From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aderumier@odiso.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id F1CB761D9F
 for <pve-devel@lists.proxmox.com>; Tue,  8 Sep 2020 05:52:37 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id DEDF910C42
 for <pve-devel@lists.proxmox.com>; Tue,  8 Sep 2020 05:52:07 +0200 (CEST)
Received: from mailpro.odiso.net (mailpro.odiso.net [89.248.211.110])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 672D610C37
 for <pve-devel@lists.proxmox.com>; Tue,  8 Sep 2020 05:52:06 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
 by mailpro.odiso.net (Postfix) with ESMTP id 8D6A918EFC7C;
 Tue,  8 Sep 2020 05:52:04 +0200 (CEST)
Received: from mailpro.odiso.net ([127.0.0.1])
 by localhost (mailpro.odiso.net [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id WX5KanVC6O89; Tue,  8 Sep 2020 05:52:04 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
 by mailpro.odiso.net (Postfix) with ESMTP id 728F518EFC7D;
 Tue,  8 Sep 2020 05:52:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at mailpro.odiso.com
Received: from mailpro.odiso.net ([127.0.0.1])
 by localhost (mailpro.odiso.net [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id i6eQC8rmUA0N; Tue,  8 Sep 2020 05:52:04 +0200 (CEST)
Received: from mailpro.odiso.net (mailpro.odiso.net [10.1.31.111])
 by mailpro.odiso.net (Postfix) with ESMTP id 5A3FE18EFC7C;
 Tue,  8 Sep 2020 05:52:04 +0200 (CEST)
Date: Tue, 8 Sep 2020 05:52:04 +0200 (CEST)
From: Alexandre DERUMIER <aderumier@odiso.com>
To: Thomas Lamprecht <t.lamprecht@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Message-ID: <1480692740.435706.1599537124012.JavaMail.zimbra@odiso.com>
In-Reply-To: <ac816804-567c-f82d-b574-84db4d6a8278@proxmox.com>
References: <20200824164923.12652-1-aderumier@odiso.com>
 <ac816804-567c-f82d-b574-84db4d6a8278@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailer: Zimbra 8.8.12_GA_3866 (ZimbraWebClient - GC83 (Linux)/8.8.12_GA_3844)
Thread-Topic: POC : add/del/update ip from vnet-subnet-ipam
Thread-Index: Mkyo98nGdfgS4l4DmL3N700WNcYOaw==
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.020 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip
 from vnet-subnet-ipam
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 03:52:38 -0000

>>When trying this I got the gateway IP returned for both, as CT IP and gat=
eway IP.=20
>>Did not checked this patch closer, but I figured that this behavior is ca=
used by=20
>>the SDN code.=20

mmm, that's strange.=20

When you create or update the subnet, the gateway ip you define on the subn=
et should be registered in the ipam.
(you have enable an ipam right ?)


Then, when you create CT, without any ip, it'll try to find first available=
 ip in ipam.
(So if the gateway was not registered in ipam (bug maybe), that could expla=
in why you have it both).

for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW=
,I'm not sure that it's the best path location)





>>On another node, do you think it makes sense to have vnets, subnets, IPam=
, DNS completely=20
>>split and separated from each other? I mean, it is flexible, but a user n=
eeds to do a lot=20
>>of, almost boilerplate-like, work to get this started.=20
>>Advanced users may profit from this, maybe we just need a "simple wizard"=
 for the easiest=20
>>beginner case..=20

Well for subnet, you can assign multiple subnets by vnet, so yes, it's real=
ly need to by separated.
(Somebody at hertzner for example, buying subnets or /32 failovers ips, and=
 want to add them to a vnet)
IPAM/DNS, are more reusable configurations. (like api url,key,....). So I t=
hink you'll define 1 or 2 of them max.

I think subnet+ipam+dns are ip features.
zones,vnets,controller are physical network features


But, yes, a gui wizard could be great for fast setup.=20


----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht@proxmox.com>
=C3=80: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>, =
"aderumier" <aderumier@odiso.com>
Envoy=C3=A9: Lundi 7 Septembre 2020 18:40:39
Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip fro=
m vnet-subnet-ipam

On 24.08.20 18:49, Alexandre Derumier wrote:=20
> This is a POC to call ip to retreive ip address from ipam.=20
>=20
> (it's really just a poc && buggt , it need to be improve for vnet changes=
, pending config apply/revert,...)=20

When trying this I got the gateway IP returned for both, as CT IP and gatew=
ay IP.=20
Did not checked this patch closer, but I figured that this behavior is caus=
ed by=20
the SDN code.=20

Using a simple zone with PVE IPam and snat subnet "10.12.13.0/24" with GW "=
10.12.13.1"=20
as test.=20

On another node, do you think it makes sense to have vnets, subnets, IPam, =
DNS completely=20
split and separated from each other? I mean, it is flexible, but a user nee=
ds to do a lot=20
of, almost boilerplate-like, work to get this started.=20
Advanced users may profit from this, maybe we just need a "simple wizard" f=
or the easiest=20
beginner case..=20