From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id EE22668EE9 for ; Fri, 28 Aug 2020 14:40:53 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CEDBB21FE0 for ; Fri, 28 Aug 2020 14:40:23 +0200 (CEST) Received: from mailpro.odiso.net (mailpro.odiso.net [89.248.211.110]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 4852121F9B for ; Fri, 28 Aug 2020 14:40:22 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mailpro.odiso.net (Postfix) with ESMTP id 2A98315F9E23; Fri, 28 Aug 2020 14:40:22 +0200 (CEST) Received: from mailpro.odiso.net ([127.0.0.1]) by localhost (mailpro.odiso.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id vatvgGcMeSw5; Fri, 28 Aug 2020 14:40:22 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mailpro.odiso.net (Postfix) with ESMTP id 1311215F9E2B; Fri, 28 Aug 2020 14:40:22 +0200 (CEST) X-Virus-Scanned: amavisd-new at mailpro.odiso.com Received: from mailpro.odiso.net ([127.0.0.1]) by localhost (mailpro.odiso.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id cDC3EQVloxqr; Fri, 28 Aug 2020 14:40:22 +0200 (CEST) Received: from pve.fritz.box (unknown [213.211.148.86]) by mailpro.odiso.net (Postfix) with ESMTPSA id D76D915F9E2C; Fri, 28 Aug 2020 14:40:21 +0200 (CEST) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Date: Fri, 28 Aug 2020 14:40:17 +0200 Message-Id: <20200828124017.11746-3-aderumier@odiso.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200828124017.11746-1-aderumier@odiso.com> References: <20200828124017.11746-1-aderumier@odiso.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.000 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [readthedocs.io, phpipam.net, powerdns.com, 192.in-addr.arpa] WEIRD_PORT 0.001 Uses non-standard port number for HTTP Subject: [pve-devel] [PATCH v2 pve-docs 2/2] sdn : add subnet/ipam documentation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Aug 2020 12:40:54 -0000 Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 129 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 120 insertions(+), 9 deletions(-) diff --git a/pvesdn.adoc b/pvesdn.adoc index ed8652d..4b17bff 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -64,6 +64,11 @@ On the web-interface SDN feature have 4 main sections= for the configuration =20 * Controller: For complex setups to control Layer 3 routing =20 +* Subnets: Used to defined ip networks on Vnets. + +* Ipams: Allow to use external tools for ip managements (vm/ct ips) + +* Dns: Allow to define a dns server api for register vm/ct hostname/ip = addresses =20 [[pvesdn_config_main_sdn]] SDN @@ -117,13 +122,6 @@ VNet properties are: * VLAN Aware: Allow to add an extra VLAN tag in the virtual machine or container vNIC configurations or allow the guest OS to manage the VLAN= 's tag. =20 -* IPv4: an anycast IPv4 address, it will be configured on the underlying= bridge - on each node part of the Zone. It's only useful for `bgp-evpn` routing= . - -* IPv6: an anycast IPv6 address, it will be configured on the underlying= bridge - on each node part of the Zone. It's only useful for `bgp-evpn` routing= . - - [[pvesdn_config_controllers]] Controllers ~~~~~~~~~~~ @@ -149,8 +147,7 @@ Simple Zones This is the simplest plugin, it will create an isolated vnet bridge. This bridge is not linked to physical interfaces, VM traffic is only local to the node(s). -It can be used for NAT or routed setup. - +It can be also used for NAT or routed setup. =20 [[pvesdn_zone_plugin_vlan]] VLAN Zones @@ -269,6 +266,120 @@ gateway, but, for example, sent traffic to external= BGP routers, which handle (reverse) routing then dynamically you can use. For example `192.168.0.253,192.168.0.254' =20 +[[pvesdn_config_subnet]] +Subnets +~~~~~~~ + +A Subnet allow to define an ip network (ipv4 or ipv6). + +It can be used to restrict ip addresses you can define on a specific vne= t, +assign routes/gateway on vnet in layer3 zones, +enable snat on vnet in layer 3 zones, +auto assign ips on vm/ct through ipam plugin && dns registration through= dns plugins. + + +Subnet properties are: + +* ID: a cidr network address. Ex: 10.0.0.0/8 + +* Vnet: an associated vnet + +* Gateway: ip address for the default gateway of the network.=20 + On layer3 zones (simple/evpn plugins), it'll be deployed on t= he vnet. + =20 +* Snat: Optional, Enable Snat for layer3 zones (simple/evpn plugins) for= this subnet. + The subnet source ip will be natted to server outgoing interface= /ip. + On evpn zone, it's done only on evpn gateway-nodes. + +* Ipam: Optional, if you want to use an ipam tool for this subnet. + The subnet will be auto created in the ipam tool. + +* Dns: Optional, dns api server for forward zone. + +* Dnszone: Optional, dns domain name. Use to register hostname like . + The dns zone need to be already existing in dns server. + +* Dnszoneprefix: Optional, add a prefix to domain, like .prefi= x. + +* ReverseDns: Optional, reverse dns api server for reverse zone. + +* ReverseDnsZone: Optional, reverse dns domaine name. ex: 0.168.192.in-a= ddr.arpa + The dns reverse zone need to be already existing in dn= s server. + + +[[pvesdn_config_ipam]] +Ipams +~~~~~ +IPAM (IP address management) tools, are used to manage/assign ips on you= r devices on the network. +It can be used to find free ip address when you create a vm/ct for examp= le (not yet implemented). + + +[[pvesdn_ipam_plugins]] +Ipam Plugins +------------ + +[[pvesdn_ipam_plugin_pveipam]] +PVEIpam plugin +~~~~~~~~~~~~~~ + +This is an internal ipam for your proxmox cluster if you don't have exte= rnal ipam software + + +PVEIpam properties are: + +* nothing, simply define and ID. + +[[pvesdn_ipam_plugin_phpipam]] +PHPIpam plugin +~~~~~~~~~~~~~~ +https://phpipam.net/ + +You need to create an application in phpipam, and add an api token with = admin permission + +PHPipam properties are: + +* Url: The rest api url : http://phpipam.domain.com/api// +* Token: your api token +* Section: An integer id. Sections are group of subnets in phpipam.=20 + Default install have sectionid=3D1 for customers + +[[pvesdn_ipam_plugin_netbox]] +Netbox Ipam plugin +~~~~~~~~~~~~~~~~~~ +https://github.com/netbox-community/netbox + +you need to create an api token in netbox +https://netbox.readthedocs.io/en/stable/api/authentication + +PHPipam properties are: + +* Url: The rest api url: http://yournetbox.domain.com/api +* Token: your api token + +[[pvesdn_config_dns]] +Dns +~~~ +Dns is used to define a dns api server for registration of your hostname= /ip address + +[[pvesdn_dns_plugin_powerdns]] +Powerdns plugin +~~~~~~~~~~~~~~~ +https://doc.powerdns.com/authoritative/http-api/index.html + +you need to enable webserver && api in your powerdns config: + +---- +api=3Dyes +api-key=3Darandomgeneratedstring +webserver=3Dyes +webserver-port=3D8081 +---- + +Powerdns properties are: + +* Url: The rest api url: http://yourpowerdnserver.domain.com:8081/api/v1= /servers/localhost +* key: the api key +* ttl: default ttl for records =20 [[pvesdn_local_deployment_monitoring]] Local Deployment Monitoring --=20 2.20.1