Visualisation of an anycast network
Overview
This project is a full Infrastructure-as-Code workflow for rolling out edge virtual machines with networking preconfigured from day one. New nodes are declared once, provisioned through CDK for Terraform, and then configured automatically through Ansible roles so they join the routing fabric quickly and consistently.
Architecture & Workflow
VM definitions are maintained in a typed configuration layer and translated into provider-specific resources through integration modules. After provisioning, a synthesis step generates dynamic inventory and host variables for Ansible, including per-host addressing data and iBGP fragments. A post-provisioning stack then creates DNS records, so newly deployed nodes become operational with minimal manual steps.
On configuration, the playbook applies baseline operating system hardening, Docker setup, SSH policy, and BGP service provisioning. Bird2 templates enforce route filtering, RPKI validation, and policy-driven import/export behavior, while a follow-up iBGP role distributes edge peering updates across core systems.
The destroy workflow is symmetrical: deprovisioning tears down compute resources and post-provisioning artifacts, including DNS records, so environments can be removed cleanly without stale entries.
Highlights & Learnings
The biggest value is repeatability: adding capacity in another region is mostly a configuration change, not a manual server build. This reduced drift between nodes and made rollouts more predictable, especially when combining infrastructure provisioning with routing policy deployment.
Building this stack strengthened automation patterns around provider abstraction, idempotent configuration management, and safe routing operations. It also created a solid foundation for future enhancements such as broader provider support, stricter policy validation, and more advanced deployment gates.