;;;--------------------------------------------------------------------------
;;; External hosts.
-(defhost boyle.nsict.org 85.158.42.162)
-(defhost chiark.greenend.org.uk 212.13.197.229)
-(defhost mccoy.flatline.org.uk 80.74.241.31)
-(defhost mythic-ns1 69.56.173.190)
-(defhost mythic-ns2 93.93.128.67)
+(defhost boyle.nsict.org ((:ipv4 "85.158.42.162")))
+(defhost chiark.greenend.org.uk ((:ipv4 "212.13.197.229")
+ #+chiark-dns-ipv6 (:ipv6 "2001:ba8:1e3::")))
+(defhost mccoy.flatline.org.uk "80.74.241.31")
+(defhost mythic-ns1 ((:ipv4 "45.33.127.156")
+ (:ipv6 "2600:3c00::f03c:91ff:fe96:beac")))
+(defhost mythic-ns2 ((:ipv4 "93.93.128.67")
+ (:ipv6 "2a00:1098:0:80:1000::10")))
+(defhost mythic-ns3 ((:ipv4 "185.24.221.32")
+ (:ipv6 "2a02:2770:11:0:21a:4aff:febe:759b")))
+(defhost gandi-ns6 ((:ipv4 "217.70.177.40")))
;;;--------------------------------------------------------------------------
;;; Internal addresses.
-;; Externally routable DMZ.
-(defnet dmz 62.49.204.144/28)
+;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
+(defnet distorted.org.uk "172.29.198/23"
+ (untrusted "198.0/24"
+ (wireless "0/25")
+ (iodine "128/28")
+ (hippo "144/28")
+ (upn "160/27"))
+ (trusted "199.0/24"
+ (wired "0/25"
+ (unsafe "0/27")
+ (dhcp "32/27"))
+ (vpn "128/27")
+ (its "160/30")
+ (colo "176/28")
+ (safe "192/27")
+ (any "224/27")))
+
+;; Externally routable DMZ from Andrews and Arnold.
+(defnet gw "81.2.113.195")
+(defnet dmz "81.187.238.128/28")
+(defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
+ (unsafe "1/64"
+ (dhcp "6468:6370/96"))
+ (dmz "fff/64")
+ (safe "4001/64")
+ (untrusted "8001/64"))
;; Externally routed colo range.
-(defnet jump 212.13.198.66/28)
-
-;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
-(defnet distorted.org.uk 172.29.198.0/23
- (untrusted 256
- (wireless 128)
- (iodine 16))
- (trusted 256
- (wired 128
- (unsafe 32)
- (dhcp 32))
- (vpn 32)
- (nil 16
- (its 4))
- (colo 16)
- (safe 32)
- (any 32)))
+(defnet jump "212.13.198.66/28")
+(defnet jump "2001:ba8:0:1d9/64")
+(defnet distorted.org.uk-jump "2001:ba8:1d9/48"
+ (colo "2/64")
+ (any "0/64")
+ (vpn "6000/64")
+ (upn "a000/64"))
;;;--------------------------------------------------------------------------
;;; Host allocations
;; External addresses.
-(defhost guvnor.dmz (dmz 1))
-(defhost radius.dmz (dmz 2))
-(defhost roadstar.dmz (dmz 3))
-(defhost jem.dmz (dmz 4))
-(defhost artist.dmz (dmz 5))
-(defhost vampire.dmz (dmz 6))
+(defhost guvnor.dmz ((:ipv4 gw 0) (:ipv6 dmz "::1:1")))
+(defhost radius.dmz (dmz 1))
+(defhost roadstar.dmz (dmz 2))
+(defhost jem.dmz (dmz 3))
+(defhost artist.dmz (dmz 4))
+(defhost vampire.dmz (dmz 5))
+(defhost universe.dmz (dmz 6))
(defhost ibanez.dmz (dmz 9))
(defhost anon.dmz (dmz 12))
-(defhost gate.dmz (dmz 13))
-(defhost nat.dmz (dmz 14))
+(defhost nat.dmz ((:ipv4 dmz 14)))
;; Colocated addresses.
+(defhost gate.jump ((:ipv6 jump 2)))
(defhost fender.jump (jump 5))
(defhost precision.jump (jump 6))
(defhost telecaster.jump (jump 7))
(defhost stratocaster.jump (jump 8))
(defhost jazz.jump (jump 9))
+(defhost jaguar.jump ((:ipv4 jump 11) (:ipv6 jump "::2:1")))
+(defhost richmond.jump ((:ipv4 jump 12) (:ipv6 jump "::1:1")))
+(defhost anon.jump (jump 13))
+(defhost blackhole.jump ((:ipv4 jump 14) (:ipv6 jump "::ffff")))
+
+;; Linode virtual hosts.
+(defhost national.linode ((:ipv4 "45.33.118.239")
+ (:ipv6 "2600:3c00::f03c:91ff:fe3b:d7c1")))
;; Unsafe network.
(defhost radius.unsafe (unsafe 1))
(defhost jem.unsafe (unsafe 3))
(defhost artist.unsafe (unsafe 4))
(defhost vampire.unsafe (unsafe 5))
+(defhost universe.unsafe (unsafe 6))
(defhost ibanez.unsafe (unsafe 14))
+(defhost groove.unsafe (unsafe 17))
+
+;; Client hosts, with IPv6 addresses.
+(defhost gibson.unsafe ((:ipv6 unsafe "e269:95ff:fe63:bb4")))
+(defhost crybaby.unsafe ((:ipv6 unsafe "216:eaff:fec2:4cb8")))
+(defhost lespaul.unsafe ((:ipv6 unsafe "a00:27ff:fef5:aaef")))
+(defhost haze.unsafe ((:ipv6 unsafe "5056:a8ff:fe01:5654")))
+(defhost gretsch.unsafe ((:ipv6 unsafe "3a2c:4aff:fe6d:e768")))
+(defhost invader.safe ((:ipv6 safe "a00:27ff:fe94:a5d7")))
+(defhost marauder.safe ((:ipv6 safe "a00:27ff:fe6a:7846")))
;; Safe network.
(defhost radius.safe (safe 1))
(defhost vampire.safe (safe 2))
(defhost evolution.safe (safe 3))
+(defhost grigsby.safe (safe 4))
+(defhost carling.safe (safe 5))
+(defhost tritan.safe (safe 6))
;; Wireless network.
(defhost radius.untrusted (untrusted 1))
-(defhost evolution.untrusted (untrusted 2))
+(defhost artist.untrusted (untrusted 2))
(defhost vampire.untrusted (untrusted 3))
;; Virtual private network.
-(defhost crybaby.vpn (vpn 1))
-(defhost terror.vpn (vpn 2))
+(defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1")))
+(defhost terror.vpn ((:ipv4 vpn 2)))
+(defhost orange.vpn ((:ipv4 vpn 3) (:ipv6 vpn "::3:1")))
+(defhost haze.vpn ((:ipv4 vpn 4) (:ipv6 vpn "::4:1")))
+(defhost radius.vpn ((:ipv4 vpn 5) (:ipv6 vpn "::5:1")))
+(defhost precision.vpn ((:ipv4 vpn 6) (:ipv6 vpn "::6:1")))
+(defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1")))
+(defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))
+
+;; Untrusted private network.
+(defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1")))
;; Iodine network.
-(defhost vampire.iodine (iodine 1))
+(defhost jazz.iodine (iodine 1))
+
+;; Hippotat network.
+(defhost jazz.hippo (hippo 1))
+(defhost crybaby.hippo (hippo 2))
;; Special network for ITS.
;; It doesn't understand point-to-point links, so we need a little net.
(defhost jazz.colo (colo 5))
;; Anycast addresses for services.
-(defhost dns0.any (any 0))
-(defhost dns1.any (any 1))
-(defhost ntp0.any (any 2))
-(defhost ntp1.any (any 3))
-(defhost www-cache.any (any 4))
+(defhost dns0.any ((:ipv4 any 0) (:ipv6 any "::0:1")))
+(defhost dns1.any ((:ipv4 any 1) (:ipv6 any "::1:1")))
+(defhost ntp0.any ((:ipv4 any 2) (:ipv6 any "::2:1")))
+(defhost ntp1.any ((:ipv4 any 3) (:ipv6 any "::3:1")))
+(defhost www-cache.any ((:ipv4 any 4) (:ipv6 any "::4:1")))
+(defhost krb0.any ((:ipv4 any 5) (:ipv6 any "::5:1")))
+(defhost krb1.any ((:ipv4 any 6) (:ipv6 any "::6:1")))
;;;--------------------------------------------------------------------------
;;; Host switch.
(preferred-subnet-case
- (dmz
- (defhost radius radius.dmz)
- (defhost vampire vampire.dmz))
- (t
+ ((unsafe colo)
(defhost radius radius.unsafe)
- (defhost vampire vampire.unsafe)))
+ (defhost vampire vampire.unsafe)
+ (defhost precision precision.colo)
+ (defhost telecaster telecaster.colo)
+ (defhost stratocaster stratocaster.colo)
+ (defhost national national.upn))
+ (t
+ (defhost radius radius.dmz)
+ (defhost vampire vampire.dmz)
+ (defhost precision precision.jump)
+ (defhost telecaster telecaster.jump)
+ (defhost stratocaster stratocaster.jump)
+ (defhost national national.linode)))
+
+(defhost jaguar jaguar.jump)
;;;----- That's all, folks --------------------------------------------------
~mdw / zones / blobdiff