public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] superseded: [RFC common/firewall/manager/network/proxmox{-ve-rs, -firewall} 0/7] NIC renaming mitigations
Date: Wed, 16 Jul 2025 17:19:14 +0200	[thread overview]
Message-ID: <6dd07fe9-a1a0-46b8-a73b-b277f6cf0a83@proxmox.com> (raw)
In-Reply-To: <20250709194526.560709-1-s.hanreich@proxmox.com>

https://lore.proxmox.com/pve-devel/20250716151815.348161-1-s.hanreich@proxmox.com/

On 7/9/25 21:45, Stefan Hanreich wrote:
> This patch series contains the following features:
> * transparent altname support for {pve, proxmox}-firewall and pve-network
> * pveeth tool for pinning NIC names
> 
> Both are features aimed at mitigating the fallout caused from changing network
> interface names. Sending it as an RFC, since I will be gone for a few days and
> wanted to publish my current state to start some discussion on the approaches
> I've taken with the tools and possible additions / changes. Nothing in here is
> final or particularly polished.
> 
> Both patch series only received rudimentary testing and are work in progress, so
> use at your own risk, I am not responsible for any broken hosts / VMs.
> 
> For more information on the pveeth tool, see the respective commit.
> 
> TODO:
> * possibly change wakeonlan setting in node config
> * decide on how to handle host.fw / cluster.fw:
> 
> cluster.fw cannot be automatically updated, since the generated mapping might
> differ from the one generated on other nodes. One possibility would be to
> generate the mapping for the NICs one-by-one on each host, thus ensuring a
> consistent name on all nodes. Then add a flag that overwrites cluster.fw.
> 
> cluster/host.fw is the only configuration file that gets applied immediately
> when updating it, since the firewall continously polls this file and applies the
> settings. We could add the new name as altname via ip link, ensuring that the
> firewall rules still work before *and* after reboot. Shouldn't be too hard to
> add (possibly with a flag). This is possible because of the new altname support
> {pve, proxmox}-firewall.
> 
> * update detection of physical NICs
> 
> We currently rely on the PHYSICAL_NIC_RE to detect physical network interfaces.
> We could instead use the ip link output for determining whether an interface is
> physical or not. This works in every case, except for PullMetric.pm. For this we
> could introduce another variable and fall back on the old logic depending on its
> existence. Maybe some one with more knowledge on the metrics system can chime in
> here. I have patches for this on my staff repo in case you are interested:
> 
> pve-manager:physical-nic-re
> pve-common:physical-nic-re
> 
> pve-common:
> 
> Stefan Hanreich (2):
>   network: add ip link and altname helpers
>   network: add nic prefix to physical nic regex
> 
>  src/PVE/Network.pm | 47 +++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 46 insertions(+), 1 deletion(-)
> 
> 
> proxmox-ve-rs:
> 
> Stefan Hanreich (1):
>   config: ip link struct
> 
>  proxmox-ve-config/src/host/mod.rs     |  1 +
>  proxmox-ve-config/src/host/network.rs | 35 +++++++++++++++++++++++++++
>  2 files changed, 36 insertions(+)
>  create mode 100644 proxmox-ve-config/src/host/network.rs
> 
> 
> proxmox-firewall:
> 
> Stefan Hanreich (1):
>   firewall: add altname support for firewall rules
> 
>  proxmox-firewall/src/config.rs              | 29 +++++++++++++++++++++
>  proxmox-firewall/src/rule.rs                |  6 ++++-
>  proxmox-firewall/tests/integration_tests.rs |  7 +++++
>  3 files changed, 41 insertions(+), 1 deletion(-)
> 
> 
> pve-firewall:
> 
> Stefan Hanreich (1):
>   firewall: add altname support
> 
>  src/PVE/Firewall.pm | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> 
> pve-network:
> 
> Stefan Hanreich (1):
>   controllers: isis: add altname support
> 
>  src/PVE/Network/SDN/Controllers/IsisPlugin.pm | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> 
> pve-manager:
> 
> Stefan Hanreich (1):
>   cli: add pveeth
> 
>  PVE/CLI/Makefile  |   1 +
>  PVE/CLI/pveeth.pm | 538 ++++++++++++++++++++++++++++++++++++++++++++++
>  bin/Makefile      |   5 +
>  bin/pveeth        |   8 +
>  4 files changed, 552 insertions(+)
>  create mode 100644 PVE/CLI/pveeth.pm
>  create mode 100644 bin/pveeth
> 
> 
> Summary over all repositories:
>   12 files changed, 684 insertions(+), 5 deletions(-)
> 



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


      parent reply	other threads:[~2025-07-16 15:18 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-09 19:45 [pve-devel] " Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH pve-common 1/2] network: add ip link and altname helpers Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH pve-common 2/2] network: add nic prefix to physical nic regex Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH proxmox-ve-rs 1/1] config: ip link struct Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH proxmox-firewall 1/1] firewall: add altname support for firewall rules Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH pve-firewall 1/1] firewall: add altname support Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH pve-network 1/1] controllers: isis: " Stefan Hanreich
2025-07-09 19:45 ` [pve-devel] [PATCH pve-manager 1/1] cli: add pveeth Stefan Hanreich
2025-07-10 14:53   ` Gabriel Goller
2025-07-10 15:08     ` Thomas Lamprecht
2025-07-10 16:25       ` Gabriel Goller
2025-07-15 12:30         ` Stefan Hanreich
2025-07-15 12:35           ` Stefan Hanreich
2025-07-15 13:51           ` Thomas Lamprecht
2025-07-15 14:06             ` Stefan Hanreich
2025-07-15 15:02             ` Stefan Hanreich
2025-07-16 15:19 ` Stefan Hanreich [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6dd07fe9-a1a0-46b8-a73b-b277f6cf0a83@proxmox.com \
    --to=s.hanreich@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal