* [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements
@ 2021-04-21 21:49 Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
- fix broken evpn tests since last commit
https://lists.proxmox.com/pipermail/pve-devel/2021-April/047521.html
- add ebgp-multihop option
(replace https://lists.proxmox.com/pipermail/pve-devel/2021-April/047547.html)
Changelog v2:
- move mac address option from vnet to evpn zone(this is only need for evpn anycast gateway)
- readd lost ip-forward,ip6-forward,arp-accept since subnet implementation
- fix ipv6 snat
- tests : add ipv6 and ipv4v6 tests
- tests: add an hetzner routed setup with mutiple /32 && a full /29
Changelog v3:
- increase controllerid max characters
*** BLURB HERE ***
Alexandre Derumier (6):
tests: fix evpn vrf
bgp: add ebgp_multihop option
zones: evpn: move vnet mac option to evpn zone plugin
zones: evpn: fix arp-accept && ip-forward + ipv6 snat
zones: simple: fix ip-forward && ipv6 snat
controllers: increase controllerid to 64 characters max
PVE/Network/SDN/Controllers/BgpPlugin.pm | 7 +++
PVE/Network/SDN/Controllers/Plugin.pm | 2 +-
PVE/Network/SDN/VnetPlugin.pm | 6 ---
PVE/Network/SDN/Zones/EvpnPlugin.pm | 46 +++++++++++++------
PVE/Network/SDN/Zones/SimplePlugin.pm | 34 ++++++++++----
.../evpn/ebgp/expected_controller_config | 1 +
test/zones/evpn/ebgp/expected_sdn_interfaces | 3 ++
test/zones/evpn/ebgp/sdn_config | 2 +-
.../ebgp_loopback/expected_sdn_interfaces | 3 ++
.../evpn/exitnode/expected_sdn_interfaces | 3 ++
.../exitnode_snat/expected_sdn_interfaces | 26 +++++++++++
test/zones/evpn/exitnode_snat/sdn_config | 12 ++++-
test/zones/evpn/ipv4/expected_sdn_interfaces | 4 ++
test/zones/evpn/ipv4/sdn_config | 2 +-
.../evpn/ipv4ipv6/expected_controller_config | 31 +++++++++++++
.../evpn/ipv4ipv6/expected_sdn_interfaces | 44 ++++++++++++++++++
test/zones/evpn/ipv4ipv6/interfaces | 7 +++
test/zones/evpn/ipv4ipv6/sdn_config | 32 +++++++++++++
.../evpn/ipv6/expected_controller_config | 31 +++++++++++++
test/zones/evpn/ipv6/expected_sdn_interfaces | 42 +++++++++++++++++
test/zones/evpn/ipv6/interfaces | 7 +++
test/zones/evpn/ipv6/sdn_config | 27 +++++++++++
.../simple/hetzner/expected_sdn_interfaces | 19 ++++++++
test/zones/simple/hetzner/interfaces | 6 +++
test/zones/simple/hetzner/sdn_config | 34 ++++++++++++++
.../zones/simple/ipv4/expected_sdn_interfaces | 1 +
.../simple/ipv4snat/expected_sdn_interfaces | 1 +
.../simple/ipv4v6/expected_sdn_interfaces | 11 +++++
test/zones/simple/ipv4v6/interfaces | 5 ++
test/zones/simple/ipv4v6/sdn_config | 27 +++++++++++
.../simple/ipv6snat/expected_sdn_interfaces | 13 ++++++
test/zones/simple/ipv6snat/interfaces | 7 +++
test/zones/simple/ipv6snat/sdn_config | 24 ++++++++++
33 files changed, 488 insertions(+), 32 deletions(-)
create mode 100644 test/zones/evpn/ipv4ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/sdn_config
create mode 100644 test/zones/evpn/ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv6/interfaces
create mode 100644 test/zones/evpn/ipv6/sdn_config
create mode 100644 test/zones/simple/hetzner/expected_sdn_interfaces
create mode 100644 test/zones/simple/hetzner/interfaces
create mode 100644 test/zones/simple/hetzner/sdn_config
create mode 100644 test/zones/simple/ipv4v6/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv4v6/interfaces
create mode 100644 test/zones/simple/ipv4v6/sdn_config
create mode 100644 test/zones/simple/ipv6snat/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv6snat/interfaces
create mode 100644 test/zones/simple/ipv6snat/sdn_config
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option Alexandre Derumier
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
test/zones/evpn/ebgp/expected_sdn_interfaces | 1 +
test/zones/evpn/ebgp_loopback/expected_sdn_interfaces | 1 +
test/zones/evpn/exitnode/expected_sdn_interfaces | 1 +
test/zones/evpn/exitnode_snat/expected_sdn_interfaces | 1 +
test/zones/evpn/ipv4/expected_sdn_interfaces | 1 +
5 files changed, 5 insertions(+)
diff --git a/test/zones/evpn/ebgp/expected_sdn_interfaces b/test/zones/evpn/ebgp/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/ebgp/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/exitnode/expected_sdn_interfaces b/test/zones/evpn/exitnode/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/exitnode/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
index b364a58..e8093a2 100644
--- a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
@@ -16,6 +16,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/ipv4/expected_sdn_interfaces b/test/zones/evpn/ipv4/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/ipv4/expected_sdn_interfaces
+++ b/test/zones/evpn/ipv4/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin Alexandre Derumier
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Controllers/BgpPlugin.pm | 7 +++++++
test/zones/evpn/ebgp/expected_controller_config | 1 +
test/zones/evpn/ebgp/sdn_config | 2 +-
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index e5d8490..69c688b 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -24,6 +24,10 @@ sub properties {
optional => 1,
description => "Enable ebgp. (remote-as external)",
},
+ 'ebgp-multihop' => {
+ type => 'integer',
+ optional => 1,
+ },
loopback => {
description => "source loopback interface.",
type => 'string'
@@ -38,6 +42,7 @@ sub options {
'asn' => { optional => 0 },
'peers' => { optional => 0 },
'ebgp' => { optional => 1 },
+ 'ebgp-multihop' => { optional => 1 },
'loopback' => { optional => 1 },
};
}
@@ -51,6 +56,7 @@ sub generate_controller_config {
my $asn = $plugin_config->{asn};
my $ebgp = $plugin_config->{ebgp};
+ my $ebgp_multihop = $plugin_config->{'ebgp-multihop'};
my $loopback = $plugin_config->{loopback};
my $local_node = PVE::INotify::nodename();
@@ -85,6 +91,7 @@ sub generate_controller_config {
push @controller_config, "neighbor BGP peer-group";
push @controller_config, "neighbor BGP remote-as $remoteas";
push @controller_config, "neighbor BGP bfd";
+ push @controller_config, "neighbor BGP ebgp-multihop $ebgp_multihop" if $ebgp && $ebgp_multihop;
}
# BGP peers
diff --git a/test/zones/evpn/ebgp/expected_controller_config b/test/zones/evpn/ebgp/expected_controller_config
index 4c42012..be3e1af 100644
--- a/test/zones/evpn/ebgp/expected_controller_config
+++ b/test/zones/evpn/ebgp/expected_controller_config
@@ -23,6 +23,7 @@ router bgp 65001
neighbor BGP peer-group
neighbor BGP remote-as external
neighbor BGP bfd
+ neighbor BGP ebgp-multihop 3
neighbor 192.168.0.252 peer-group BGP
neighbor 192.168.0.253 peer-group BGP
!
diff --git a/test/zones/evpn/ebgp/sdn_config b/test/zones/evpn/ebgp/sdn_config
index 379dc14..91c1b61 100644
--- a/test/zones/evpn/ebgp/sdn_config
+++ b/test/zones/evpn/ebgp/sdn_config
@@ -12,7 +12,7 @@
controllers => {
ids => {
evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" },
- localhost => { type => "bgp", 'peers' => '192.168.0.252,192.168.0.253', ebgp => "1", asn => "65001", node => "localhost" },
+ localhost => { type => "bgp", 'peers' => '192.168.0.252,192.168.0.253', ebgp => "1", 'ebgp-multihop' => '3', asn => "65001", node => "localhost" },
},
},
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat Alexandre Derumier
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
This is only used by evpn plugin, and we can have
same anycast mac for all vnets like cisco,juniper,arista...
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/VnetPlugin.pm | 6 ------
PVE/Network/SDN/Zones/EvpnPlugin.pm | 17 +++++++++++------
test/zones/evpn/ipv4/expected_sdn_interfaces | 1 +
test/zones/evpn/ipv4/sdn_config | 2 +-
4 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm
index 34841ae..96a13b4 100644
--- a/PVE/Network/SDN/VnetPlugin.pm
+++ b/PVE/Network/SDN/VnetPlugin.pm
@@ -70,11 +70,6 @@ sub properties {
description => "alias name of the vnet",
optional => 1,
},
- mac => {
- type => 'string',
- description => "Anycast router mac address",
- optional => 1, format => 'mac-addr'
- }
};
}
@@ -83,7 +78,6 @@ sub options {
zone => { optional => 0},
tag => { optional => 1},
alias => { optional => 1 },
- mac => { optional => 1 },
vlanaware => { optional => 1 },
};
}
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index ca000cf..d68d3ee 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -28,6 +28,11 @@ sub properties {
type => 'string',
description => "Frr router name",
},
+ 'mac' => {
+ type => 'string',
+ description => "Anycast logical router mac address",
+ optional => 1, format => 'mac-addr'
+ },
'exitnodes' => get_standard_option('pve-node-list'),
};
}
@@ -40,6 +45,7 @@ sub options {
controller => { optional => 0 },
exitnodes => { optional => 1 },
mtu => { optional => 1 },
+ mac => { optional => 1 },
dns => { optional => 1 },
reversedns => { optional => 1 },
dnszone => { optional => 1 },
@@ -55,7 +61,7 @@ sub generate_sdn_config {
my $alias = $vnet->{alias};
my $ipv4 = $vnet->{ipv4};
my $ipv6 = $vnet->{ipv6};
- my $mac = $vnet->{mac};
+ my $mac = $plugin_config->{'mac'};
my $vrf_iface = "vrf_$zoneid";
my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
@@ -184,6 +190,10 @@ sub on_update_hook {
if (defined($zone_cfg->{ids}->{$id}->{'vrf-vxlan'}) && $zone_cfg->{ids}->{$id}->{'vrf-vxlan'} eq $vrfvxlan);
}
+ if (!defined($zone_cfg->{ids}->{$zoneid}->{'mac'})) {
+ my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ $zone_cfg->{ids}->{$zoneid}->{'mac'} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
+ }
}
@@ -206,11 +216,6 @@ sub vnet_update_hook {
next if $other_zone->{type} ne 'vxlan' && $other_zone->{type} ne 'evpn';
raise_param_exc({ tag => "vxlan tag $tag already exist in vnet $id in zone $other_zoneid "}) if $other_tag && $tag eq $other_tag;
}
-
- if (!defined($vnet->{mac})) {
- my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
- $vnet->{mac} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
- }
}
diff --git a/test/zones/evpn/ipv4/expected_sdn_interfaces b/test/zones/evpn/ipv4/expected_sdn_interfaces
index 6d2d3b6..e2d5a75 100644
--- a/test/zones/evpn/ipv4/expected_sdn_interfaces
+++ b/test/zones/evpn/ipv4/expected_sdn_interfaces
@@ -3,6 +3,7 @@
auto myvnet
iface myvnet
address 10.0.0.1/24
+ hwaddress A2:1D:CB:1A:C0:8B
bridge_ports vxlan_myvnet
bridge_stp off
bridge_fd 0
diff --git a/test/zones/evpn/ipv4/sdn_config b/test/zones/evpn/ipv4/sdn_config
index 4c115a9..dd73b5c 100644
--- a/test/zones/evpn/ipv4/sdn_config
+++ b/test/zones/evpn/ipv4/sdn_config
@@ -7,7 +7,7 @@
},
zones => {
- ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000 } },
+ ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
},
controllers => {
ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (2 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && " Alexandre Derumier
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
they were lost during subnet work
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Zones/EvpnPlugin.pm | 29 +++++++++---
test/zones/evpn/ebgp/expected_sdn_interfaces | 2 +
.../ebgp_loopback/expected_sdn_interfaces | 2 +
.../evpn/exitnode/expected_sdn_interfaces | 2 +
.../exitnode_snat/expected_sdn_interfaces | 25 +++++++++++
test/zones/evpn/exitnode_snat/sdn_config | 12 ++++-
test/zones/evpn/ipv4/expected_sdn_interfaces | 2 +
.../evpn/ipv4ipv6/expected_controller_config | 31 +++++++++++++
.../evpn/ipv4ipv6/expected_sdn_interfaces | 44 +++++++++++++++++++
test/zones/evpn/ipv4ipv6/interfaces | 7 +++
test/zones/evpn/ipv4ipv6/sdn_config | 32 ++++++++++++++
.../evpn/ipv6/expected_controller_config | 31 +++++++++++++
test/zones/evpn/ipv6/expected_sdn_interfaces | 42 ++++++++++++++++++
test/zones/evpn/ipv6/interfaces | 7 +++
test/zones/evpn/ipv6/sdn_config | 27 ++++++++++++
15 files changed, 286 insertions(+), 9 deletions(-)
create mode 100644 test/zones/evpn/ipv4ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/sdn_config
create mode 100644 test/zones/evpn/ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv6/interfaces
create mode 100644 test/zones/evpn/ipv6/sdn_config
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index d68d3ee..8d5250c 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -9,6 +9,7 @@ use PVE::Tools qw($IPV4RE);
use PVE::INotify;
use PVE::Cluster;
use PVE::Tools;
+use Net::IP;
use PVE::Network::SDN::Controllers::EvpnPlugin;
@@ -59,8 +60,6 @@ sub generate_sdn_config {
my $tag = $vnet->{tag};
my $alias = $vnet->{alias};
- my $ipv4 = $vnet->{ipv4};
- my $ipv6 = $vnet->{ipv6};
my $mac = $plugin_config->{'mac'};
my $vrf_iface = "vrf_$zoneid";
@@ -95,6 +94,8 @@ sub generate_sdn_config {
@iface_config = ();
my $address = {};
+ my $ipv4 = undef;
+ my $ipv6 = undef;
my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
@@ -107,19 +108,33 @@ sub generate_sdn_config {
$address->{$gateway} = 1;
}
+ my $iptables = undef;
+ my $checkrouteip = undef;
+ my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
+
+ if ($ipversion == 6) {
+ $ipv6 = 1;
+ $iptables = "ip6tables";
+ $checkrouteip = '2001:4860:4860::8888';
+ } else {
+ $ipv4 = 1;
+ $iptables = "iptables";
+ $checkrouteip = '8.8.8.8';
+ }
+
if ($subnet->{snat}) {
my $is_evpn_gateway = $plugin_config->{'exitnodes'}->{$local_node};
#find outgoing interface
- my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip('8.8.8.8');
+ my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
if ($outip && $outiface && $is_evpn_gateway) {
#use snat, faster than masquerade
- push @iface_config, "post-up iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
- push @iface_config, "post-down iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
#add conntrack zone once on outgoing interface
- push @iface_config, "post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
- push @iface_config, "post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
}
}
}
diff --git a/test/zones/evpn/ebgp/expected_sdn_interfaces b/test/zones/evpn/ebgp/expected_sdn_interfaces
index 6d2d3b6..4cf13e0 100644
--- a/test/zones/evpn/ebgp/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp/expected_sdn_interfaces
@@ -7,6 +7,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
index 6d2d3b6..4cf13e0 100644
--- a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
@@ -7,6 +7,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/exitnode/expected_sdn_interfaces b/test/zones/evpn/exitnode/expected_sdn_interfaces
index 6d2d3b6..4cf13e0 100644
--- a/test/zones/evpn/exitnode/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode/expected_sdn_interfaces
@@ -7,6 +7,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
index e8093a2..a2a183e 100644
--- a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
@@ -11,6 +11,23 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto myvnet2
+iface myvnet2
+ address 2a08:2142:302:3::1/64
+ post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
+ post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
+ bridge_ports vxlan_myvnet2
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip6-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
@@ -41,3 +58,11 @@ iface vxlan_myvnet
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
+
+auto vxlan_myvnet2
+iface vxlan_myvnet2
+ vxlan-id 200
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/test/zones/evpn/exitnode_snat/sdn_config b/test/zones/evpn/exitnode_snat/sdn_config
index f40e8bd..35cdf5d 100644
--- a/test/zones/evpn/exitnode_snat/sdn_config
+++ b/test/zones/evpn/exitnode_snat/sdn_config
@@ -3,6 +3,7 @@
vnets => {
ids => {
myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ myvnet2 => { tag => "200", type => "vnet", zone => "myzone" },
},
},
@@ -14,12 +15,19 @@
},
subnets => {
- ids => { 'myzone-10.0.0.0-24' => {
+ ids => {
+ 'myzone-10.0.0.0-24' => {
'type' => 'subnet',
'vnet' => 'myvnet',
'gateway' => '10.0.0.1',
'snat' => 1
- }
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet2',
+ 'gateway' => '2a08:2142:302:3::1',
+ 'snat' => 1
+ }
}
}
}
diff --git a/test/zones/evpn/ipv4/expected_sdn_interfaces b/test/zones/evpn/ipv4/expected_sdn_interfaces
index e2d5a75..9d1c64c 100644
--- a/test/zones/evpn/ipv4/expected_sdn_interfaces
+++ b/test/zones/evpn/ipv4/expected_sdn_interfaces
@@ -8,6 +8,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/ipv4ipv6/expected_controller_config b/test/zones/evpn/ipv4ipv6/expected_controller_config
new file mode 100644
index 0000000..c0ca898
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/expected_controller_config
@@ -0,0 +1,31 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+ neighbor VTEP activate
+ advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/ipv4ipv6/expected_sdn_interfaces b/test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
new file mode 100644
index 0000000..7a5d741
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
@@ -0,0 +1,44 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 10.0.0.1/24
+ address 2a08:2142:302:3::1/64
+ hwaddress A2:1D:CB:1A:C0:8B
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip-forward on
+ ip6-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+ vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+ bridge-ports vrfvx_myzone
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+ vxlan-id 1000
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/test/zones/evpn/ipv4ipv6/interfaces b/test/zones/evpn/ipv4ipv6/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/evpn/ipv4ipv6/sdn_config b/test/zones/evpn/ipv4ipv6/sdn_config
new file mode 100644
index 0000000..4583818
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/sdn_config
@@ -0,0 +1,32 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ },
+ },
+
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
+ },
+ controllers => {
+ ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-10.0.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '10.0.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
diff --git a/test/zones/evpn/ipv6/expected_controller_config b/test/zones/evpn/ipv6/expected_controller_config
new file mode 100644
index 0000000..c0ca898
--- /dev/null
+++ b/test/zones/evpn/ipv6/expected_controller_config
@@ -0,0 +1,31 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+ neighbor VTEP activate
+ advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/ipv6/expected_sdn_interfaces b/test/zones/evpn/ipv6/expected_sdn_interfaces
new file mode 100644
index 0000000..b2bdbfe
--- /dev/null
+++ b/test/zones/evpn/ipv6/expected_sdn_interfaces
@@ -0,0 +1,42 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 2a08:2142:302:3::1/64
+ hwaddress A2:1D:CB:1A:C0:8B
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip6-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+ vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+ bridge-ports vrfvx_myzone
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+ vxlan-id 1000
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/test/zones/evpn/ipv6/interfaces b/test/zones/evpn/ipv6/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/ipv6/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/evpn/ipv6/sdn_config b/test/zones/evpn/ipv6/sdn_config
new file mode 100644
index 0000000..949e886
--- /dev/null
+++ b/test/zones/evpn/ipv6/sdn_config
@@ -0,0 +1,27 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ },
+ },
+
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
+ },
+ controllers => {
+ ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && ipv6 snat
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (3 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max Alexandre Derumier
2021-04-22 8:06 ` [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements Thomas Lamprecht
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Zones/SimplePlugin.pm | 34 ++++++++++++++-----
.../simple/hetzner/expected_sdn_interfaces | 19 +++++++++++
test/zones/simple/hetzner/interfaces | 6 ++++
test/zones/simple/hetzner/sdn_config | 34 +++++++++++++++++++
.../zones/simple/ipv4/expected_sdn_interfaces | 1 +
.../simple/ipv4snat/expected_sdn_interfaces | 1 +
.../simple/ipv4v6/expected_sdn_interfaces | 11 ++++++
test/zones/simple/ipv4v6/interfaces | 5 +++
test/zones/simple/ipv4v6/sdn_config | 27 +++++++++++++++
.../simple/ipv6snat/expected_sdn_interfaces | 13 +++++++
test/zones/simple/ipv6snat/interfaces | 7 ++++
test/zones/simple/ipv6snat/sdn_config | 24 +++++++++++++
12 files changed, 174 insertions(+), 8 deletions(-)
create mode 100644 test/zones/simple/hetzner/expected_sdn_interfaces
create mode 100644 test/zones/simple/hetzner/interfaces
create mode 100644 test/zones/simple/hetzner/sdn_config
create mode 100644 test/zones/simple/ipv4v6/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv4v6/interfaces
create mode 100644 test/zones/simple/ipv4v6/sdn_config
create mode 100644 test/zones/simple/ipv6snat/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv6snat/interfaces
create mode 100644 test/zones/simple/ipv6snat/sdn_config
diff --git a/PVE/Network/SDN/Zones/SimplePlugin.pm b/PVE/Network/SDN/Zones/SimplePlugin.pm
index 9f74f3e..caea5a8 100644
--- a/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -47,8 +47,6 @@ sub generate_sdn_config {
return $config if$config->{$vnetid}; # nothing to do
- my $ipv4 = $vnet->{ipv4};
- my $ipv6 = $vnet->{ipv6};
my $mac = $vnet->{mac};
my $alias = $vnet->{alias};
my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu};
@@ -59,6 +57,9 @@ sub generate_sdn_config {
my $address = {};
my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+ my $ipv4 = undef;
+ my $ipv6 = undef;
+
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
my $cidr = $subnet->{cidr};
@@ -69,18 +70,33 @@ sub generate_sdn_config {
push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
$address->{$gateway} = 1;
}
+
+ my $iptables = undef;
+ my $checkrouteip = undef;
+ my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
+
+ if ( $ipversion == 6) {
+ $ipv6 = 1;
+ $iptables = "ip6tables";
+ $checkrouteip = '2001:4860:4860::8888';
+ } else {
+ $ipv4 = 1;
+ $iptables = "iptables";
+ $checkrouteip = '8.8.8.8';
+ }
+
#add route for /32 pointtopoint
- push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32;
+ push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
if ($subnet->{snat}) {
#find outgoing interface
- my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip('8.8.8.8');
+ my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
if ($outip && $outiface) {
#use snat, faster than masquerade
- push @iface_config, "post-up iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
- push @iface_config, "post-down iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
#add conntrack zone once on outgoing interface
- push @iface_config, "post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
- push @iface_config, "post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
}
}
}
@@ -95,6 +111,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
+ push @iface_config, "ip-forward on" if $ipv4;
+ push @iface_config, "ip6-forward on" if $ipv6;
push @{$config->{$vnetid}}, @iface_config;
diff --git a/test/zones/simple/hetzner/expected_sdn_interfaces b/test/zones/simple/hetzner/expected_sdn_interfaces
new file mode 100644
index 0000000..f47ac53
--- /dev/null
+++ b/test/zones/simple/hetzner/expected_sdn_interfaces
@@ -0,0 +1,19 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 144.76.100.65/29
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip-forward on
+
+auto myvnet2
+iface myvnet2
+ address 144.76.0.1/32
+ up ip route add 144.76.200.65/32 dev myvnet2
+ up ip route add 144.76.200.66/32 dev myvnet2
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip-forward on
diff --git a/test/zones/simple/hetzner/interfaces b/test/zones/simple/hetzner/interfaces
new file mode 100644
index 0000000..5ab9635
--- /dev/null
+++ b/test/zones/simple/hetzner/interfaces
@@ -0,0 +1,6 @@
+auto eth0
+iface eth0 inet static
+ address 144.76.0.1
+ netmask 255.255.255.255
+ pointopoint 172.31.1.1
+ gateway 172.31.1.1
\ No newline at end of file
diff --git a/test/zones/simple/hetzner/sdn_config b/test/zones/simple/hetzner/sdn_config
new file mode 100644
index 0000000..30773ca
--- /dev/null
+++ b/test/zones/simple/hetzner/sdn_config
@@ -0,0 +1,34 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone" },
+ myvnet2 => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "simple" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-144.76.100.64-29' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '144.76.100.65',
+ },
+ 'myzone-144.76.200.65-32' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet2',
+ 'gateway' => '144.76.0.1',
+ },
+ 'myzone-144.76.200.66-32' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet2',
+ 'gateway' => '144.76.0.1',
+ },
+ }
+ }
+}
+
+
diff --git a/test/zones/simple/ipv4/expected_sdn_interfaces b/test/zones/simple/ipv4/expected_sdn_interfaces
index d84075d..06e43ad 100644
--- a/test/zones/simple/ipv4/expected_sdn_interfaces
+++ b/test/zones/simple/ipv4/expected_sdn_interfaces
@@ -6,3 +6,4 @@ iface myvnet
bridge_ports none
bridge_stp off
bridge_fd 0
+ ip-forward on
diff --git a/test/zones/simple/ipv4snat/expected_sdn_interfaces b/test/zones/simple/ipv4snat/expected_sdn_interfaces
index c822af1..69d7986 100644
--- a/test/zones/simple/ipv4snat/expected_sdn_interfaces
+++ b/test/zones/simple/ipv4snat/expected_sdn_interfaces
@@ -10,3 +10,4 @@ iface myvnet
bridge_ports none
bridge_stp off
bridge_fd 0
+ ip-forward on
diff --git a/test/zones/simple/ipv4v6/expected_sdn_interfaces b/test/zones/simple/ipv4v6/expected_sdn_interfaces
new file mode 100644
index 0000000..34ed5db
--- /dev/null
+++ b/test/zones/simple/ipv4v6/expected_sdn_interfaces
@@ -0,0 +1,11 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 192.168.0.1/24
+ address 2a08:2142:302:3::1/64
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip-forward on
+ ip6-forward on
diff --git a/test/zones/simple/ipv4v6/interfaces b/test/zones/simple/ipv4v6/interfaces
new file mode 100644
index 0000000..68b6a88
--- /dev/null
+++ b/test/zones/simple/ipv4v6/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/simple/ipv4v6/sdn_config b/test/zones/simple/ipv4v6/sdn_config
new file mode 100644
index 0000000..b8ed848
--- /dev/null
+++ b/test/zones/simple/ipv4v6/sdn_config
@@ -0,0 +1,27 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "simple" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
diff --git a/test/zones/simple/ipv6snat/expected_sdn_interfaces b/test/zones/simple/ipv6snat/expected_sdn_interfaces
new file mode 100644
index 0000000..d3adc24
--- /dev/null
+++ b/test/zones/simple/ipv6snat/expected_sdn_interfaces
@@ -0,0 +1,13 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 2a08:2142:302:3::1/64
+ post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
+ post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip6-forward on
diff --git a/test/zones/simple/ipv6snat/interfaces b/test/zones/simple/ipv6snat/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/simple/ipv6snat/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/simple/ipv6snat/sdn_config b/test/zones/simple/ipv6snat/sdn_config
new file mode 100644
index 0000000..bc38527
--- /dev/null
+++ b/test/zones/simple/ipv6snat/sdn_config
@@ -0,0 +1,24 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "simple" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ 'snat' => 1
+ }
+ }
+ }
+}
+
+
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (4 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && " Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-22 8:06 ` [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements Thomas Lamprecht
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Controllers/Plugin.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/Network/SDN/Controllers/Plugin.pm b/PVE/Network/SDN/Controllers/Plugin.pm
index 8b5bd4f..b035492 100644
--- a/PVE/Network/SDN/Controllers/Plugin.pm
+++ b/PVE/Network/SDN/Controllers/Plugin.pm
@@ -28,7 +28,7 @@ sub parse_sdn_controller_id {
return undef if $noerr;
die "controller ID '$id' contains illegal characters\n";
}
- die "controller ID '$id' can't be more length than 10 characters\n" if length($id) > 10;
+ die "controller ID '$id' can't be more length than 64 characters\n" if length($id) > 64;
return $id;
}
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (5 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max Alexandre Derumier
@ 2021-04-22 8:06 ` Thomas Lamprecht
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Lamprecht @ 2021-04-22 8:06 UTC (permalink / raw)
To: Proxmox VE development discussion, Alexandre Derumier
On 21.04.21 23:49, Alexandre Derumier wrote:
> - fix broken evpn tests since last commit
> https://lists.proxmox.com/pipermail/pve-devel/2021-April/047521.html
>
> - add ebgp-multihop option
> (replace https://lists.proxmox.com/pipermail/pve-devel/2021-April/047547.html)
>
>
> Changelog v2:
>
> - move mac address option from vnet to evpn zone(this is only need for evpn anycast gateway)
> - readd lost ip-forward,ip6-forward,arp-accept since subnet implementation
> - fix ipv6 snat
> - tests : add ipv6 and ipv4v6 tests
> - tests: add an hetzner routed setup with mutiple /32 && a full /29
>
> Changelog v3:
> - increase controllerid max characters
>
> *** BLURB HERE ***
>
> Alexandre Derumier (6):
> tests: fix evpn vrf
> bgp: add ebgp_multihop option
> zones: evpn: move vnet mac option to evpn zone plugin
> zones: evpn: fix arp-accept && ip-forward + ipv6 snat
> zones: simple: fix ip-forward && ipv6 snat
> controllers: increase controllerid to 64 characters max
applied series, thanks!
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-04-22 8:06 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && " Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max Alexandre Derumier
2021-04-22 8:06 ` [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.