config/common.yaml

---
asn: 14907

lvs:
  eqiad:
    - 10.2.2.0/24
    - 208.80.154.224/27
    - 2620:0:861:ed1a::/64
  eqord: []  # None
  codfw:
    - 10.2.1.0/24
    - 208.80.153.224/27
    - 2620:0:860:ed1a::/64
  eqdfw: []  # None
  esams:
    - 10.2.3.0/24
    - 185.15.59.224/27
    - 2a02:ec80:300:ed1a::/64
  ulsfo:
    - 10.2.4.0/24
    - 198.35.26.96/27
    - 2620:0:863:ed1a::/64
  eqsin:
    - 10.2.5.0/24
    - 103.102.166.224/27
    - 2001:df2:e500:ed1a::/64
  drmrs:
    - 10.2.6.0/24
    - 185.15.58.224/27
    - 2a02:ec80:600:ed1a::/64
  magru:
    - 10.2.7.0/24
    - 195.200.68.224/27
    - 2a02:ec80:700:ed1a::/64

anycast_prefixes:
  - 10.3.0.0/24              # Internal
  - 2a02:ec80:ff00:101::/64  # Internal IPv6
  - 198.35.27.0/24           # Public prod anycast - incl. ns2.wikimedia.org
  - 185.71.138.0/24          # Wikidough
  - 2001:67c:930::/48        # IPv6 Anycast - incl. wikidough
  - 208.80.154.238/32        # ns0.wikimedia.org
  - 208.80.153.231/32        # ns1.wikimedia.org

# Next available UID: 2039
# When adding a new user, please make sure to update "next available UID" above
# yamllint disable rule:line-length
users:
  - name: akosiaris
    uid: 2013
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaQh65Vz3lIjtSnFC08NUg1VL1nH0FThYv+La2xxuI1 akosiaris"
  - name: ayounsi
    uid: 2023
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/FWxAMNeb8FlQHZjE87msJ1xZDmpupKxnLPbo5648F"
  - name: bblack
    uid: 2016
    class: super-user
    sshkeys:
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKODQ/AENdGWaAzpp8S7bLVRf0w3mtPSb7X+Y9e7YUoM1KVsRTzAcnJ7PTPtKyo3dF2LoXdT4tWGSbx6NDb3K8Omv1eaohGeLw01UyrUdGP4Vqm8F1IDARWL7bd0AWcy3+VY3fwv2Z1LzRCn9tHGOe+EFEpRj+ZxvpQqaN3aS8I2wrHGdDavCv33hF2/evRl95rpIzDiy7ArPUoPOlO85b9hJ8XObROb+C5W/3dtduuiBHLv8TBgVHMZhJTRhnyc8JyqLf3GfH9SM1LLletnkf2jDa3pplGQam1yRSZXhb9XwQOyZlWP7WqNkC+o6pslcfNV9/XlgFVGQe+O4j48Ij bb@y51"
  - name: elukey
    uid: 2021
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnio9xxcmPlCm6nopqtSflVBliGUzjQnmKJsBLcoo4c ltoscano@wikimedia.org"
  - name: filippo
    uid: 2018
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/BE+c4m55DAUmSUypry/G1UfAavsaascs5XVW2SSWw fgiunchedi@wikimedia.org"
  - name: jgreen
    uid: 2019
    class: operations
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk63ADdfLN11agYkHXd2QWA8baRm52kEhb4aFOdPMsW Jeff Green <jgreen@wikimedia.org>"
  - name: mark
    uid: 2000
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6K+JZA84Q4ebAGi7R8Pm7G8CZiG1KR+xau7bO9Uzdx mark@wikimedia.org"
  - name: rancid
    uid: 2002
    class: rancid
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIG6+zGenRPRSzxvsnfyTeRXbnBhxyN41o6xTzAWSlOK"
  - name: robh
    uid: 2011
    class: operations
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHYjWVcfMAcmolF1a7NiXSMm7klfbacJ5QJyCTppbuG robh@girair.local"
  - name: vgutierrez
    uid: 2024
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbsyhkYl7cex8m/wVEJQXpUkorbaoRkeKBpCEMLFUyM vgutierrez@yubikey5"
  - name: papaul
    uid: 2026
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTrNNRvKsT4O1N/2OzjiaQ72wq0rYP+cnIH81hn9tow network_key"
  - name: volans
    uid: 2027
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLPtrz3vy1SKNu4Rez8Jr+my9QhlNO0/iWLb4/cZB8V Riccardo Coccioli (volans) <rcoccioli@wikimedia.org>"
  - name: homer
    uid: 2029
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESO36OH9RJD/YwgTv0PRQzivYEC4RzfC7m+K5unFtS6"
  - name: dwisehaupt
    uid: 2030
    class: operations
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbsOh0AybdeFJP2JBw2LcN0MsJEvQThEpni1+c9sRnG dwisehaupt@wikimedia.org"
  - name: cdanis
    uid: 2031
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClbwSYjLRlMc5Z3QSYLUqpxTm2lfo2fkwHonfcyJyQv cdanis@yubikey-wmf"
  - name: cmooney
    uid: 2032
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdVgbQxt3Bfx8g6/irDLpr27gPI/YI57+swSnl0DRgt cmooney_prod@wikilap"
  - name: jayme
    uid: 2033
    class: read-only
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2TjL7xYqQjY286d/CV+PjmE2vTd9FfoLZZRDkf38XH janis@norna"
  - name: sukhe
    uid: 2034
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPE0Y9KGVkwRR1edkEe2/5LShc9s6nynwFQg+v9Uemd sukhe@sukhe"
  - name: btullis
    uid: 2035
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7CKsdTGflNxDWXHPr9aAzabpbYE0dJhgljrxAWGJid btullis@wmf-network"
  - name: brett
    uid: 2036
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRwFepdKx09yNGYrpt/qra4NJBF0AjjdE8RZ5cFeGwR cardno:18 551 449"
  - name: fabfur
    uid: 2037
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAeydDXbMjhj9yFWzukobrDPyjyIlRY6ugP6tUYUcuVX cardno:23 857 498"
  - name: dcaro
    uid: 2038
    class: super-user
    sshkeys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID46/gY7mfN96ylAdQb6ZBfrq9L3QwemMtN5ZjrJgEmK dcaro@magnum wmf network access"
# yamllint enable rule:line-length
# When adding a new user, please make sure to update the "next available UID"
# comment at the beginning of the users block

ospf:
  p2p:
    - cr3-ulsfo.wikimedia.org: ae0.2
      cr4-ulsfo.wikimedia.org: ae0.2
    - cr3-ulsfo.wikimedia.org: et-0/0/1.401
      mr1-ulsfo.wikimedia.org: ge-0/0/4.401
      metric: 20000
    - cr4-ulsfo.wikimedia.org: et-0/0/1.402
      mr1-ulsfo.wikimedia.org: ge-0/0/4.402
      metric: 20000
    - cr4-ulsfo.wikimedia.org: gr-0/0/0.2
      cr2-eqdfw.wikimedia.org: gr-0/0/0.1
      metric: 1390
      bfd: true
    - cr3-eqsin.wikimedia.org: ae0.0
      cr2-eqsin.wikimedia.org: ae0.0
    - cr3-eqsin.wikimedia.org: ae1.401
      mr1-eqsin.wikimedia.org: ge-0/0/4.401
      metric: 20000
    - cr2-eqsin.wikimedia.org: ae1.402
      mr1-eqsin.wikimedia.org: ge-0/0/4.402
      metric: 20000
    - cr1-codfw.wikimedia.org: ae0.0
      cr2-codfw.wikimedia.org: ae0.0
      bfd: true
    - cr2-eqdfw.wikimedia.org: xe-0/1/3.12
      cr1-eqiad.wikimedia.org: xe-3/0/7.12
      bfd: true
      metric: 1390
    - cr2-eqdfw.wikimedia.org: xe-0/1/3.23
      cr2-esams.wikimedia.org: xe-0/1/5.23
      bfd: true
      metric: 1550
    - cr1-eqiad.wikimedia.org: ae0.0
      cr2-eqiad.wikimedia.org: ae0.0
    - cr1-eqiad.wikimedia.org: ae1.401
      mr1-eqiad.wikimedia.org: ge-0/0/1.401
      metric: 20000
    - cr2-eqiad.wikimedia.org: ae1.402
      mr1-eqiad.wikimedia.org: ge-0/0/1.402
      metric: 20000
    - cr1-eqiad.wikimedia.org: xe-3/0/7.13
      cr2-esams.wikimedia.org: xe-0/1/5.13
      bfd: true
      metric: 1820
    - cr1-esams.wikimedia.org: ae0.0
      cr2-esams.wikimedia.org: ae0.0
    - cr2-esams.wikimedia.org: ae1.404
      mr1-esams-old.wikimedia.org: ge-0/0/1.404
      metric: 20000
    - cloudsw1-c8-eqiad.mgmt.eqiad.wmnet: irb.1104
      cloudsw1-d5-eqiad.mgmt.eqiad.wmnet: irb.1104
    - cr1-drmrs.wikimedia.org: et-0/0/0.0
      cr2-drmrs.wikimedia.org: et-0/0/0.0
    - cr2-eqdfw.wikimedia.org: xe-0/1/3.26
      cr2-drmrs.wikimedia.org: xe-0/1/4.26
      metric: 1180  # 118ms
      bfd: true
    - cr1-eqiad.wikimedia.org: xe-3/0/7.16
      cr2-drmrs.wikimedia.org: xe-0/1/4.16
      metric: 968  # 88ms + 10% (backup link)
      bfd: true
    - cr1-magru.wikimedia.org: et-0/0/0.0
      cr2-magru.wikimedia.org: et-0/0/0.0

  stub:
    mr1-ulsfo.wikimedia.org:
      - irb.900
    mr1-eqsin.wikimedia.org:
      - irb.900
    mr1-eqiad.wikimedia.org:
      - ge-0/0/2.0
      - ge-0/0/0.0
    mr1-esams-old.wikimedia.org:
      - ge-0/0/6.2483
      - irb.900
    cr3-ulsfo.wikimedia.org:
      - et-0/0/1.1201
      - et-0/0/1.1211
      - et-0/0/1.1221
    cr4-ulsfo.wikimedia.org:
      - et-0/0/1.1201
      - et-0/0/1.1211
      - et-0/0/1.1221
    cr3-eqsin.wikimedia.org:
      - ae1.510
      - ae1.520
      - ae1.530
    cr2-eqsin.wikimedia.org:
      - ae1.510
      - ae1.520
      - ae1.530
    cr1-codfw.wikimedia.org:
      - et-1/1/5.2001
      - et-1/1/5.2002
      - et-1/1/2.2003
      - et-1/1/2.2004
      - et-1/1/5.2017
      - et-1/1/5.2018
      - et-1/1/2.2019
      - et-1/1/2.2020
    cr2-codfw.wikimedia.org:
      - et-1/1/5.2001
      - et-1/1/5.2002
      - et-1/0/2.2003
      - et-1/0/2.2004
      - et-1/1/5.2017
      - et-1/1/5.2018
      - et-1/0/2.2019
      - et-1/0/2.2020
    cr1-eqiad.wikimedia.org:
      - ae1.1001
      - ae1.1017
      - ae1.1117
      - ae1.1030
      - ae2.1002
      - ae2.1018
      - ae2.1021
      - ae2.1120
      - ae2.1202
      - ae3.1003
      - ae3.1019
      - ae3.1022
      - ae3.1119
      - ae4.1020
      - ae4.1004
      - ae4.1023
    cr2-eqiad.wikimedia.org:
      - ae1.1001
      - ae1.1017
      - ae1.1117
      - ae1.1030
      - ae2.1002
      - ae2.1018
      - ae2.1021
      - ae2.1120
      - ae2.1202
      - ae3.1003
      - ae3.1019
      - ae3.1022
      - ae3.1119
      - ae4.1020
      - ae4.1004
      - ae4.1023
    cr2-esams.wikimedia.org:
      - ae1.100
      - ae1.103
    cloudsw1-c8-eqiad.mgmt.eqiad.wmnet:
      - irb.1120
    cloudsw1-d5-eqiad.mgmt.eqiad.wmnet:
      - irb.1120


juniper_protocols:
  - bfd
  - bgp
  - dvmrp
  - igmp
  - ldp
  - msdp
  - nhrp
  - ospf
  - ospf3
  - pgm
  - pim
  - rip
  - ripng
  - router-discovery
  - rsvp
  - sap
  - vrrp

juniper_services:
  - any-service
  - bootp
  - dhcp
  - dhcpv6
  - dns
  - finger
  - ftp
  - http
  - https
  - ident-reset
  - ike
  - lsping
  - netconf
  - ntp
  - ping
  - r2cp
  - reverse-ssh
  - reverse-telnet
  - rlogin
  - rpm
  - rsh
  - snmp
  - snmp-trap
  - ssh
  - telnet
  - tftp
  - traceroute
  - xnm-clear-text
  - xnm-ssl

ntp_servers:
  - 10.3.0.5  # ntp-a.anycast.wmnet
  - 10.3.0.6  # ntp-b.anycast.wmnet
  - 10.3.0.7  # ntp-c.anycast.wmnet

transit_providers:
  # Name: [Unique]
  #  AS: 1234 [Required]  # Peer AS number
  #  flowspec: true [Optional]  # Adds flowspec address family
  #  import_policy: true [Optional]  Generate the policy based on the peer ASN
  #  export_policy: true [Optional]  Generate the policy based on the peer ASN
  #  BFD: true [Optional] Enable BFD
  #
  #  See bgp_keys in homer-private/config/devices.yaml
  Arelion:
    AS: 1299
    export_policy: true
  "Deutsche Telekom":
    # CID in https://netbox.wikimedia.org/circuits/circuits/92/
    AS: 3320
    BFD: true
    export_policy: true
  EdgeUno:
    AS: 7195
    export_policy: true
  FiberRing:
    AS: 38930
  "Hurricane Electric":
    AS: 6939
  Init7:
    AS: 13030
    export_policy: true
  KPN:
    AS: 1136
  LibertyGlobal:
    AS: 6830
    flowspec: true
  NTT:
    AS: 2914
    export_policy: true
  Tata:
    AS: 6453
    export_policy: true
  Tele2:
    AS: 1257
    export_policy: true
  Telxius:
    AS: 12956
    export_policy: true
    BFD: true
  Lumen:
    AS: 3356
    export_policy: true
  Orange:
    AS: 5511
  Novacore:
    AS: 28189
    export_policy: true

asns_mapping:
  k8s:
    eqiad: 64601
    codfw: 64602
  k8s-stage:
    eqiad: 64603
    codfw: 64604
  k8s-mlserve:
    eqiad: 64606
    codfw: 64607
  k8s-mlstaging:
    codfw: 64608
  k8s-dse:
    eqiad: 64609
  k8s-aux:
    eqiad: 64610
  frack:
    eqiad: 64700
    codfw: 64701

vrf_ids:
  cloud: 5001