* [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements
@ 2021-04-21 21:49 Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
- fix broken evpn tests since last commit
https://lists.proxmox.com/pipermail/pve-devel/2021-April/047521.html
- add ebgp-multihop option
(replace https://lists.proxmox.com/pipermail/pve-devel/2021-April/047547.html)
Changelog v2:
- move mac address option from vnet to evpn zone(this is only need for evpn anycast gateway)
- readd lost ip-forward,ip6-forward,arp-accept since subnet implementation
- fix ipv6 snat
- tests : add ipv6 and ipv4v6 tests
- tests: add an hetzner routed setup with mutiple /32 && a full /29
Changelog v3:
- increase controllerid max characters
*** BLURB HERE ***
Alexandre Derumier (6):
tests: fix evpn vrf
bgp: add ebgp_multihop option
zones: evpn: move vnet mac option to evpn zone plugin
zones: evpn: fix arp-accept && ip-forward + ipv6 snat
zones: simple: fix ip-forward && ipv6 snat
controllers: increase controllerid to 64 characters max
PVE/Network/SDN/Controllers/BgpPlugin.pm | 7 +++
PVE/Network/SDN/Controllers/Plugin.pm | 2 +-
PVE/Network/SDN/VnetPlugin.pm | 6 ---
PVE/Network/SDN/Zones/EvpnPlugin.pm | 46 +++++++++++++------
PVE/Network/SDN/Zones/SimplePlugin.pm | 34 ++++++++++----
.../evpn/ebgp/expected_controller_config | 1 +
test/zones/evpn/ebgp/expected_sdn_interfaces | 3 ++
test/zones/evpn/ebgp/sdn_config | 2 +-
.../ebgp_loopback/expected_sdn_interfaces | 3 ++
.../evpn/exitnode/expected_sdn_interfaces | 3 ++
.../exitnode_snat/expected_sdn_interfaces | 26 +++++++++++
test/zones/evpn/exitnode_snat/sdn_config | 12 ++++-
test/zones/evpn/ipv4/expected_sdn_interfaces | 4 ++
test/zones/evpn/ipv4/sdn_config | 2 +-
.../evpn/ipv4ipv6/expected_controller_config | 31 +++++++++++++
.../evpn/ipv4ipv6/expected_sdn_interfaces | 44 ++++++++++++++++++
test/zones/evpn/ipv4ipv6/interfaces | 7 +++
test/zones/evpn/ipv4ipv6/sdn_config | 32 +++++++++++++
.../evpn/ipv6/expected_controller_config | 31 +++++++++++++
test/zones/evpn/ipv6/expected_sdn_interfaces | 42 +++++++++++++++++
test/zones/evpn/ipv6/interfaces | 7 +++
test/zones/evpn/ipv6/sdn_config | 27 +++++++++++
.../simple/hetzner/expected_sdn_interfaces | 19 ++++++++
test/zones/simple/hetzner/interfaces | 6 +++
test/zones/simple/hetzner/sdn_config | 34 ++++++++++++++
.../zones/simple/ipv4/expected_sdn_interfaces | 1 +
.../simple/ipv4snat/expected_sdn_interfaces | 1 +
.../simple/ipv4v6/expected_sdn_interfaces | 11 +++++
test/zones/simple/ipv4v6/interfaces | 5 ++
test/zones/simple/ipv4v6/sdn_config | 27 +++++++++++
.../simple/ipv6snat/expected_sdn_interfaces | 13 ++++++
test/zones/simple/ipv6snat/interfaces | 7 +++
test/zones/simple/ipv6snat/sdn_config | 24 ++++++++++
33 files changed, 488 insertions(+), 32 deletions(-)
create mode 100644 test/zones/evpn/ipv4ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/sdn_config
create mode 100644 test/zones/evpn/ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv6/interfaces
create mode 100644 test/zones/evpn/ipv6/sdn_config
create mode 100644 test/zones/simple/hetzner/expected_sdn_interfaces
create mode 100644 test/zones/simple/hetzner/interfaces
create mode 100644 test/zones/simple/hetzner/sdn_config
create mode 100644 test/zones/simple/ipv4v6/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv4v6/interfaces
create mode 100644 test/zones/simple/ipv4v6/sdn_config
create mode 100644 test/zones/simple/ipv6snat/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv6snat/interfaces
create mode 100644 test/zones/simple/ipv6snat/sdn_config
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option Alexandre Derumier
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
test/zones/evpn/ebgp/expected_sdn_interfaces | 1 +
test/zones/evpn/ebgp_loopback/expected_sdn_interfaces | 1 +
test/zones/evpn/exitnode/expected_sdn_interfaces | 1 +
test/zones/evpn/exitnode_snat/expected_sdn_interfaces | 1 +
test/zones/evpn/ipv4/expected_sdn_interfaces | 1 +
5 files changed, 5 insertions(+)
diff --git a/test/zones/evpn/ebgp/expected_sdn_interfaces b/test/zones/evpn/ebgp/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/ebgp/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/exitnode/expected_sdn_interfaces b/test/zones/evpn/exitnode/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/exitnode/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
index b364a58..e8093a2 100644
--- a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
@@ -16,6 +16,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
diff --git a/test/zones/evpn/ipv4/expected_sdn_interfaces b/test/zones/evpn/ipv4/expected_sdn_interfaces
index 799dcb7..6d2d3b6 100644
--- a/test/zones/evpn/ipv4/expected_sdn_interfaces
+++ b/test/zones/evpn/ipv4/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
auto vrf_myzone
iface vrf_myzone
vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin Alexandre Derumier
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Controllers/BgpPlugin.pm | 7 +++++++
test/zones/evpn/ebgp/expected_controller_config | 1 +
test/zones/evpn/ebgp/sdn_config | 2 +-
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index e5d8490..69c688b 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -24,6 +24,10 @@ sub properties {
optional => 1,
description => "Enable ebgp. (remote-as external)",
},
+ 'ebgp-multihop' => {
+ type => 'integer',
+ optional => 1,
+ },
loopback => {
description => "source loopback interface.",
type => 'string'
@@ -38,6 +42,7 @@ sub options {
'asn' => { optional => 0 },
'peers' => { optional => 0 },
'ebgp' => { optional => 1 },
+ 'ebgp-multihop' => { optional => 1 },
'loopback' => { optional => 1 },
};
}
@@ -51,6 +56,7 @@ sub generate_controller_config {
my $asn = $plugin_config->{asn};
my $ebgp = $plugin_config->{ebgp};
+ my $ebgp_multihop = $plugin_config->{'ebgp-multihop'};
my $loopback = $plugin_config->{loopback};
my $local_node = PVE::INotify::nodename();
@@ -85,6 +91,7 @@ sub generate_controller_config {
push @controller_config, "neighbor BGP peer-group";
push @controller_config, "neighbor BGP remote-as $remoteas";
push @controller_config, "neighbor BGP bfd";
+ push @controller_config, "neighbor BGP ebgp-multihop $ebgp_multihop" if $ebgp && $ebgp_multihop;
}
# BGP peers
diff --git a/test/zones/evpn/ebgp/expected_controller_config b/test/zones/evpn/ebgp/expected_controller_config
index 4c42012..be3e1af 100644
--- a/test/zones/evpn/ebgp/expected_controller_config
+++ b/test/zones/evpn/ebgp/expected_controller_config
@@ -23,6 +23,7 @@ router bgp 65001
neighbor BGP peer-group
neighbor BGP remote-as external
neighbor BGP bfd
+ neighbor BGP ebgp-multihop 3
neighbor 192.168.0.252 peer-group BGP
neighbor 192.168.0.253 peer-group BGP
!
diff --git a/test/zones/evpn/ebgp/sdn_config b/test/zones/evpn/ebgp/sdn_config
index 379dc14..91c1b61 100644
--- a/test/zones/evpn/ebgp/sdn_config
+++ b/test/zones/evpn/ebgp/sdn_config
@@ -12,7 +12,7 @@
controllers => {
ids => {
evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" },
- localhost => { type => "bgp", 'peers' => '192.168.0.252,192.168.0.253', ebgp => "1", asn => "65001", node => "localhost" },
+ localhost => { type => "bgp", 'peers' => '192.168.0.252,192.168.0.253', ebgp => "1", 'ebgp-multihop' => '3', asn => "65001", node => "localhost" },
},
},
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat Alexandre Derumier
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
This is only used by evpn plugin, and we can have
same anycast mac for all vnets like cisco,juniper,arista...
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/VnetPlugin.pm | 6 ------
PVE/Network/SDN/Zones/EvpnPlugin.pm | 17 +++++++++++------
test/zones/evpn/ipv4/expected_sdn_interfaces | 1 +
test/zones/evpn/ipv4/sdn_config | 2 +-
4 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm
index 34841ae..96a13b4 100644
--- a/PVE/Network/SDN/VnetPlugin.pm
+++ b/PVE/Network/SDN/VnetPlugin.pm
@@ -70,11 +70,6 @@ sub properties {
description => "alias name of the vnet",
optional => 1,
},
- mac => {
- type => 'string',
- description => "Anycast router mac address",
- optional => 1, format => 'mac-addr'
- }
};
}
@@ -83,7 +78,6 @@ sub options {
zone => { optional => 0},
tag => { optional => 1},
alias => { optional => 1 },
- mac => { optional => 1 },
vlanaware => { optional => 1 },
};
}
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index ca000cf..d68d3ee 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -28,6 +28,11 @@ sub properties {
type => 'string',
description => "Frr router name",
},
+ 'mac' => {
+ type => 'string',
+ description => "Anycast logical router mac address",
+ optional => 1, format => 'mac-addr'
+ },
'exitnodes' => get_standard_option('pve-node-list'),
};
}
@@ -40,6 +45,7 @@ sub options {
controller => { optional => 0 },
exitnodes => { optional => 1 },
mtu => { optional => 1 },
+ mac => { optional => 1 },
dns => { optional => 1 },
reversedns => { optional => 1 },
dnszone => { optional => 1 },
@@ -55,7 +61,7 @@ sub generate_sdn_config {
my $alias = $vnet->{alias};
my $ipv4 = $vnet->{ipv4};
my $ipv6 = $vnet->{ipv6};
- my $mac = $vnet->{mac};
+ my $mac = $plugin_config->{'mac'};
my $vrf_iface = "vrf_$zoneid";
my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
@@ -184,6 +190,10 @@ sub on_update_hook {
if (defined($zone_cfg->{ids}->{$id}->{'vrf-vxlan'}) && $zone_cfg->{ids}->{$id}->{'vrf-vxlan'} eq $vrfvxlan);
}
+ if (!defined($zone_cfg->{ids}->{$zoneid}->{'mac'})) {
+ my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ $zone_cfg->{ids}->{$zoneid}->{'mac'} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
+ }
}
@@ -206,11 +216,6 @@ sub vnet_update_hook {
next if $other_zone->{type} ne 'vxlan' && $other_zone->{type} ne 'evpn';
raise_param_exc({ tag => "vxlan tag $tag already exist in vnet $id in zone $other_zoneid "}) if $other_tag && $tag eq $other_tag;
}
-
- if (!defined($vnet->{mac})) {
- my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
- $vnet->{mac} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
- }
}
diff --git a/test/zones/evpn/ipv4/expected_sdn_interfaces b/test/zones/evpn/ipv4/expected_sdn_interfaces
index 6d2d3b6..e2d5a75 100644
--- a/test/zones/evpn/ipv4/expected_sdn_interfaces
+++ b/test/zones/evpn/ipv4/expected_sdn_interfaces
@@ -3,6 +3,7 @@
auto myvnet
iface myvnet
address 10.0.0.1/24
+ hwaddress A2:1D:CB:1A:C0:8B
bridge_ports vxlan_myvnet
bridge_stp off
bridge_fd 0
diff --git a/test/zones/evpn/ipv4/sdn_config b/test/zones/evpn/ipv4/sdn_config
index 4c115a9..dd73b5c 100644
--- a/test/zones/evpn/ipv4/sdn_config
+++ b/test/zones/evpn/ipv4/sdn_config
@@ -7,7 +7,7 @@
},
zones => {
- ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000 } },
+ ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
},
controllers => {
ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (2 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && " Alexandre Derumier
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
they were lost during subnet work
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Zones/EvpnPlugin.pm | 29 +++++++++---
test/zones/evpn/ebgp/expected_sdn_interfaces | 2 +
.../ebgp_loopback/expected_sdn_interfaces | 2 +
.../evpn/exitnode/expected_sdn_interfaces | 2 +
.../exitnode_snat/expected_sdn_interfaces | 25 +++++++++++
test/zones/evpn/exitnode_snat/sdn_config | 12 ++++-
test/zones/evpn/ipv4/expected_sdn_interfaces | 2 +
.../evpn/ipv4ipv6/expected_controller_config | 31 +++++++++++++
.../evpn/ipv4ipv6/expected_sdn_interfaces | 44 +++++++++++++++++++
test/zones/evpn/ipv4ipv6/interfaces | 7 +++
test/zones/evpn/ipv4ipv6/sdn_config | 32 ++++++++++++++
.../evpn/ipv6/expected_controller_config | 31 +++++++++++++
test/zones/evpn/ipv6/expected_sdn_interfaces | 42 ++++++++++++++++++
test/zones/evpn/ipv6/interfaces | 7 +++
test/zones/evpn/ipv6/sdn_config | 27 ++++++++++++
15 files changed, 286 insertions(+), 9 deletions(-)
create mode 100644 test/zones/evpn/ipv4ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/interfaces
create mode 100644 test/zones/evpn/ipv4ipv6/sdn_config
create mode 100644 test/zones/evpn/ipv6/expected_controller_config
create mode 100644 test/zones/evpn/ipv6/expected_sdn_interfaces
create mode 100644 test/zones/evpn/ipv6/interfaces
create mode 100644 test/zones/evpn/ipv6/sdn_config
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index d68d3ee..8d5250c 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -9,6 +9,7 @@ use PVE::Tools qw($IPV4RE);
use PVE::INotify;
use PVE::Cluster;
use PVE::Tools;
+use Net::IP;
use PVE::Network::SDN::Controllers::EvpnPlugin;
@@ -59,8 +60,6 @@ sub generate_sdn_config {
my $tag = $vnet->{tag};
my $alias = $vnet->{alias};
- my $ipv4 = $vnet->{ipv4};
- my $ipv6 = $vnet->{ipv6};
my $mac = $plugin_config->{'mac'};
my $vrf_iface = "vrf_$zoneid";
@@ -95,6 +94,8 @@ sub generate_sdn_config {
@iface_config = ();
my $address = {};
+ my $ipv4 = undef;
+ my $ipv6 = undef;
my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
@@ -107,19 +108,33 @@ sub generate_sdn_config {
$address->{$gateway} = 1;
}
+ my $iptables = undef;
+ my $checkrouteip = undef;
+ my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
+
+ if ($ipversion == 6) {
+ $ipv6 = 1;
+ $iptables = "ip6tables";
+ $checkrouteip = '2001:4860:4860::8888';
+ } else {
+ $ipv4 = 1;
+ $iptables = "iptables";
+ $checkrouteip = '8.8.8.8';
+ }
+
if ($subnet->{snat}) {
my $is_evpn_gateway = $plugin_config->{'exitnodes'}->{$local_node};
#find outgoing interface
- my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip('8.8.8.8');
+ my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
if ($outip && $outiface && $is_evpn_gateway) {
#use snat, faster than masquerade
- push @iface_config, "post-up iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
- push @iface_config, "post-down iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
#add conntrack zone once on outgoing interface
- push @iface_config, "post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
- push @iface_config, "post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
}
}
}
diff --git a/test/zones/evpn/ebgp/expected_sdn_interfaces b/test/zones/evpn/ebgp/expected_sdn_interfaces
index 6d2d3b6..4cf13e0 100644
--- a/test/zones/evpn/ebgp/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp/expected_sdn_interfaces
@@ -7,6 +7,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
index 6d2d3b6..4cf13e0 100644
--- a/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
+++ b/test/zones/evpn/ebgp_loopback/expected_sdn_interfaces
@@ -7,6 +7,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/exitnode/expected_sdn_interfaces b/test/zones/evpn/exitnode/expected_sdn_interfaces
index 6d2d3b6..4cf13e0 100644
--- a/test/zones/evpn/exitnode/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode/expected_sdn_interfaces
@@ -7,6 +7,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
index e8093a2..a2a183e 100644
--- a/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
+++ b/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
@@ -11,6 +11,23 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto myvnet2
+iface myvnet2
+ address 2a08:2142:302:3::1/64
+ post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
+ post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
+ bridge_ports vxlan_myvnet2
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip6-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
@@ -41,3 +58,11 @@ iface vxlan_myvnet
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
+
+auto vxlan_myvnet2
+iface vxlan_myvnet2
+ vxlan-id 200
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/test/zones/evpn/exitnode_snat/sdn_config b/test/zones/evpn/exitnode_snat/sdn_config
index f40e8bd..35cdf5d 100644
--- a/test/zones/evpn/exitnode_snat/sdn_config
+++ b/test/zones/evpn/exitnode_snat/sdn_config
@@ -3,6 +3,7 @@
vnets => {
ids => {
myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ myvnet2 => { tag => "200", type => "vnet", zone => "myzone" },
},
},
@@ -14,12 +15,19 @@
},
subnets => {
- ids => { 'myzone-10.0.0.0-24' => {
+ ids => {
+ 'myzone-10.0.0.0-24' => {
'type' => 'subnet',
'vnet' => 'myvnet',
'gateway' => '10.0.0.1',
'snat' => 1
- }
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet2',
+ 'gateway' => '2a08:2142:302:3::1',
+ 'snat' => 1
+ }
}
}
}
diff --git a/test/zones/evpn/ipv4/expected_sdn_interfaces b/test/zones/evpn/ipv4/expected_sdn_interfaces
index e2d5a75..9d1c64c 100644
--- a/test/zones/evpn/ipv4/expected_sdn_interfaces
+++ b/test/zones/evpn/ipv4/expected_sdn_interfaces
@@ -8,6 +8,8 @@ iface myvnet
bridge_stp off
bridge_fd 0
mtu 1450
+ ip-forward on
+ arp-accept on
vrf vrf_myzone
auto vrf_myzone
diff --git a/test/zones/evpn/ipv4ipv6/expected_controller_config b/test/zones/evpn/ipv4ipv6/expected_controller_config
new file mode 100644
index 0000000..c0ca898
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/expected_controller_config
@@ -0,0 +1,31 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+ neighbor VTEP activate
+ advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/ipv4ipv6/expected_sdn_interfaces b/test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
new file mode 100644
index 0000000..7a5d741
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/expected_sdn_interfaces
@@ -0,0 +1,44 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 10.0.0.1/24
+ address 2a08:2142:302:3::1/64
+ hwaddress A2:1D:CB:1A:C0:8B
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip-forward on
+ ip6-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+ vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+ bridge-ports vrfvx_myzone
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+ vxlan-id 1000
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/test/zones/evpn/ipv4ipv6/interfaces b/test/zones/evpn/ipv4ipv6/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/evpn/ipv4ipv6/sdn_config b/test/zones/evpn/ipv4ipv6/sdn_config
new file mode 100644
index 0000000..4583818
--- /dev/null
+++ b/test/zones/evpn/ipv4ipv6/sdn_config
@@ -0,0 +1,32 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ },
+ },
+
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
+ },
+ controllers => {
+ ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-10.0.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '10.0.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
diff --git a/test/zones/evpn/ipv6/expected_controller_config b/test/zones/evpn/ipv6/expected_controller_config
new file mode 100644
index 0000000..c0ca898
--- /dev/null
+++ b/test/zones/evpn/ipv6/expected_controller_config
@@ -0,0 +1,31 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+ neighbor VTEP activate
+ advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/ipv6/expected_sdn_interfaces b/test/zones/evpn/ipv6/expected_sdn_interfaces
new file mode 100644
index 0000000..b2bdbfe
--- /dev/null
+++ b/test/zones/evpn/ipv6/expected_sdn_interfaces
@@ -0,0 +1,42 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 2a08:2142:302:3::1/64
+ hwaddress A2:1D:CB:1A:C0:8B
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip6-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+ vrf-table auto
+ post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+ bridge-ports vrfvx_myzone
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+ vxlan-id 1000
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/test/zones/evpn/ipv6/interfaces b/test/zones/evpn/ipv6/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/ipv6/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/evpn/ipv6/sdn_config b/test/zones/evpn/ipv6/sdn_config
new file mode 100644
index 0000000..949e886
--- /dev/null
+++ b/test/zones/evpn/ipv6/sdn_config
@@ -0,0 +1,27 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ },
+ },
+
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
+ },
+ controllers => {
+ ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && ipv6 snat
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (3 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max Alexandre Derumier
2021-04-22 8:06 ` [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements Thomas Lamprecht
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Zones/SimplePlugin.pm | 34 ++++++++++++++-----
.../simple/hetzner/expected_sdn_interfaces | 19 +++++++++++
test/zones/simple/hetzner/interfaces | 6 ++++
test/zones/simple/hetzner/sdn_config | 34 +++++++++++++++++++
.../zones/simple/ipv4/expected_sdn_interfaces | 1 +
.../simple/ipv4snat/expected_sdn_interfaces | 1 +
.../simple/ipv4v6/expected_sdn_interfaces | 11 ++++++
test/zones/simple/ipv4v6/interfaces | 5 +++
test/zones/simple/ipv4v6/sdn_config | 27 +++++++++++++++
.../simple/ipv6snat/expected_sdn_interfaces | 13 +++++++
test/zones/simple/ipv6snat/interfaces | 7 ++++
test/zones/simple/ipv6snat/sdn_config | 24 +++++++++++++
12 files changed, 174 insertions(+), 8 deletions(-)
create mode 100644 test/zones/simple/hetzner/expected_sdn_interfaces
create mode 100644 test/zones/simple/hetzner/interfaces
create mode 100644 test/zones/simple/hetzner/sdn_config
create mode 100644 test/zones/simple/ipv4v6/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv4v6/interfaces
create mode 100644 test/zones/simple/ipv4v6/sdn_config
create mode 100644 test/zones/simple/ipv6snat/expected_sdn_interfaces
create mode 100644 test/zones/simple/ipv6snat/interfaces
create mode 100644 test/zones/simple/ipv6snat/sdn_config
diff --git a/PVE/Network/SDN/Zones/SimplePlugin.pm b/PVE/Network/SDN/Zones/SimplePlugin.pm
index 9f74f3e..caea5a8 100644
--- a/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -47,8 +47,6 @@ sub generate_sdn_config {
return $config if$config->{$vnetid}; # nothing to do
- my $ipv4 = $vnet->{ipv4};
- my $ipv6 = $vnet->{ipv6};
my $mac = $vnet->{mac};
my $alias = $vnet->{alias};
my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu};
@@ -59,6 +57,9 @@ sub generate_sdn_config {
my $address = {};
my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+ my $ipv4 = undef;
+ my $ipv6 = undef;
+
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
my $cidr = $subnet->{cidr};
@@ -69,18 +70,33 @@ sub generate_sdn_config {
push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
$address->{$gateway} = 1;
}
+
+ my $iptables = undef;
+ my $checkrouteip = undef;
+ my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
+
+ if ( $ipversion == 6) {
+ $ipv6 = 1;
+ $iptables = "ip6tables";
+ $checkrouteip = '2001:4860:4860::8888';
+ } else {
+ $ipv4 = 1;
+ $iptables = "iptables";
+ $checkrouteip = '8.8.8.8';
+ }
+
#add route for /32 pointtopoint
- push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32;
+ push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
if ($subnet->{snat}) {
#find outgoing interface
- my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip('8.8.8.8');
+ my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
if ($outip && $outiface) {
#use snat, faster than masquerade
- push @iface_config, "post-up iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
- push @iface_config, "post-down iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+ push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
#add conntrack zone once on outgoing interface
- push @iface_config, "post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
- push @iface_config, "post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
+ push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
}
}
}
@@ -95,6 +111,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
+ push @iface_config, "ip-forward on" if $ipv4;
+ push @iface_config, "ip6-forward on" if $ipv6;
push @{$config->{$vnetid}}, @iface_config;
diff --git a/test/zones/simple/hetzner/expected_sdn_interfaces b/test/zones/simple/hetzner/expected_sdn_interfaces
new file mode 100644
index 0000000..f47ac53
--- /dev/null
+++ b/test/zones/simple/hetzner/expected_sdn_interfaces
@@ -0,0 +1,19 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 144.76.100.65/29
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip-forward on
+
+auto myvnet2
+iface myvnet2
+ address 144.76.0.1/32
+ up ip route add 144.76.200.65/32 dev myvnet2
+ up ip route add 144.76.200.66/32 dev myvnet2
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip-forward on
diff --git a/test/zones/simple/hetzner/interfaces b/test/zones/simple/hetzner/interfaces
new file mode 100644
index 0000000..5ab9635
--- /dev/null
+++ b/test/zones/simple/hetzner/interfaces
@@ -0,0 +1,6 @@
+auto eth0
+iface eth0 inet static
+ address 144.76.0.1
+ netmask 255.255.255.255
+ pointopoint 172.31.1.1
+ gateway 172.31.1.1
\ No newline at end of file
diff --git a/test/zones/simple/hetzner/sdn_config b/test/zones/simple/hetzner/sdn_config
new file mode 100644
index 0000000..30773ca
--- /dev/null
+++ b/test/zones/simple/hetzner/sdn_config
@@ -0,0 +1,34 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone" },
+ myvnet2 => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "simple" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-144.76.100.64-29' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '144.76.100.65',
+ },
+ 'myzone-144.76.200.65-32' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet2',
+ 'gateway' => '144.76.0.1',
+ },
+ 'myzone-144.76.200.66-32' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet2',
+ 'gateway' => '144.76.0.1',
+ },
+ }
+ }
+}
+
+
diff --git a/test/zones/simple/ipv4/expected_sdn_interfaces b/test/zones/simple/ipv4/expected_sdn_interfaces
index d84075d..06e43ad 100644
--- a/test/zones/simple/ipv4/expected_sdn_interfaces
+++ b/test/zones/simple/ipv4/expected_sdn_interfaces
@@ -6,3 +6,4 @@ iface myvnet
bridge_ports none
bridge_stp off
bridge_fd 0
+ ip-forward on
diff --git a/test/zones/simple/ipv4snat/expected_sdn_interfaces b/test/zones/simple/ipv4snat/expected_sdn_interfaces
index c822af1..69d7986 100644
--- a/test/zones/simple/ipv4snat/expected_sdn_interfaces
+++ b/test/zones/simple/ipv4snat/expected_sdn_interfaces
@@ -10,3 +10,4 @@ iface myvnet
bridge_ports none
bridge_stp off
bridge_fd 0
+ ip-forward on
diff --git a/test/zones/simple/ipv4v6/expected_sdn_interfaces b/test/zones/simple/ipv4v6/expected_sdn_interfaces
new file mode 100644
index 0000000..34ed5db
--- /dev/null
+++ b/test/zones/simple/ipv4v6/expected_sdn_interfaces
@@ -0,0 +1,11 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 192.168.0.1/24
+ address 2a08:2142:302:3::1/64
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip-forward on
+ ip6-forward on
diff --git a/test/zones/simple/ipv4v6/interfaces b/test/zones/simple/ipv4v6/interfaces
new file mode 100644
index 0000000..68b6a88
--- /dev/null
+++ b/test/zones/simple/ipv4v6/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/simple/ipv4v6/sdn_config b/test/zones/simple/ipv4v6/sdn_config
new file mode 100644
index 0000000..b8ed848
--- /dev/null
+++ b/test/zones/simple/ipv4v6/sdn_config
@@ -0,0 +1,27 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "simple" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
diff --git a/test/zones/simple/ipv6snat/expected_sdn_interfaces b/test/zones/simple/ipv6snat/expected_sdn_interfaces
new file mode 100644
index 0000000..d3adc24
--- /dev/null
+++ b/test/zones/simple/ipv6snat/expected_sdn_interfaces
@@ -0,0 +1,13 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 2a08:2142:302:3::1/64
+ post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
+ post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ ip6-forward on
diff --git a/test/zones/simple/ipv6snat/interfaces b/test/zones/simple/ipv6snat/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/simple/ipv6snat/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/simple/ipv6snat/sdn_config b/test/zones/simple/ipv6snat/sdn_config
new file mode 100644
index 0000000..bc38527
--- /dev/null
+++ b/test/zones/simple/ipv6snat/sdn_config
@@ -0,0 +1,24 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "simple" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ 'snat' => 1
+ }
+ }
+ }
+}
+
+
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (4 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && " Alexandre Derumier
@ 2021-04-21 21:49 ` Alexandre Derumier
2021-04-22 8:06 ` [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements Thomas Lamprecht
6 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2021-04-21 21:49 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Controllers/Plugin.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/Network/SDN/Controllers/Plugin.pm b/PVE/Network/SDN/Controllers/Plugin.pm
index 8b5bd4f..b035492 100644
--- a/PVE/Network/SDN/Controllers/Plugin.pm
+++ b/PVE/Network/SDN/Controllers/Plugin.pm
@@ -28,7 +28,7 @@ sub parse_sdn_controller_id {
return undef if $noerr;
die "controller ID '$id' contains illegal characters\n";
}
- die "controller ID '$id' can't be more length than 10 characters\n" if length($id) > 10;
+ die "controller ID '$id' can't be more length than 64 characters\n" if length($id) > 64;
return $id;
}
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
` (5 preceding siblings ...)
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max Alexandre Derumier
@ 2021-04-22 8:06 ` Thomas Lamprecht
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Lamprecht @ 2021-04-22 8:06 UTC (permalink / raw)
To: Proxmox VE development discussion, Alexandre Derumier
On 21.04.21 23:49, Alexandre Derumier wrote:
> - fix broken evpn tests since last commit
> https://lists.proxmox.com/pipermail/pve-devel/2021-April/047521.html
>
> - add ebgp-multihop option
> (replace https://lists.proxmox.com/pipermail/pve-devel/2021-April/047547.html)
>
>
> Changelog v2:
>
> - move mac address option from vnet to evpn zone(this is only need for evpn anycast gateway)
> - readd lost ip-forward,ip6-forward,arp-accept since subnet implementation
> - fix ipv6 snat
> - tests : add ipv6 and ipv4v6 tests
> - tests: add an hetzner routed setup with mutiple /32 && a full /29
>
> Changelog v3:
> - increase controllerid max characters
>
> *** BLURB HERE ***
>
> Alexandre Derumier (6):
> tests: fix evpn vrf
> bgp: add ebgp_multihop option
> zones: evpn: move vnet mac option to evpn zone plugin
> zones: evpn: fix arp-accept && ip-forward + ipv6 snat
> zones: simple: fix ip-forward && ipv6 snat
> controllers: increase controllerid to 64 characters max
applied series, thanks!
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-04-22 8:06 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 21:49 [pve-devel] [PATCH v3 pve-network 0/6] evpn && bgp improvements Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 1/6] tests: fix evpn vrf Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 2/6] bgp: add ebgp_multihop option Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 3/6] zones: evpn: move vnet mac option to evpn zone plugin Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 4/6] zones: evpn: fix arp-accept && ip-forward + ipv6 snat Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 5/6] zones: simple: fix ip-forward && " Alexandre Derumier
2021-04-21 21:49 ` [pve-devel] [PATCH v3 pve-network 6/6] controllers: increase controllerid to 64 characters max Alexandre Derumier
2021-04-22 8:06 ` [pve-devel] applied-series: [PATCH v3 pve-network 0/6] evpn && bgp improvements Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox