Quick update: since writing this I've rebuilt this network - the new network has a similar overall design in terms of sites and VLANs, but now has multiple upstreams (announcing my own IPv6 space) for redundancy, as well as internally anycasted NAT64. The routers all run BIRD on Debian, with individual openvpn tunnels between routers for internal communication. Hopefully I'll write this up properly at some point, for now see the small page on as204345.
For quite some time, I've been working on a new "home network", in order to have a properly designed network that spans multiple sites. Previously I had a complete mess - a single local private v4 subnet behind double NAT, as well as some remote LXC containers on a VPS that lived behind NAT. Connecting this up were several OpenVPN tunnels/bridges to allow access between the networks (but only in specific directions!), as well as for external access. In summary, a big tangled mess of NAT!
Therefore, when building this new network, I wanted to solve a few issues:
- I'd like routing between every server, allowing me to SSH into remote containers/VMs without having to jump through the host, and for pushing backups between sites
- Several of my sites (both at home and at university) will be stuck behind NAT, and I would like to be able to connect to the rest of the network from there
- Everything should have both a logical IP address and hostname to identify what site and VLAN it is on
- I wanted to learn about IPv6 :)