We have a network backup via vultr. As it's difficult to convey its architecture via netbox, we document it slightly more here.
oob1.waw is a WDR3600 running OpenWRT, present in dcr01. It has a USB modem plugged in for LTE uplink.
See netbox for L1 connectivity diagrams.
There is an L2 subnet/bridge that spans three boxes: edge01.waw, oob1.waw and edge01.fra. This network is dieectly available on one of oob1.waw's ports, and edge01.waw connects to it (for information on ports, see netbox).
185.236.240.73 - address of oob1.waw on bridge, set on br-bgpvpn on OpenWRT 185.236.240.74 - address of edge01.waw on bridge, set on physical interface on edge 185.236.240.75 - address of edge01.fra on bridge, set on OpenVPN tap
This subnet is announced by edge01.waw to its main upstreams and through a huge prepend on edge01.fra. When edge01.waw's main uplink goes down, traffic gets routed through edge01.fra, as with the rest of the current production subnet (185.236.240.0/24). However, if edge01.waw is dead, the subnet will stop being announced at all. You will then have to manually jump through edge01.fra.bgp.wtf.
185.236.240.73 (oob1.waw) is not publicly routed, as oob1 has its main routing table default gw via LTE. There is a runbook below on how to access this box.
There is an OpenVPN tunnel set between oob1.waw and edge01.fra. edge01.fra is the server, listening on its publically routed internet adress. oob1 is the client. On oob1, the resulting tap interface is part of the br-bgpvpn bridge.
oob1.waw has a USB modem plugged in with a Play SIM card. The modem exposes a RFC1918 network that it NATs itself (or passes over to a CGNAT at Play?), 192.168.8.1/24. oob1 has a DHCP address in this subnet.
This entire setup lets us establish a non-multihop iBGP session between 185.236.240.74 and 185.236.240.75, and that's what we do.
oob1 sits in this network at .2, and is plugged into the management switch in dcr01. All LAN (yellow) ports on oob1 are also part of this subnet.
oob1.waw, if edge01.waw is up:
$ ssh -J root@edge01.waw.bgp.wtf root@185.236.240.73
oob1.waw, if edge01.fra is up and the LTE tunnel is up (but edge01.waw is dead):
$ ssh -J root@edge01.fra.bgp.wtf root@185.236.240.73
LTE modem interface
$ sudo ip a add 192.168.8.1/32 dev lo $ sudo ssh -J root@edge01.waw.bgp.wtf root@185.236.240.73 -L 192.168.8.1:80:192.168.8.1:80 $ # now you can visit 192.168.8.1 on your local web browser
oob1 and edge01.fra are currently fully manually managed. q3k has access.
See: netbox for phone number and latest validity information.
To manage the SIM plan, you'll have to access the modem web interface as above. From there, you can bootstrap yourself access to Play24. Generally topping up gives you tons of data, so you can do that if seemingly the link is down. Then, you can try logging into Play24 and buying a year-long subscription package for 50PLN.