: disabled

deploy/nva/1-nic/cloud-init/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/cloud/cloud.cfg.d/`.

deploy/nva/1-nic/iptables/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/iptables/`.

deploy/nva/1-nic/iptables/iptables.rules

@@ -0,0 +1,49 @@
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*filter
+:INPUT ACCEPT [26093:11318598]
+:FORWARD ACCEPT [3795:7962603]
+:OUTPUT ACCEPT [28950:9367807]
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*mangle
+:PREROUTING ACCEPT [6678:10373822]
+:INPUT ACCEPT [5301:2588033]
+:FORWARD ACCEPT [1377:7785789]
+:OUTPUT ACCEPT [6125:2025111]
+:POSTROUTING ACCEPT [7502:9810900]
+-A PREROUTING -d 20.36.44.155/32 -i eth0 -j MARK --set-xmark 0x1/0xff          # in eth0 and from a LB rule add extra mark for dnat/snat.
+-A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff  # save all marks.
+-A FORWARD -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff  # restore all marks from local.
+-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff   # restore all marks through local.
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*nat
+:PREROUTING ACCEPT [327:17028]
+:INPUT ACCEPT [324:16848]
+:OUTPUT ACCEPT [790:49662]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -i eth0 -p tcp -m mark --mark 0x1/0xff -m tcp --dport 80 -j DNAT --to-destination 10.0.4.12:8080
+-A POSTROUTING -o eth0 -m mark --mark 0x1/0xff -j MASQUERADE
+-A POSTROUTING -o eth0 -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
+-A POSTROUTING -o eth0 -s 10.0.0.0/8 -d 172.16.0.0/12 -j ACCEPT
+-A POSTROUTING -o eth0 -s 10.0.0.0/8 -d 192.168.0.0/16 -j ACCEPT
+-A POSTROUTING -o eth0 -s 172.16.0.0/12 -d 10.0.0.0/8 -j ACCEPT
+-A POSTROUTING -o eth0 -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT
+-A POSTROUTING -o eth0 -s 172.16.0.0/12 -d 192.168.0.0/16 -j ACCEPT
+-A POSTROUTING -o eth0 -s 192.168.0.0/16 -d 10.0.0.0/8 -j ACCEPT
+-A POSTROUTING -o eth0 -s 192.168.0.0/16 -d 172.16.0.0/12 -j ACCEPT
+-A POSTROUTING -o eth0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
+-A POSTROUTING -o eth0 -j MASQUERADE
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021
+# Generated by iptables-save v1.8.7 on Thu Aug 12 00:48:20 2021
+*security
+:INPUT ACCEPT [6718:3316200]
+:FORWARD ACCEPT [1999:7837749]
+:OUTPUT ACCEPT [2587:426353]
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m owner --uid-owner 0 -j ACCEPT
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m conntrack --ctstate INVALID,NEW -j DROP
+COMMIT
+# Completed on Thu Aug 12 00:48:20 2021

deploy/nva/1-nic/sysctl/99-enable-ipv4-forwarding.conf

@@ -0,0 +1 @@
+net.ipv4.ip_forward = 1

deploy/nva/1-nic/sysctl/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/sysctl.d/`.

deploy/nva/1-nic/systemd-networkd/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/systemd/network`.

deploy/nva/1-nic/systemd-networkd/eth0.network

@@ -0,0 +1,9 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes

deploy/nva/2-nic+mgmt/cloud-init/20-disable-config-network.cfg

@@ -0,0 +1,2 @@
+network:
+  config: disabled

deploy/nva/2-nic+mgmt/cloud-init/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/cloud/cloud.cfg.d/`.

deploy/nva/2-nic+mgmt/iptables/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/iptables/`.

deploy/nva/2-nic+mgmt/iptables/iptables.rules

@@ -0,0 +1,44 @@
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*filter
+:INPUT ACCEPT [503846:245889975]
+:FORWARD ACCEPT [11715:572454]
+:OUTPUT ACCEPT [593369:190021026]
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*mangle
+:PREROUTING ACCEPT [1579:386844]
+:INPUT ACCEPT [1265:373204]
+:FORWARD ACCEPT [314:13640]
+:OUTPUT ACCEPT [1339:464027]
+:POSTROUTING ACCEPT [1653:477667]
+-A PREROUTING ! -s 168.63.129.16/32 -i eth1 -j MARK --set-xmark 0x100/0x300    # in eth1 not AzILB probe use route table 0x100.
+-A PREROUTING ! -s 168.63.129.16/32 -i eth2 -j MARK --set-xmark 0x100/0x300    # in eth2 not AzPLB probe use route table 0x100.
+-A PREROUTING -s 168.63.129.16/32 -i eth1 -j MARK --set-xmark 0x1000/0x3000    # in eth1 and AzILB probe use route table 0x1000.
+-A PREROUTING -s 168.63.129.16/32 -i eth2 -j MARK --set-xmark 0x2000/0x3000    # in eth2 and AzPLB probe use route table 0x2000.
+-A PREROUTING -d 20.36.44.155/32 -i eth2 -j MARK --set-xmark 0x1/0xff          # in eth2 and from a LB rule add extra mark for dnat/snat.
+-A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff  # save all marks.
+-A FORWARD -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff  # restore all marks from local.
+-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff   # restore all marks through local.
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*nat
+:PREROUTING ACCEPT [166:8632]
+:INPUT ACCEPT [166:8632]
+:OUTPUT ACCEPT [384:23040]
+:POSTROUTING ACCEPT [384:23040]
+-A PREROUTING -i eth2 -p tcp -m mark --mark 0x1/0xff -m tcp --dport 80 -j DNAT --to-destination 10.0.4.12:8080
+-A POSTROUTING -o eth1 -m mark --mark 0x1/0xff -j MASQUERADE
+-A POSTROUTING -o eth2 -j MASQUERADE
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*security
+:INPUT ACCEPT [8576:9413117]
+:FORWARD ACCEPT [1192:54136]
+:OUTPUT ACCEPT [2206:353552]
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m owner --uid-owner 0 -j ACCEPT
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m conntrack --ctstate INVALID,NEW -j DROP
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021

deploy/nva/2-nic+mgmt/sysctl/99-enable-ipv4-forwarding.conf

@@ -0,0 +1 @@
+net.ipv4.ip_forward = 1

deploy/nva/2-nic+mgmt/sysctl/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/sysctl.d/`.

deploy/nva/2-nic+mgmt/systemd-networkd/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/systemd/network`.

deploy/nva/2-nic+mgmt/systemd-networkd/eth0.network

@@ -0,0 +1,9 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes

deploy/nva/2-nic+mgmt/systemd-networkd/eth1.network

@@ -0,0 +1,53 @@
+[Match]
+Name=eth1
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes
+UseRoutes=no
+UseDNS=no
+
+# Define local route policy for load balancer probe
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x1000/0x00003000
+Table=1000
+
+[Route]
+Destination=168.63.129.16/32
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=1000
+
+# Define routes for this interface
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x100/0x00000300
+Table=100
+
+[Route]
+Destination=10.0.0.0/8
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=100
+
+[Route]
+Destination=172.16.0.0/12
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=100
+
+[Route]
+Destination=192.168.0.0/16
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=100

deploy/nva/2-nic+mgmt/systemd-networkd/eth2.network

@@ -0,0 +1,39 @@
+[Match]
+Name=eth2
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes
+UseRoutes=no
+UseDNS=no
+
+# Define local route policy for load balancer probe
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x2000/0x00003000
+Table=2000
+
+[Route]
+Destination=168.63.129.16/32
+Gateway=10.0.1.177
+GatewayOnLink=yes
+Metric=10
+Table=2000
+
+# Define routes for this interface
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x100/0x00000300
+Table=100
+
+[Route]
+Destination=0.0.0.0/0
+Gateway=10.0.1.177
+GatewayOnLink=yes
+Metric=10
+Table=100

deploy/nva/2-nic/cloud-init/20-disable-config-network.cfg

@@ -0,0 +1,2 @@
+network:
+  config: disabled

deploy/nva/2-nic/cloud-init/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/cloud/cloud.cfg.d/`.

deploy/nva/2-nic/iptables/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/iptables/`.

deploy/nva/2-nic/iptables/iptables.rules

@@ -0,0 +1,43 @@
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*filter
+:INPUT ACCEPT [503846:245889975]
+:FORWARD ACCEPT [11715:572454]
+:OUTPUT ACCEPT [593369:190021026]
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*mangle
+:PREROUTING ACCEPT [1579:386844]
+:INPUT ACCEPT [1265:373204]
+:FORWARD ACCEPT [314:13640]
+:OUTPUT ACCEPT [1339:464027]
+:POSTROUTING ACCEPT [1653:477667]
+-A PREROUTING ! -s 168.63.129.16/32 -i eth0 -j MARK --set-xmark 0x100/0x300    # in eth0 not AzILB probe use route table 0x100.
+-A PREROUTING ! -s 168.63.129.16/32 -i eth1 -j MARK --set-xmark 0x100/0x300    # in eth1 not AzPLB probe use route table 0x100.
+-A PREROUTING -s 168.63.129.16/32 -i eth1 -j MARK --set-xmark 0x1000/0x3000    # in eth1 and AzPLB probe use route table 0x1000.
+-A PREROUTING -d 20.36.44.155/32 -i eth1 -j MARK --set-xmark 0x1/0xff          # in eth1 and from a LB rule add extra mark for dnat/snat.
+-A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff  # save all marks.
+-A FORWARD -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff  # restore all marks from local.
+-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff   # restore all marks through local.
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*nat
+:PREROUTING ACCEPT [166:8632]
+:INPUT ACCEPT [166:8632]
+:OUTPUT ACCEPT [384:23040]
+:POSTROUTING ACCEPT [384:23040]
+-A PREROUTING -i eth1 -p tcp -m mark --mark 0x1/0xff -m tcp --dport 80 -j DNAT --to-destination 10.0.4.12:8080
+-A POSTROUTING -o eth0 -m mark --mark 0x1/0xff -j MASQUERADE
+-A POSTROUTING -o eth1 -j MASQUERADE
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021
+# Generated by iptables-save v1.8.7 on Wed Aug 11 23:16:43 2021
+*security
+:INPUT ACCEPT [8576:9413117]
+:FORWARD ACCEPT [1192:54136]
+:OUTPUT ACCEPT [2206:353552]
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m owner --uid-owner 0 -j ACCEPT
+-A OUTPUT -d 168.63.129.16/32 -p tcp -m conntrack --ctstate INVALID,NEW -j DROP
+COMMIT
+# Completed on Wed Aug 11 23:16:43 2021

deploy/nva/2-nic/sysctl/99-enable-ipv4-forwarding.conf

@@ -0,0 +1 @@
+net.ipv4.ip_forward = 1

deploy/nva/2-nic/sysctl/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/sysctl.d/`.

deploy/nva/2-nic/systemd-networkd/README.md

@@ -0,0 +1 @@
+Place these files in `/etc/systemd/network`.

deploy/nva/2-nic/systemd-networkd/eth0.network

@@ -0,0 +1,37 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes
+
+# Define routes for this interface
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x100/0x00000300
+Table=100
+
+[Route]
+Destination=10.0.0.0/8
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=100
+
+[Route]
+Destination=172.16.0.0/12
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=100
+
+[Route]
+Destination=192.168.0.0/16
+Gateway=10.0.1.161
+GatewayOnLink=yes
+Metric=10
+Table=100

deploy/nva/2-nic/systemd-networkd/eth1.network

@@ -0,0 +1,39 @@
+[Match]
+Name=eth1
+
+[Network]
+DHCP=ipv4
+LinkLocalAddressing=no
+
+[DHCPv4]
+UseMTU=yes
+UseRoutes=no
+UseDNS=no
+
+# Define local route policy for load balancer probe
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x1000/0x00003000
+Table=1000
+
+[Route]
+Destination=168.63.129.16/32
+Gateway=10.0.1.177
+GatewayOnLink=yes
+Metric=10
+Table=1000
+
+# Define routes for this interface
+
+[RoutingPolicyRule]
+From=0.0.0.0/0
+FirewallMark=0x100/0x00000300
+Table=100
+
+[Route]
+Destination=0.0.0.0/0
+Gateway=10.0.1.177
+GatewayOnLink=yes
+Metric=10
+Table=100