From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D5003BF2D for ; Wed, 13 Sep 2023 15:05:11 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B58FF1E93A for ; Wed, 13 Sep 2023 15:05:11 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 13 Sep 2023 15:05:10 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CC5EA46EC0; Wed, 13 Sep 2023 15:05:09 +0200 (CEST) Message-ID: Date: Wed, 13 Sep 2023 15:05:09 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US To: "DERUMIER, Alexandre" , "pve-devel@lists.proxmox.com" , "t.lamprecht@proxmox.com" References: <20230908134304.2009415-1-s.hanreich@proxmox.com> <2fd1071602ad075d4580d62565fc757e4bd92a91.camel@groupe-cyllene.com> <3e766920-35e9-4acf-a9fa-f3b56fe0408e@proxmox.com> <7980640a-da18-9da7-88cb-f8602c9339d4@proxmox.com> <5708827d07ec44793cccda18d75a66562a093bc0.camel@groupe-cyllene.com> From: Stefan Hanreich In-Reply-To: <5708827d07ec44793cccda18d75a66562a093bc0.camel@groupe-cyllene.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 1.189 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -1.473 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [RFC cluster/manager/network 0/6] Add support for DHCP servers to SDN X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2023 13:05:11 -0000 On 9/13/23 14:50, DERUMIER, Alexandre wrote: > Le mercredi 13 septembre 2023 à 13:50 +0200, Stefan Hanreich a écrit : >> >> >> That way we could also easily add a IP configuration section to the >> VM > > > I really don't known if it's the best/easiest way to have ip both in > ipam && vm config. > > I have sent ipam vm|ct 1 or 2 year ago, and their are a lot of corner > cases (snapshots / backup restore with an ip different than ipam for > example). > > > But it's avoid to call ipam at vm_start. (and could be used for > firewall to auto generate ip filtering) > Maybe setting it there could just be an interface for setting it in the IPAM manually? But yes, the snapshots / backup cases certainly requires some thought. Another thing I was thinking about: When we create a mapping on start / stop we will also have to consider DHCP lease time and cannot immediately re-use the IP (which is actually quite likely if IPAM always just returns the next IP in the list). We will have to take into account the DHCP lease time in our pve IPAM implementation and reserve the IP accordingly. For dnsmasq, the dhcp hookscripts might come in handy in that case so we know the exact expiration time. As Thomas already mentioned, time drift in VMs (e.g. after hibernation) can also cause real issues here.. We would also need some kind of mechanism for cleaning expired entries automatically, otherwise local pve IPAM becomes cluttered. As far as I can tell, Kea + NetBox integration already supports DHCP reservations, so we should be fine on that front.