kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2d4e937d1a4f2d802644773862e97a628866260
hunfabric/modules/cloud-config-container/simple-nva/files/policy_based_routing.sh
Luca Prete f2d4e937d1 Fix pre-commit hook (#3882)
2026-04-18 10:07:14 +02:00

56 lines
2.5 KiB
Bash
Raw Blame History

#!/bin/bash
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
IF_NAME=$1
IF_NUMBER=${IF_NAME//eth/}
IF_GW=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/"$IF_NUMBER"/gateway -H "Metadata-Flavor: Google")
IF_IP=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/"$IF_NUMBER"/ip -H "Metadata-Flavor: Google")
IF_NETMASK=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/"$IF_NUMBER"/subnetmask -H "Metadata-Flavor: Google")
# shellcheck disable=SC2034
IF_IP_PREFIX=$(/var/run/nva/ipprefix_by_netmask.sh "$IF_NETMASK")
# Sleep while there's no load balancer IP route for this IF
while true; do
IPS_LB_STR=$(ip r show table local | grep "$IF_NAME proto 66" | cut -f 2 -d " " | tr -s '\n' ' ')
read -r -a IPS_LB <<<"$IPS_LB_STR"
for IP in "${IPS_LB[@]}"; do
# Configure hc routing table if not available for this network interface
grep -qxF "$((200 + IF_NUMBER)) hc-$IF_NAME" /etc/iproute2/rt_tables || {
echo "$((200 + IF_NUMBER)) hc-$IF_NAME" >>/etc/iproute2/rt_tables
ip route add "$IF_GW" src "$IF_IP" dev "$IF_NAME" table hc-"$IF_NAME"
ip route add default via "$IF_GW" dev "$IF_NAME" table hc-"$IF_NAME"
}
# configure PBR route for LB
ip rule list | grep -qF "$IP" || ip rule add from "$IP"/32 table hc-"$IF_NAME"
done
# remove previously configure PBR for old LB removed from network interface
# first get list of PBR on this network interface and retrieve LB IP addresses
PBR_LB_IPS_STR=$(ip rule list | grep "hc-$IF_NAME" | cut -f 2 -d " " | tr -s '\n' ' ')
read -r -a PBR_LB_IPS <<<"$PBR_LB_IPS_STR"
# iterate over PBR LB IP addresses
for PBR_IP in "${PBR_LB_IPS[@]}"; do
# check if the PBR LB IP belongs to the current array of LB IPs attached to the
# network interface, if not delete the corresponding PBR rule
if [ ${#IPS_LB[@]} -eq 0 ] || ! echo "${IPS_LB[*]}" | grep --quiet "$PBR_IP"; then
ip rule del from "$PBR_IP"
fi
done
sleep 2
done
Reference in New Issue View Git Blame Copy Permalink