Rede SP (Presidente Prudente)
Topologia
│ 186.217.182.224/27 (gateway .254)
┌────┴────────────────────────────────────┐
│ VyOS SP (VM 6001 — pve-ippri-11) │
│ eth0: 186.217.182.242/27 (WAN) │
│ eth1.192: 192.168.10.5/23 (LAN mgmt) │
│ eth1.197: 192.168.12.5/24 (LAB) │
└────┬────────────┬──────────────────────┘
192.168.10.0/23 192.168.12.0/24
(management) (lab machines)
VyOS SP
| Item | Valor |
|---|
| VMID | 6001 |
| Node | pve-ippri-11 |
| Versao | VyOS rolling (2026.04.13) |
| Storage | linstor-ssd-01 (DRBD replicado 3 nodes) |
| SSH | porta 65401 |
| IP WAN | 186.217.182.242/27 |
| Gateway WAN | 186.217.182.254 |
VLANs
| VLAN | Subnet | Gateway | Uso |
|---|
| 192 | 192.168.10.0/23 | 192.168.10.5 | Proxmox nodes, VMs, infra |
| 197 | 192.168.12.0/24 | 192.168.12.5 | Maquinas lab (workstations) |
NAT Destination (port forwarding)
| Porta externa | Destino | Servico |
|---|
| 22 | 192.168.11.200:22 | SSH VM 1030 |
| 80 | 192.168.10.6:80 | HTTP Traefik SP |
| 443 | 192.168.10.6:443 | HTTPS Traefik SP |
| 65402 | 192.168.10.6:22 | SSH traefik-sp |
| 65403 | 192.168.10.51:22 | SSH k3s-sp |
NAT Source (masquerade)
| Regra | Subnet | Descricao |
|---|
| 100 | 192.168.10.0/23 | LAN para internet |
| 110 | 192.168.12.0/24 | LAB para internet |
DHCP
| Rede | Range DHCP dinâmico | Lease |
|---|
| LAN (192.168.10.0/23) | 192.168.11.200 - 192.168.11.209 | 24h |
| LAB (192.168.12.0/24) | 192.168.12.200 - 192.168.12.250 | 24h |
LAB — divisão do /24
| Range | Uso |
|---|
192.168.12.1-4 | Reservado |
192.168.12.5 | VyOS LAB (gateway, eth1.197) |
192.168.12.6-9 | Reservado |
192.168.12.10-199 | STATIC — workstations + servidores conhecidos (cfg local) |
192.168.12.200-250 | DHCP dinâmico — visitantes / dispositivos não-cadastrados |
192.168.12.251-254 | Reservado |
Workstations cadastradas (ippri02-06) ficam em .100-104 (dentro do range static — configuradas estaticamente nos hosts ou via Ansible).
Firewall
- Forward: drop por default; permite LAN/LAB → WAN, established/related, DNAT
- Input: drop por default; permite SSH 65401, established/related, loopback, LAN, LAB
Nodes na VLAN 192 (management)
| IP | Host | Descricao |
|---|
| 192.168.10.5 | vyos-sp | VyOS gateway (LAN mgmt eth1.192) |
| 192.168.10.6 | traefik-sp | Reverse proxy + K3s |
| 192.168.10.11 | pve-ippri-11 | Proxmox node |
| 192.168.10.12 | pve-ippri-12 | Proxmox node |
| 192.168.10.31 | pve-ippri-31 | Proxmox node (GPU A5000) |
| 192.168.10.32 | pve-ippri-32 | Proxmox node |
| 192.168.10.33 | pve-ippri-33 | Proxmox node (GPU A5000) |
| 192.168.10.34 | pve-ippri-34 | Proxmox node (GPU A5000) |
| 192.168.10.51 | k3s-sp | K3s cluster node |
| 192.168.10.61 | gpu-sp-01 | LXC GPU (A5000) |
| 192.168.11.200 | VM 1030 | SSH acessivel externamente |
Rede 10G (LINSTOR)
Rede dedicada para replicacao DRBD entre nodes com SSD:
| IP | Node | Andar |
|---|
| 10.10.20.11 | pve-ippri-11 | A |
| 10.10.20.12 | pve-ippri-12 | A |
| 10.10.20.31 | pve-ippri-31 | B |
VIP LINSTOR controller: 10.10.20.1
Politica de replicacao: 1 replica por andar (via Aux/floor label + replicas-on-different). Detalhes em linstor-operacoes.md.