No redundancy on private network site gateways

[grischard]

The private part of the network currently runs over wireguard VPNs between "site gateways": Ironbelly in Amsterdam, fafnir in Dublin, Ridley in UCL.

The private network runs:

• Monitoring through Prometheus
• Database replication
• OOB management
• PDU management
• BootP

There are two subnets on the private network: one for machines configured in chef, and one 'default' for unknown machines.

The site gateways also run VPN endpoints for remote access for the sysadmins.

There is currently no redundancy for the site gateways.

There is a preference towards keeping the config in chef (how often does it change?)

The private network currently runs in RFC1914 space, so no extra firewalling is needed.

UCL doesn't run IPv6, and some of the OOB systems might not support it anyway.