From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-network 7/7] zones: vxlan: add dhcp support
Date: Tue, 19 Dec 2023 09:32:16 +0100 [thread overview]
Message-ID: <20231219083216.2551645-8-aderumier@odiso.com> (raw)
In-Reply-To: <20231219083216.2551645-1-aderumier@odiso.com>
add gateway ip to vnet and force /32 for ipv4 to avoid
arp problem, and disable forwarding by security
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Zones/VxlanPlugin.pm | 32 +++++++++++++++++++
.../zones/vxlan/dhcp/expected_sdn_interfaces | 19 +++++++++++
src/test/zones/vxlan/dhcp/interfaces | 7 ++++
src/test/zones/vxlan/dhcp/sdn_config | 25 +++++++++++++++
.../vxlan/nodhcp/expected_sdn_interfaces | 15 +++++++++
src/test/zones/vxlan/nodhcp/interfaces | 7 ++++
src/test/zones/vxlan/nodhcp/sdn_config | 25 +++++++++++++++
7 files changed, 130 insertions(+)
create mode 100644 src/test/zones/vxlan/dhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/vxlan/dhcp/interfaces
create mode 100644 src/test/zones/vxlan/dhcp/sdn_config
create mode 100644 src/test/zones/vxlan/nodhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/vxlan/nodhcp/interfaces
create mode 100644 src/test/zones/vxlan/nodhcp/sdn_config
diff --git a/src/PVE/Network/SDN/Zones/VxlanPlugin.pm b/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
index 9a77bb9..7aa3c26 100644
--- a/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
@@ -48,6 +48,7 @@ sub options {
reversedns => { optional => 1 },
dnszone => { optional => 1 },
ipam => { optional => 1 },
+ dhcp => { optional => 1 },
};
}
@@ -59,6 +60,7 @@ sub generate_sdn_config {
my $alias = $vnet->{alias};
my $multicastaddress = $plugin_config->{'multicast-address'};
my $vxlanport = $plugin_config->{'vxlan-port'};
+ my $dhcp = $plugin_config->{'dhcp'};
my @peers;
@peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'};
my $vxlan_iface = "vxlan_$vnetid";
@@ -87,6 +89,34 @@ sub generate_sdn_config {
#vnet bridge
@iface_config = ();
+
+ my $disable_forward_v4 = undef;
+ my $disable_forward_v6 = undef;
+
+ if ($dhcp) {
+ my $address = {};
+ my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+
+ foreach my $subnetid (sort keys %{$subnets}) {
+ my $subnet = $subnets->{$subnetid};
+ my $gateway = $subnet->{gateway};
+
+ if ($gateway) {
+
+ my $mask = $subnet->{mask};
+ if (Net::IP::ip_is_ipv6($gateway)) {
+ $disable_forward_v6 = 1;
+ } else {
+ $mask = '32';
+ $disable_forward_v4 = 1;
+ }
+
+ push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
+ $address->{$gateway} = 1;
+ }
+ }
+ }
+
push @iface_config, "bridge_ports $vxlan_iface";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
@@ -96,6 +126,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
+ push @iface_config, "ip-forward off" if $disable_forward_v4;
+ push @iface_config, "ip6-forward off" if $disable_forward_v6;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
return $config;
diff --git a/src/test/zones/vxlan/dhcp/expected_sdn_interfaces b/src/test/zones/vxlan/dhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..d99efc2
--- /dev/null
+++ b/src/test/zones/vxlan/dhcp/expected_sdn_interfaces
@@ -0,0 +1,19 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 192.168.0.1/32
+ address 2a08:2142:302:3::1/64
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip-forward off
+ ip6-forward off
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan_remoteip 192.168.0.2
+ vxlan_remoteip 192.168.0.3
+ mtu 1450
diff --git a/src/test/zones/vxlan/dhcp/interfaces b/src/test/zones/vxlan/dhcp/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/vxlan/dhcp/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/vxlan/dhcp/sdn_config b/src/test/zones/vxlan/dhcp/sdn_config
new file mode 100644
index 0000000..3056165
--- /dev/null
+++ b/src/test/zones/vxlan/dhcp/sdn_config
@@ -0,0 +1,25 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "vxlan", peers => "192.168.0.1,192.168.0.2,192.168.0.3", dhcp => "dnsmasq" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
diff --git a/src/test/zones/vxlan/nodhcp/expected_sdn_interfaces b/src/test/zones/vxlan/nodhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..7b73c3e
--- /dev/null
+++ b/src/test/zones/vxlan/nodhcp/expected_sdn_interfaces
@@ -0,0 +1,15 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan_remoteip 192.168.0.2
+ vxlan_remoteip 192.168.0.3
+ mtu 1450
diff --git a/src/test/zones/vxlan/nodhcp/interfaces b/src/test/zones/vxlan/nodhcp/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/vxlan/nodhcp/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/vxlan/nodhcp/sdn_config b/src/test/zones/vxlan/nodhcp/sdn_config
new file mode 100644
index 0000000..338290d
--- /dev/null
+++ b/src/test/zones/vxlan/nodhcp/sdn_config
@@ -0,0 +1,25 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "vxlan", peers => "192.168.0.1,192.168.0.2,192.168.0.3" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
--
2.39.2
next prev parent reply other threads:[~2023-12-19 8:32 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 1/7] dhcp: add vrf support Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 2/7] dhcp: enable-ra on layer3 zones only Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 3/7] dnsmasq service: run service in vrf Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 4/7] zones: evpn: add dhcp support Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 5/7] zones: vlan: " Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 6/7] zones: qinq: " Alexandre Derumier
2023-12-19 8:32 ` Alexandre Derumier [this message]
2023-12-22 14:01 ` [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Stefan Hanreich
2023-12-22 21:27 ` DERUMIER, Alexandre
2024-02-22 10:13 ` Stefan Hanreich
[not found] ` <6c7a0c383c6aee77689433815775e27f5259da91.camel@groupe-cyllene.com>
2024-02-22 10:52 ` Stefan Hanreich
2024-11-13 9:48 ` Stefan Hanreich
2024-11-13 19:09 ` Stefan Hanreich
2024-11-14 10:29 ` Aaron Lauterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231219083216.2551645-8-aderumier@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.