From: Aaron Lauterer <a.lauterer@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Stefan Hanreich <s.hanreich@proxmox.com>,
Alexandre Derumier <aderumier@odiso.com>
Subject: Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
Date: Thu, 14 Nov 2024 11:29:25 +0100 [thread overview]
Message-ID: <fc3bd720-79fe-41b5-8897-fd8e1930a2e4@proxmox.com> (raw)
In-Reply-To: <b0f4bf82-c871-4485-90b1-0d5879f6d6eb@proxmox.com>
A few thoughts from my side after an in-person talk with Stefan.
On 2024-11-13 20:09, Stefan Hanreich wrote:
> I can see this working with Simple and EVPN zone where the host has an
> IP because he is acting as a gateway.
>
> But for VLAN / QinQ / VXLAN the way it is currently implemented is
> confusing imo, since we are 'abusing' the gateway field for what is
> essentially a bind address for dnsmasq.
In these cases, we should hide the gateway option in the zone settings
as it doesn't apply at all!
>
> There is already 'dhcp-dns-server' which configures the DNS server that
> dnsmasq sends. Maybe we could add 'dhcp-default-gateway' as well, so
> users can configure a default gateway that dnsmasq should send for those
> zones if they have a central external firewall in that VLAN.>
> And then maybe make the bind address explicit for VLAN / VXLAN / QinQ by
> moving it from gateway to 'dhcp-bind-address' and document that this
> address is then reserved? This would also solve the IPv6 issue, wouldn't it?
Yep, having it as DHCP options for the subnet would probably be the best
place in the GUI.
* Gateway
* DNS Server(s)
* DHCP Listening Address
The DHCP listening address would need to be mandatory, while the gateway
and DNS server announcements are optional.
>
> Another issue is that the host is sending itself as default gateway and
> DNS server in those zones, which we should probably not do (we turn off
> forwarding on the interfaces, but it also overwrites resolv.conf, which
> can be quite confusing I think). That should be easy to change (I have
> it on my machine already).
If we stick with VLANs as example (should apply for VXLAN & QinQ as
well), we usually have the gateway and DNS servers outside the PVE host.
Think, the router/firewall in which all VLANs terminate. The DNS server
could be on the router/firewall but also on a different machine in the
network.
We probably don't want to announce any gateway & DNS if those settings
are empty, just hand out IPs.
>
> I have the changes ready on my machine, but I wanted to ask for your
> opinion as well, I can also just send them tomorrow and you can review
> them if you like.
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2024-11-14 10:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-19 8:32 Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 1/7] dhcp: add vrf support Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 2/7] dhcp: enable-ra on layer3 zones only Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 3/7] dnsmasq service: run service in vrf Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 4/7] zones: evpn: add dhcp support Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 5/7] zones: vlan: " Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 6/7] zones: qinq: " Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 7/7] zones: vxlan: " Alexandre Derumier
2023-12-22 14:01 ` [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Stefan Hanreich
2023-12-22 21:27 ` DERUMIER, Alexandre
2024-02-22 10:13 ` Stefan Hanreich
[not found] ` <6c7a0c383c6aee77689433815775e27f5259da91.camel@groupe-cyllene.com>
2024-02-22 10:52 ` Stefan Hanreich
2024-11-13 9:48 ` Stefan Hanreich
2024-11-13 19:09 ` Stefan Hanreich
2024-11-14 10:29 ` Aaron Lauterer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fc3bd720-79fe-41b5-8897-fd8e1930a2e4@proxmox.com \
--to=a.lauterer@proxmox.com \
--cc=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.hanreich@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox