From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id F1CB761D9F for ; Tue, 8 Sep 2020 05:52:37 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DEDF910C42 for ; Tue, 8 Sep 2020 05:52:07 +0200 (CEST) Received: from mailpro.odiso.net (mailpro.odiso.net [89.248.211.110]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 672D610C37 for ; Tue, 8 Sep 2020 05:52:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mailpro.odiso.net (Postfix) with ESMTP id 8D6A918EFC7C; Tue, 8 Sep 2020 05:52:04 +0200 (CEST) Received: from mailpro.odiso.net ([127.0.0.1]) by localhost (mailpro.odiso.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id WX5KanVC6O89; Tue, 8 Sep 2020 05:52:04 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mailpro.odiso.net (Postfix) with ESMTP id 728F518EFC7D; Tue, 8 Sep 2020 05:52:04 +0200 (CEST) X-Virus-Scanned: amavisd-new at mailpro.odiso.com Received: from mailpro.odiso.net ([127.0.0.1]) by localhost (mailpro.odiso.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id i6eQC8rmUA0N; Tue, 8 Sep 2020 05:52:04 +0200 (CEST) Received: from mailpro.odiso.net (mailpro.odiso.net [10.1.31.111]) by mailpro.odiso.net (Postfix) with ESMTP id 5A3FE18EFC7C; Tue, 8 Sep 2020 05:52:04 +0200 (CEST) Date: Tue, 8 Sep 2020 05:52:04 +0200 (CEST) From: Alexandre DERUMIER To: Thomas Lamprecht Cc: Proxmox VE development discussion Message-ID: <1480692740.435706.1599537124012.JavaMail.zimbra@odiso.com> In-Reply-To: References: <20200824164923.12652-1-aderumier@odiso.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailer: Zimbra 8.8.12_GA_3866 (ZimbraWebClient - GC83 (Linux)/8.8.12_GA_3844) Thread-Topic: POC : add/del/update ip from vnet-subnet-ipam Thread-Index: Mkyo98nGdfgS4l4DmL3N700WNcYOaw== X-SPAM-LEVEL: Spam detection results: 0 AWL 0.020 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2020 03:52:38 -0000 >>When trying this I got the gateway IP returned for both, as CT IP and gat= eway IP.=20 >>Did not checked this patch closer, but I figured that this behavior is ca= used by=20 >>the SDN code.=20 mmm, that's strange.=20 When you create or update the subnet, the gateway ip you define on the subn= et should be registered in the ipam. (you have enable an ipam right ?) Then, when you create CT, without any ip, it'll try to find first available= ip in ipam. (So if the gateway was not registered in ipam (bug maybe), that could expla= in why you have it both). for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW= ,I'm not sure that it's the best path location) >>On another node, do you think it makes sense to have vnets, subnets, IPam= , DNS completely=20 >>split and separated from each other? I mean, it is flexible, but a user n= eeds to do a lot=20 >>of, almost boilerplate-like, work to get this started.=20 >>Advanced users may profit from this, maybe we just need a "simple wizard"= for the easiest=20 >>beginner case..=20 Well for subnet, you can assign multiple subnets by vnet, so yes, it's real= ly need to by separated. (Somebody at hertzner for example, buying subnets or /32 failovers ips, and= want to add them to a vnet) IPAM/DNS, are more reusable configurations. (like api url,key,....). So I t= hink you'll define 1 or 2 of them max. I think subnet+ipam+dns are ip features. zones,vnets,controller are physical network features But, yes, a gui wizard could be great for fast setup.=20 ----- Mail original ----- De: "Thomas Lamprecht" =C3=80: "Proxmox VE development discussion" , = "aderumier" Envoy=C3=A9: Lundi 7 Septembre 2020 18:40:39 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip fro= m vnet-subnet-ipam On 24.08.20 18:49, Alexandre Derumier wrote:=20 > This is a POC to call ip to retreive ip address from ipam.=20 >=20 > (it's really just a poc && buggt , it need to be improve for vnet changes= , pending config apply/revert,...)=20 When trying this I got the gateway IP returned for both, as CT IP and gatew= ay IP.=20 Did not checked this patch closer, but I figured that this behavior is caus= ed by=20 the SDN code.=20 Using a simple zone with PVE IPam and snat subnet "10.12.13.0/24" with GW "= 10.12.13.1"=20 as test.=20 On another node, do you think it makes sense to have vnets, subnets, IPam, = DNS completely=20 split and separated from each other? I mean, it is flexible, but a user nee= ds to do a lot=20 of, almost boilerplate-like, work to get this started.=20 Advanced users may profit from this, maybe we just need a "simple wizard" f= or the easiest=20 beginner case..=20