hosts.lisp, distorted.lisp: Allocate an IPv6 range for DHCP.

[zones] / hosts.lisp

;;; -*-lisp-*-
;;;
;;; distorted.org.uk hosts and networks, and other useful addresses.

;;;--------------------------------------------------------------------------
;;; External hosts.

(defhost boyle.nsict.org ((:ipv4 "85.158.42.162")))
(defhost chiark.greenend.org.uk ((:ipv4 "212.13.197.229")
                                 (:ipv6 "2001:ba8:1e3::")))
(defhost mccoy.flatline.org.uk "80.74.241.31")
(defhost mythic-ns1 ((:ipv4 "45.33.127.156")
                     (:ipv6 "2600:3c00::f03c:91ff:fe96:beac")))
(defhost mythic-ns2 ((:ipv4 "93.93.128.67")
                     (:ipv6 "2a00:1098:0:80:1000::10")))
(defhost mythic-ns3 ((:ipv4 "185.24.221.32")
                     (:ipv6 "2a02:2770:11:0:21a:4aff:febe:759b")))
(defhost gandi-ns6 ((:ipv4 "217.70.177.40")))

;;;--------------------------------------------------------------------------
;;; Internal addresses.

;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
(defnet distorted.org.uk "172.29.198/23"
  (untrusted "198.0/24"
    (wireless "0/25")
    (iodine "128/28")
    (upn "160/27"))
  (trusted "199.0/24"
    (wired "0/25"
      (unsafe "0/27")
      (dhcp "32/27"))
    (vpn "128/27")
    (its "160/30")
    (colo "176/28")
    (safe "192/27")
    (any "224/27")))

;; Externally routable DMZ from Andrews and Arnold.
(defnet gw "81.2.113.195")
(defnet dmz "81.187.238.128/28")
(defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
  (unsafe "1/64"
    (dhcp "6468:6370/96"))
  (dmz "fff/64")
  (safe "4001/64")
  (untrusted "8001/64"))

;; Externally routed colo range.
(defnet jump "212.13.198.66/28")
(defnet jump "2001:ba8:0:1d9/64")
(defnet distorted.org.uk-jump "2001:ba8:1d9/48"
  (colo "2/64")
  (any "0/64")
  (vpn "6000/64")
  (upn "a000/64"))

;;;--------------------------------------------------------------------------
;;; Host allocations

;; External addresses.
(defhost guvnor.dmz ((:ipv4 gw 0) (:ipv6 dmz "::1:1")))
(defhost radius.dmz (dmz 1))
(defhost roadstar.dmz (dmz 2))
(defhost jem.dmz (dmz 3))
(defhost artist.dmz (dmz 4))
(defhost vampire.dmz (dmz 5))
(defhost universe.dmz (dmz 6))
(defhost ibanez.dmz (dmz 9))
(defhost anon.dmz (dmz 12))
(defhost nat.dmz ((:ipv4 dmz 14)))

;; Colocated addresses.
(defhost gate.jump ((:ipv6 jump 2)))
(defhost fender.jump (jump 5))
(defhost precision.jump (jump 6))
(defhost telecaster.jump (jump 7))
(defhost stratocaster.jump (jump 8))
(defhost jazz.jump (jump 9))
(defhost jaguar.jump ((:ipv4 jump 11) (:ipv6 jump "::2:1")))
(defhost richmond.jump ((:ipv4 jump 12) (:ipv6 jump "::1:1")))
(defhost anon.jump (jump 13))
(defhost blackhole.jump ((:ipv4 jump 14) (:ipv6 jump "::ffff")))

;; Linode virtual hosts.
(defhost national.linode ((:ipv4 "45.33.118.239")
                          (:ipv6 "2600:3c00::f03c:91ff:fe3b:d7c1")))

;; Unsafe network.
(defhost radius.unsafe (unsafe 1))
(defhost roadstar.unsafe (unsafe 2))
(defhost jem.unsafe (unsafe 3))
(defhost artist.unsafe (unsafe 4))
(defhost vampire.unsafe (unsafe 5))
(defhost universe.unsafe (unsafe 6))
(defhost ibanez.unsafe (unsafe 14))
(defhost groove.unsafe (unsafe 17))

;; Client hosts, with IPv6 addresses.
(defhost gibson.unsafe ((:ipv6 unsafe "e269:95ff:fe63:bb4")))
(defhost crybaby.unsafe ((:ipv6 unsafe "216:eaff:fec2:4cb8")))
(defhost lespaul.unsafe ((:ipv6 unsafe "a00:27ff:fef5:aaef")))
(defhost haze.unsafe ((:ipv6 unsafe "5056:a8ff:fe01:5654")))
(defhost gretsch.unsafe ((:ipv6 unsafe "3a2c:4aff:fe6d:e768")))
(defhost invader.safe ((:ipv6 safe "a00:27ff:fe94:a5d7")))
(defhost marauder.safe ((:ipv6 safe "a00:27ff:fe6a:7846")))

;; Safe network.
(defhost radius.safe (safe 1))
(defhost vampire.safe (safe 2))
(defhost evolution.safe (safe 3))
(defhost grigsby.safe (safe 4))
(defhost carling.safe (safe 5))
(defhost tritan.safe (safe 6))

;; Wireless network.
(defhost radius.untrusted (untrusted 1))
(defhost artist.untrusted (untrusted 2))
(defhost vampire.untrusted (untrusted 3))

;; Virtual private network.
(defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1")))
(defhost terror.vpn ((:ipv4 vpn 2)))
(defhost orange.vpn ((:ipv4 vpn 3) (:ipv6 vpn "::3:1")))
(defhost haze.vpn ((:ipv4 vpn 4) (:ipv6 vpn "::4:1")))
(defhost radius.vpn ((:ipv4 vpn 5) (:ipv6 vpn "::5:1")))
(defhost precision.vpn ((:ipv4 vpn 6) (:ipv6 vpn "::6:1")))
(defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1")))
(defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))

;; Untrusted private network.
(defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1")))

;; Iodine network.
(defhost jazz.iodine (iodine 1))

;; Special network for ITS.
;; It doesn't understand point-to-point links, so we need a little net.
(defhost gw.its (its 1))
(defhost mz.its (its 2))

;; Internal (VPN) addresses for colocated services.
(defhost fender.colo (colo 1))
(defhost precision.colo (colo 2))
(defhost telecaster.colo (colo 3))
(defhost stratocaster.colo (colo 4))
(defhost jazz.colo (colo 5))

;; Anycast addresses for services.
(defhost dns0.any ((:ipv4 any 0) (:ipv6 any "::0:1")))
(defhost dns1.any ((:ipv4 any 1) (:ipv6 any "::1:1")))
(defhost ntp0.any ((:ipv4 any 2) (:ipv6 any "::2:1")))
(defhost ntp1.any ((:ipv4 any 3) (:ipv6 any "::3:1")))
(defhost www-cache.any ((:ipv4 any 4) (:ipv6 any "::4:1")))
(defhost krb0.any ((:ipv4 any 5) (:ipv6 any "::5:1")))
(defhost krb1.any ((:ipv4 any 6) (:ipv6 any "::6:1")))

;;;--------------------------------------------------------------------------
;;; Host switch.

(preferred-subnet-case
  ((unsafe colo)
   (defhost radius radius.unsafe)
   (defhost vampire vampire.unsafe)
   (defhost precision precision.colo)
   (defhost telecaster telecaster.colo)
   (defhost stratocaster stratocaster.colo)
   (defhost national national.upn))
  (t
   (defhost radius radius.dmz)
   (defhost vampire vampire.dmz)
   (defhost precision precision.jump)
   (defhost telecaster telecaster.jump)
   (defhost stratocaster stratocaster.jump)
   (defhost national national.linode)))

(defhost jaguar jaguar.jump)

;;;----- That's all, folks --------------------------------------------------