* [pve-devel] [PATCH pve-network 1/7] dhcp: add vrf support
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 2/7] dhcp: enable-ra on layer3 zones only Alexandre Derumier
` (8 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
launch dnsmasq in a vrf context with "ip vrf exec <vrfname> dnsmasq.."
use "default" vrf if plugin don't return a specific vrf
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Dhcp.pm | 3 ++-
src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 3 ++-
src/PVE/Network/SDN/Zones.pm | 10 ++++++++++
src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 8 ++++++++
src/PVE/Network/SDN/Zones/Plugin.pm | 7 +++++++
5 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Network/SDN/Dhcp.pm b/src/PVE/Network/SDN/Dhcp.pm
index 7876c08..ce72c4d 100644
--- a/src/PVE/Network/SDN/Dhcp.pm
+++ b/src/PVE/Network/SDN/Dhcp.pm
@@ -79,12 +79,13 @@ sub regenerate_config {
my $zone = $zone_cfg->{ids}->{$zoneid};
next if !$zone->{dhcp};
+ my $options = PVE::Network::SDN::Zones::get_options($zoneid);
my $dhcp_plugin_name = $zone->{dhcp};
my $dhcp_plugin = PVE::Network::SDN::Dhcp::Plugin->lookup($dhcp_plugin_name);
die "Could not find DHCP plugin: $dhcp_plugin_name" if !$dhcp_plugin;
- eval { $dhcp_plugin->before_configure($zoneid) };
+ eval { $dhcp_plugin->before_configure($zoneid, $options) };
die "Could not run before_configure for DHCP server $zoneid $@\n" if $@;
for my $vnetid (sort keys %{$vnet_cfg->{ids}}) {
diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index 2844943..169ce56 100644
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -164,7 +164,7 @@ sub configure_vnet {
}
sub before_configure {
- my ($class, $dhcpid) = @_;
+ my ($class, $dhcpid, $options) = @_;
my $dbus_config = <<DBUSCFG;
<!DOCTYPE busconfig PUBLIC
@@ -198,6 +198,7 @@ DBUSCFG
my $default_config = <<CFG;
CONFIG_DIR='$config_directory,\*.conf'
DNSMASQ_OPTS="--conf-file=/dev/null --enable-dbus=uk.org.thekelleys.dnsmasq.$dhcpid"
+VRF='$options->{vrf}'
CFG
PVE::Tools::file_set_contents(
diff --git a/src/PVE/Network/SDN/Zones.pm b/src/PVE/Network/SDN/Zones.pm
index 5bd3536..fd4e73d 100644
--- a/src/PVE/Network/SDN/Zones.pm
+++ b/src/PVE/Network/SDN/Zones.pm
@@ -104,6 +104,16 @@ sub get_vnets {
return $vnets;
}
+sub get_options {
+ my ($zoneid) = @_;
+
+ my $zone_cfg = PVE::Network::SDN::Zones::config();
+ my $plugin_config = $zone_cfg->{ids}->{$zoneid};
+
+ my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
+ return $plugin->get_options($plugin_config, $zoneid);
+}
+
sub generate_etc_network_config {
my $cfg = PVE::Network::SDN::running_config();
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 655a9f0..c806564 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -272,6 +272,14 @@ sub generate_sdn_config {
return $config;
}
+sub get_options {
+ my ($class, $plugin_config, $zoneid) = @_;
+
+ my $options = { vrf => "vrf_$zoneid"};
+
+ return $options;
+}
+
sub on_update_hook {
my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
diff --git a/src/PVE/Network/SDN/Zones/Plugin.pm b/src/PVE/Network/SDN/Zones/Plugin.pm
index b55b967..07e8389 100644
--- a/src/PVE/Network/SDN/Zones/Plugin.pm
+++ b/src/PVE/Network/SDN/Zones/Plugin.pm
@@ -129,6 +129,13 @@ sub controller_reload {
die "please implement inside plugin";
}
+sub get_options {
+ my ($class, $plugin_config, $zoneid) = @_;
+
+ my $options = { vrf => 'default'};
+ return $options;
+}
+
sub on_delete_hook {
my ($class, $zoneid, $vnet_cfg) = @_;
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* [pve-devel] [PATCH pve-network 2/7] dhcp: enable-ra on layer3 zones only
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 1/7] dhcp: add vrf support Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 3/7] dnsmasq service: run service in vrf Alexandre Derumier
` (7 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 4 ++--
src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 +-
src/PVE/Network/SDN/Zones/Plugin.pm | 2 +-
src/PVE/Network/SDN/Zones/SimplePlugin.pm | 9 +++++++++
4 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index 169ce56..b488613 100644
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -208,8 +208,6 @@ CFG
my $default_dnsmasq_config = <<CFG;
except-interface=lo
-enable-ra
-quiet-ra
bind-dynamic
no-hosts
dhcp-leasefile=$DNSMASQ_LEASE_ROOT/dnsmasq.$dhcpid.leases
@@ -230,6 +228,8 @@ dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
CFG
+ $default_dnsmasq_config .= "enable-ra\nquiet-ra\n" if $options->{dhcp_ra};
+
PVE::Tools::file_set_contents(
"$config_directory/00-default.conf",
$default_dnsmasq_config
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index c806564..3c3278a 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -275,7 +275,7 @@ sub generate_sdn_config {
sub get_options {
my ($class, $plugin_config, $zoneid) = @_;
- my $options = { vrf => "vrf_$zoneid"};
+ my $options = { vrf => "vrf_$zoneid", dhcp_ra => 1};
return $options;
}
diff --git a/src/PVE/Network/SDN/Zones/Plugin.pm b/src/PVE/Network/SDN/Zones/Plugin.pm
index 07e8389..7804b1c 100644
--- a/src/PVE/Network/SDN/Zones/Plugin.pm
+++ b/src/PVE/Network/SDN/Zones/Plugin.pm
@@ -132,7 +132,7 @@ sub controller_reload {
sub get_options {
my ($class, $plugin_config, $zoneid) = @_;
- my $options = { vrf => 'default'};
+ my $options = { vrf => 'default', dhcp_ra => undef};
return $options;
}
diff --git a/src/PVE/Network/SDN/Zones/SimplePlugin.pm b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
index c996bf3..58a75a0 100644
--- a/src/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -130,6 +130,15 @@ sub generate_sdn_config {
return $config;
}
+
+sub get_options {
+ my ($class, $plugin_config, $zoneid) = @_;
+
+ my $options = { vrf => 'default', dhcp_ra => 1};
+
+ return $options;
+}
+
sub vnet_update_hook {
my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* [pve-devel] [PATCH pve-network 3/7] dnsmasq service: run service in vrf
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 1/7] dhcp: add vrf support Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 2/7] dhcp: enable-ra on layer3 zones only Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 4/7] zones: evpn: add dhcp support Alexandre Derumier
` (6 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/services/01-dnsmasq-vrf.conf | 4 ++++
src/services/Makefile | 1 +
2 files changed, 5 insertions(+)
create mode 100644 src/services/01-dnsmasq-vrf.conf
diff --git a/src/services/01-dnsmasq-vrf.conf b/src/services/01-dnsmasq-vrf.conf
new file mode 100644
index 0000000..1030df2
--- /dev/null
+++ b/src/services/01-dnsmasq-vrf.conf
@@ -0,0 +1,4 @@
+[Service]
+EnvironmentFile=/etc/default/dnsmasq.%i
+ExecStart=
+ExecStart=/bin/ip vrf exec ${VRF} /etc/init.d/dnsmasq systemd-exec "%i"
\ No newline at end of file
diff --git a/src/services/Makefile b/src/services/Makefile
index 818c106..7c45701 100644
--- a/src/services/Makefile
+++ b/src/services/Makefile
@@ -8,6 +8,7 @@ install:
install -d $(SERVICEDIR)
install -d $(SERVICEDIR)/dnsmasq@.service.d
install -t $(SERVICEDIR)/dnsmasq@.service.d -m 0644 00-dnsmasq-after-networking.conf
+ install -t $(SERVICEDIR)/dnsmasq@.service.d -m 0644 01-dnsmasq-vrf.conf
.PHONY: clean
clean:
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* [pve-devel] [PATCH pve-network 4/7] zones: evpn: add dhcp support
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (2 preceding siblings ...)
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 3/7] dnsmasq service: run service in vrf Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 5/7] zones: vlan: " Alexandre Derumier
` (5 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 3c3278a..26a22c7 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -99,6 +99,7 @@ sub options {
reversedns => { optional => 1 },
dnszone => { optional => 1 },
ipam => { optional => 1 },
+ dhcp => { optional => 1 },
};
}
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* [pve-devel] [PATCH pve-network 5/7] zones: vlan: add dhcp support
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (3 preceding siblings ...)
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 4/7] zones: evpn: add dhcp support Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 6/7] zones: qinq: " Alexandre Derumier
` (4 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
add gateway ip to vnet and force /32 for ipv4 to avoid
arp problem, and disable forwarding by security
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Zones/VlanPlugin.pm | 33 +++++++++++++++++++
.../zones/vlan/dhcp/expected_sdn_interfaces | 27 +++++++++++++++
src/test/zones/vlan/dhcp/interfaces | 5 +++
src/test/zones/vlan/dhcp/sdn_config | 27 +++++++++++++++
.../zones/vlan/nodhcp/expected_sdn_interfaces | 23 +++++++++++++
src/test/zones/vlan/nodhcp/interfaces | 5 +++
src/test/zones/vlan/nodhcp/sdn_config | 27 +++++++++++++++
7 files changed, 147 insertions(+)
create mode 100644 src/test/zones/vlan/dhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/vlan/dhcp/interfaces
create mode 100644 src/test/zones/vlan/dhcp/sdn_config
create mode 100644 src/test/zones/vlan/nodhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/vlan/nodhcp/interfaces
create mode 100644 src/test/zones/vlan/nodhcp/sdn_config
diff --git a/src/PVE/Network/SDN/Zones/VlanPlugin.pm b/src/PVE/Network/SDN/Zones/VlanPlugin.pm
index 6a68e8d..2fa0480 100644
--- a/src/PVE/Network/SDN/Zones/VlanPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/VlanPlugin.pm
@@ -43,6 +43,7 @@ sub options {
reversedns => { optional => 1 },
dnszone => { optional => 1 },
ipam => { optional => 1 },
+ dhcp => { optional => 1 },
};
}
@@ -51,6 +52,8 @@ sub generate_sdn_config {
my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;
my $bridge = $plugin_config->{bridge};
+ my $dhcp = $plugin_config->{dhcp};
+
PVE::Network::SDN::Zones::Plugin::find_bridge($bridge);
my $vlan_aware = PVE::Network::SDN::Zones::Plugin::is_vlanaware($bridge);
@@ -120,8 +123,36 @@ sub generate_sdn_config {
push(@{$config->{$bridgevlan}}, @iface_config) if !$config->{$bridgevlan};
}
+
#vnet bridge
@iface_config = ();
+
+ my $disable_forward_v4 = undef;
+ my $disable_forward_v6 = undef;
+
+ if ($dhcp) {
+ my $address = {};
+ my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+
+ foreach my $subnetid (sort keys %{$subnets}) {
+ my $subnet = $subnets->{$subnetid};
+ my $gateway = $subnet->{gateway};
+ if ($gateway) {
+
+ my $mask = $subnet->{mask};
+ if (Net::IP::ip_is_ipv6($gateway)) {
+ $disable_forward_v6 = 1;
+ } else {
+ $mask = '32';
+ $disable_forward_v4 = 1;
+ }
+
+ push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
+ $address->{$gateway} = 1;
+ }
+ }
+ }
+
push @iface_config, "bridge_ports $vnet_uplink";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
@@ -131,6 +162,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
+ push @iface_config, "ip-forward off" if $disable_forward_v4;
+ push @iface_config, "ip6-forward off" if $disable_forward_v6;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
return $config;
diff --git a/src/test/zones/vlan/dhcp/expected_sdn_interfaces b/src/test/zones/vlan/dhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..89e0d4a
--- /dev/null
+++ b/src/test/zones/vlan/dhcp/expected_sdn_interfaces
@@ -0,0 +1,27 @@
+#version:1
+
+auto ln_myvnet
+iface ln_myvnet
+ link-type veth
+ veth-peer-name pr_myvnet
+
+auto myvnet
+iface myvnet
+ address 192.168.0.1/32
+ address 2a08:2142:302:3::1/64
+ bridge_ports ln_myvnet
+ bridge_stp off
+ bridge_fd 0
+ ip-forward off
+ ip6-forward off
+
+auto pr_myvnet
+iface pr_myvnet
+ link-type veth
+ veth-peer-name ln_myvnet
+
+auto vmbr0v100
+iface vmbr0v100
+ bridge_ports eth0.100 pr_myvnet
+ bridge_stp off
+ bridge_fd 0
diff --git a/src/test/zones/vlan/dhcp/interfaces b/src/test/zones/vlan/dhcp/interfaces
new file mode 100644
index 0000000..9eaf6ff
--- /dev/null
+++ b/src/test/zones/vlan/dhcp/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
\ No newline at end of file
diff --git a/src/test/zones/vlan/dhcp/sdn_config b/src/test/zones/vlan/dhcp/sdn_config
new file mode 100644
index 0000000..024ffa9
--- /dev/null
+++ b/src/test/zones/vlan/dhcp/sdn_config
@@ -0,0 +1,27 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone", tag => 100 },
+ },
+ },
+ zones => {
+ ids => { myzone => { bridge => "vmbr0", ipam => "pve", type => "vlan", dhcp => "dnsmasq" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
diff --git a/src/test/zones/vlan/nodhcp/expected_sdn_interfaces b/src/test/zones/vlan/nodhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..f9e96d1
--- /dev/null
+++ b/src/test/zones/vlan/nodhcp/expected_sdn_interfaces
@@ -0,0 +1,23 @@
+#version:1
+
+auto ln_myvnet
+iface ln_myvnet
+ link-type veth
+ veth-peer-name pr_myvnet
+
+auto myvnet
+iface myvnet
+ bridge_ports ln_myvnet
+ bridge_stp off
+ bridge_fd 0
+
+auto pr_myvnet
+iface pr_myvnet
+ link-type veth
+ veth-peer-name ln_myvnet
+
+auto vmbr0v100
+iface vmbr0v100
+ bridge_ports eth0.100 pr_myvnet
+ bridge_stp off
+ bridge_fd 0
diff --git a/src/test/zones/vlan/nodhcp/interfaces b/src/test/zones/vlan/nodhcp/interfaces
new file mode 100644
index 0000000..9eaf6ff
--- /dev/null
+++ b/src/test/zones/vlan/nodhcp/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
\ No newline at end of file
diff --git a/src/test/zones/vlan/nodhcp/sdn_config b/src/test/zones/vlan/nodhcp/sdn_config
new file mode 100644
index 0000000..e47eac8
--- /dev/null
+++ b/src/test/zones/vlan/nodhcp/sdn_config
@@ -0,0 +1,27 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", zone => "myzone", tag => 100 },
+ },
+ },
+ zones => {
+ ids => { myzone => { bridge => "vmbr0", ipam => "pve", type => "vlan" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
+
+
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* [pve-devel] [PATCH pve-network 6/7] zones: qinq: add dhcp support
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (4 preceding siblings ...)
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 5/7] zones: vlan: " Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 7/7] zones: vxlan: " Alexandre Derumier
` (3 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
add gateway ip to vnet and force /32 for ipv4 to avoid
arp problem, and disable forwarding by security
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Zones/QinQPlugin.pm | 32 +++++++++++++++++
.../zones/qinq/dhcp/expected_sdn_interfaces | 34 +++++++++++++++++++
src/test/zones/qinq/dhcp/interfaces | 5 +++
src/test/zones/qinq/dhcp/sdn_config | 26 ++++++++++++++
.../zones/qinq/nodhcp/expected_sdn_interfaces | 30 ++++++++++++++++
src/test/zones/qinq/nodhcp/interfaces | 5 +++
src/test/zones/qinq/nodhcp/sdn_config | 26 ++++++++++++++
7 files changed, 158 insertions(+)
create mode 100644 src/test/zones/qinq/dhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/qinq/dhcp/interfaces
create mode 100644 src/test/zones/qinq/dhcp/sdn_config
create mode 100644 src/test/zones/qinq/nodhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/qinq/nodhcp/interfaces
create mode 100644 src/test/zones/qinq/nodhcp/sdn_config
diff --git a/src/PVE/Network/SDN/Zones/QinQPlugin.pm b/src/PVE/Network/SDN/Zones/QinQPlugin.pm
index 4c4be64..57655b4 100644
--- a/src/PVE/Network/SDN/Zones/QinQPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/QinQPlugin.pm
@@ -46,6 +46,7 @@ sub options {
reversedns => { optional => 1 },
dnszone => { optional => 1 },
ipam => { optional => 1 },
+ dhcp => { optional => 1 },
};
}
@@ -55,6 +56,7 @@ sub generate_sdn_config {
my ($bridge, $mtu, $stag) = $plugin_config->@{'bridge', 'mtu', 'tag'};
my $vlanprotocol = $plugin_config->{'vlan-protocol'};
+ my $dhcp = $plugin_config->{'dhcp'};
PVE::Network::SDN::Zones::Plugin::find_bridge($bridge);
@@ -154,6 +156,34 @@ sub generate_sdn_config {
# vnet bridge
@iface_config = ();
+
+ my $disable_forward_v4 = undef;
+ my $disable_forward_v6 = undef;
+
+ if ($dhcp) {
+ my $address = {};
+ my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+
+ foreach my $subnetid (sort keys %{$subnets}) {
+ my $subnet = $subnets->{$subnetid};
+ my $gateway = $subnet->{gateway};
+
+ if ($gateway) {
+
+ my $mask = $subnet->{mask};
+ if (Net::IP::ip_is_ipv6($gateway)) {
+ $disable_forward_v6 = 1;
+ } else {
+ $mask = '32';
+ $disable_forward_v4 = 1;
+ }
+
+ push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
+ $address->{$gateway} = 1;
+ }
+ }
+ }
+
push @iface_config, "bridge_ports $vnet_bridge_ports";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
@@ -163,6 +193,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $vnet->{alias}" if $vnet->{alias};
+ push @iface_config, "ip-forward off" if $disable_forward_v4;
+ push @iface_config, "ip6-forward off" if $disable_forward_v6;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
}
diff --git a/src/test/zones/qinq/dhcp/expected_sdn_interfaces b/src/test/zones/qinq/dhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..d73f043
--- /dev/null
+++ b/src/test/zones/qinq/dhcp/expected_sdn_interfaces
@@ -0,0 +1,34 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+ address 192.168.0.1/32
+ address 2a08:2142:302:3::1/64
+ bridge_ports z_myzone.100
+ bridge_stp off
+ bridge_fd 0
+ ip-forward off
+ ip6-forward off
+
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto sv_myzone
+iface sv_myzone
+ vlan-raw-device eth0
+ vlan-id 10
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/src/test/zones/qinq/dhcp/interfaces b/src/test/zones/qinq/dhcp/interfaces
new file mode 100644
index 0000000..68b6a88
--- /dev/null
+++ b/src/test/zones/qinq/dhcp/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/qinq/dhcp/sdn_config b/src/test/zones/qinq/dhcp/sdn_config
new file mode 100644
index 0000000..bb21385
--- /dev/null
+++ b/src/test/zones/qinq/dhcp/sdn_config
@@ -0,0 +1,26 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq", dhcp => "dnsmasq" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
diff --git a/src/test/zones/qinq/nodhcp/expected_sdn_interfaces b/src/test/zones/qinq/nodhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..4ac9f99
--- /dev/null
+++ b/src/test/zones/qinq/nodhcp/expected_sdn_interfaces
@@ -0,0 +1,30 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+ bridge_ports z_myzone.100
+ bridge_stp off
+ bridge_fd 0
+
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto sv_myzone
+iface sv_myzone
+ vlan-raw-device eth0
+ vlan-id 10
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/src/test/zones/qinq/nodhcp/interfaces b/src/test/zones/qinq/nodhcp/interfaces
new file mode 100644
index 0000000..68b6a88
--- /dev/null
+++ b/src/test/zones/qinq/nodhcp/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/qinq/nodhcp/sdn_config b/src/test/zones/qinq/nodhcp/sdn_config
new file mode 100644
index 0000000..ddfe11c
--- /dev/null
+++ b/src/test/zones/qinq/nodhcp/sdn_config
@@ -0,0 +1,26 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
+ },
+
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* [pve-devel] [PATCH pve-network 7/7] zones: vxlan: add dhcp support
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (5 preceding siblings ...)
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 6/7] zones: qinq: " Alexandre Derumier
@ 2023-12-19 8:32 ` Alexandre Derumier
2023-12-22 14:01 ` [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Stefan Hanreich
` (2 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Alexandre Derumier @ 2023-12-19 8:32 UTC (permalink / raw)
To: pve-devel
add gateway ip to vnet and force /32 for ipv4 to avoid
arp problem, and disable forwarding by security
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Zones/VxlanPlugin.pm | 32 +++++++++++++++++++
.../zones/vxlan/dhcp/expected_sdn_interfaces | 19 +++++++++++
src/test/zones/vxlan/dhcp/interfaces | 7 ++++
src/test/zones/vxlan/dhcp/sdn_config | 25 +++++++++++++++
.../vxlan/nodhcp/expected_sdn_interfaces | 15 +++++++++
src/test/zones/vxlan/nodhcp/interfaces | 7 ++++
src/test/zones/vxlan/nodhcp/sdn_config | 25 +++++++++++++++
7 files changed, 130 insertions(+)
create mode 100644 src/test/zones/vxlan/dhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/vxlan/dhcp/interfaces
create mode 100644 src/test/zones/vxlan/dhcp/sdn_config
create mode 100644 src/test/zones/vxlan/nodhcp/expected_sdn_interfaces
create mode 100644 src/test/zones/vxlan/nodhcp/interfaces
create mode 100644 src/test/zones/vxlan/nodhcp/sdn_config
diff --git a/src/PVE/Network/SDN/Zones/VxlanPlugin.pm b/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
index 9a77bb9..7aa3c26 100644
--- a/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
@@ -48,6 +48,7 @@ sub options {
reversedns => { optional => 1 },
dnszone => { optional => 1 },
ipam => { optional => 1 },
+ dhcp => { optional => 1 },
};
}
@@ -59,6 +60,7 @@ sub generate_sdn_config {
my $alias = $vnet->{alias};
my $multicastaddress = $plugin_config->{'multicast-address'};
my $vxlanport = $plugin_config->{'vxlan-port'};
+ my $dhcp = $plugin_config->{'dhcp'};
my @peers;
@peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'};
my $vxlan_iface = "vxlan_$vnetid";
@@ -87,6 +89,34 @@ sub generate_sdn_config {
#vnet bridge
@iface_config = ();
+
+ my $disable_forward_v4 = undef;
+ my $disable_forward_v6 = undef;
+
+ if ($dhcp) {
+ my $address = {};
+ my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+
+ foreach my $subnetid (sort keys %{$subnets}) {
+ my $subnet = $subnets->{$subnetid};
+ my $gateway = $subnet->{gateway};
+
+ if ($gateway) {
+
+ my $mask = $subnet->{mask};
+ if (Net::IP::ip_is_ipv6($gateway)) {
+ $disable_forward_v6 = 1;
+ } else {
+ $mask = '32';
+ $disable_forward_v4 = 1;
+ }
+
+ push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
+ $address->{$gateway} = 1;
+ }
+ }
+ }
+
push @iface_config, "bridge_ports $vxlan_iface";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
@@ -96,6 +126,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
+ push @iface_config, "ip-forward off" if $disable_forward_v4;
+ push @iface_config, "ip6-forward off" if $disable_forward_v6;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
return $config;
diff --git a/src/test/zones/vxlan/dhcp/expected_sdn_interfaces b/src/test/zones/vxlan/dhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..d99efc2
--- /dev/null
+++ b/src/test/zones/vxlan/dhcp/expected_sdn_interfaces
@@ -0,0 +1,19 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 192.168.0.1/32
+ address 2a08:2142:302:3::1/64
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip-forward off
+ ip6-forward off
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan_remoteip 192.168.0.2
+ vxlan_remoteip 192.168.0.3
+ mtu 1450
diff --git a/src/test/zones/vxlan/dhcp/interfaces b/src/test/zones/vxlan/dhcp/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/vxlan/dhcp/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/vxlan/dhcp/sdn_config b/src/test/zones/vxlan/dhcp/sdn_config
new file mode 100644
index 0000000..3056165
--- /dev/null
+++ b/src/test/zones/vxlan/dhcp/sdn_config
@@ -0,0 +1,25 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "vxlan", peers => "192.168.0.1,192.168.0.2,192.168.0.3", dhcp => "dnsmasq" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
diff --git a/src/test/zones/vxlan/nodhcp/expected_sdn_interfaces b/src/test/zones/vxlan/nodhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..7b73c3e
--- /dev/null
+++ b/src/test/zones/vxlan/nodhcp/expected_sdn_interfaces
@@ -0,0 +1,15 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan_remoteip 192.168.0.2
+ vxlan_remoteip 192.168.0.3
+ mtu 1450
diff --git a/src/test/zones/vxlan/nodhcp/interfaces b/src/test/zones/vxlan/nodhcp/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/vxlan/nodhcp/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/vxlan/nodhcp/sdn_config b/src/test/zones/vxlan/nodhcp/sdn_config
new file mode 100644
index 0000000..338290d
--- /dev/null
+++ b/src/test/zones/vxlan/nodhcp/sdn_config
@@ -0,0 +1,25 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "vxlan", peers => "192.168.0.1,192.168.0.2,192.168.0.3" } },
+ },
+ subnets => {
+ ids => {
+ 'myzone-192.168.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '192.168.0.1',
+ },
+ 'myzone-2a08:2142:302:3::-64' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '2a08:2142:302:3::1',
+ }
+ }
+ }
+}
--
2.39.2
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (6 preceding siblings ...)
2023-12-19 8:32 ` [pve-devel] [PATCH pve-network 7/7] zones: vxlan: " Alexandre Derumier
@ 2023-12-22 14:01 ` Stefan Hanreich
2023-12-22 21:27 ` DERUMIER, Alexandre
2024-11-13 9:48 ` Stefan Hanreich
2024-11-13 19:09 ` Stefan Hanreich
9 siblings, 1 reply; 15+ messages in thread
From: Stefan Hanreich @ 2023-12-22 14:01 UTC (permalink / raw)
To: pve-devel
Gave this a quick test drive on my cluster with VNets in all 5 zones on
2 containers using PVE IPAM. DHCP worked flawlessly for all 5 zones,
pinging between two containers over all 5 VNets worked perfectly.
I am getting an error in the VLAN and QinQ zones when applying the SDN
config, though they seem to work. The error messages are quite cryptic
('error <vnet_id>') and I couldn't find anything in the journal.
I'll look into the errors more closely next week, I just wanted to ask
whether you noticed anything like that?
Happy Holidays and thanks for your efforts!
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
2023-12-22 14:01 ` [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Stefan Hanreich
@ 2023-12-22 21:27 ` DERUMIER, Alexandre
2024-02-22 10:13 ` Stefan Hanreich
0 siblings, 1 reply; 15+ messages in thread
From: DERUMIER, Alexandre @ 2023-12-22 21:27 UTC (permalink / raw)
To: pve-devel
Hi,
I'll be on holiday next week (I'll be back the 2 january).
I'll look at QinQ when I'll be back.
It just miss the ip for dhcpserver different than gateway for ipv6
handling for vlan/qinq/vxlan, but it should be easy to implement.
Also, for ipv6 in vrf, it need a patch for dnsmasq, so I think this
will need to proxmox dnsmasq package version.
Happy Holidays to the Proxmox team too !
-------- Message initial --------
De: Stefan Hanreich <s.hanreich@proxmox.com>
Répondre à: Proxmox VE development discussion <pve-
devel@lists.proxmox.com>
À: pve-devel@lists.proxmox.com
Objet: Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all
zones
Date: 22/12/2023 15:01:32
Gave this a quick test drive on my cluster with VNets in all 5 zones on
2 containers using PVE IPAM. DHCP worked flawlessly for all 5 zones,
pinging between two containers over all 5 VNets worked perfectly.
I am getting an error in the VLAN and QinQ zones when applying the SDN
config, though they seem to work. The error messages are quite cryptic
('error <vnet_id>') and I couldn't find anything in the journal.
I'll look into the errors more closely next week, I just wanted to ask
whether you noticed anything like that?
Happy Holidays and thanks for your efforts!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://antiphishing.cetsi.fr/proxy/v3?i=d1l4NXNNaWE4SWZqU0dLWcuTfdxEd9
8NfWIp9dma5kY&r=MXJUa0FrUVJqc1UwYWxNZ-
tmXdGQOM0bQR6kYEgvrmGZrgAumkB5XEgd10kSzvIx&f=c2xMdVN4Smh2R2tOZDdIRKCk7W
EocHpTPMerT1Q-
Aq5qwr8l2xvAWuOGvFsV3frp2oSAgxNUQCpJDHp2iUmTWg&u=https%3A//lists.proxmo
x.com/cgi-bin/mailman/listinfo/pve-devel&k=fjzS
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
2023-12-22 21:27 ` DERUMIER, Alexandre
@ 2024-02-22 10:13 ` Stefan Hanreich
[not found] ` <6c7a0c383c6aee77689433815775e27f5259da91.camel@groupe-cyllene.com>
0 siblings, 1 reply; 15+ messages in thread
From: Stefan Hanreich @ 2024-02-22 10:13 UTC (permalink / raw)
To: Proxmox VE development discussion, DERUMIER, Alexandre
On 12/22/23 22:27, DERUMIER, Alexandre wrote:
> Hi,
> I'll be on holiday next week (I'll be back the 2 january).
>
>
> I'll look at QinQ when I'll be back.
I've had another look at this patch series and I think I found the
reason for the issue(s) I encountered during my testing.
One issue is related to the new IP forwarding settings. It seems like
they are not applying. I've looked at the ifquery output after creating
a QinQ / VLAN zone with DHCP enabled:
{
"name": "qinq5",
"auto": true,
"config": {
"bridge-ports": "z_qinq5.456",
"bridge-stp": "no",
"bridge-fd": "0",
"ip-forward": "on",
"address": "172.16.5.1/32"
},
"config_status": {
"bridge-ports": "pass",
"bridge-stp": "pass",
"bridge-fd": "pass",
"ip-forward": "fail",
"address": "pass"
},
"status": "fail"
},
{
"name": "vlan4",
"auto": true,
"config": {
"bridge-ports": "ln_vlan4",
"bridge-stp": "no",
"bridge-fd": "0",
"ip-forward": "on",
"address": "172.16.4.1/32"
},
"config_status": {
"bridge-ports": "pass",
"bridge-stp": "pass",
"bridge-fd": "pass",
"ip-forward": "fail",
"address": "pass"
},
"status": "fail"
},
It seems like the ip-forward settings do not get applied and therefore
the command 'fails'. The bridges are up and working but IP forwarding is
enabled:
root@hoan-02:~# cat /proc/sys/net/ipv4/conf/vlan4/forwarding
1
root@hoan-02:~# cat /proc/sys/net/ipv4/conf/qinq5/forwarding
1
The other issue was using QinQ zone with a bridge that has no bridge
port configured and is not vlan-aware. In that case status is checking
for the existence of the sv_<id> interface but it doesn't exist since
there isn't a bridge port.
This is also occuring without this patch, so no show stopper here imo.
> It just miss the ip for dhcpserver different than gateway for ipv6
> handling for vlan/qinq/vxlan, but it should be easy to implement.
>
> Also, for ipv6 in vrf, it need a patch for dnsmasq, so I think this
> will need to proxmox dnsmasq package version.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (7 preceding siblings ...)
2023-12-22 14:01 ` [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Stefan Hanreich
@ 2024-11-13 9:48 ` Stefan Hanreich
2024-11-13 19:09 ` Stefan Hanreich
9 siblings, 0 replies; 15+ messages in thread
From: Stefan Hanreich @ 2024-11-13 9:48 UTC (permalink / raw)
To: Proxmox VE development discussion, Alexandre Derumier
Currently trying to rebase this onto current pve-network, but there are
some clashes with the MTU series (or rather, I need to implement MTU for
the other zones as well now).
On 12/19/23 09:32, Alexandre Derumier wrote:
> TO FIX:
>
> - Dnsmasq is currently buggy with ipv6 && vrf (no crash but it's not listening), and need to be patched with:
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=a889c554a7df71ff93a8299ef96037fbe05f2f55
> I have tested it, just applying this patch on current debian source is enough to get is working.
>
>
> - for layer2 network, we can't use a /128 for ipv6 like the /32 of ipv4.
> ipv6 range is large, so it shouldn't be a problem for user to have a free ip. (I can be the same on all vnets).
> But that mean we can't reuse the gateway ip (or it'll conflict).
> We need to be able to define a different ipv6 for dnsmasq server here. (and make it mandatory for ipv6 in this plugins)
Reading through this again: Wouldn't it make sense to use the link-local
address then? Or is there something I'm missing?
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
2023-12-19 8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
` (8 preceding siblings ...)
2024-11-13 9:48 ` Stefan Hanreich
@ 2024-11-13 19:09 ` Stefan Hanreich
2024-11-14 10:29 ` Aaron Lauterer
9 siblings, 1 reply; 15+ messages in thread
From: Stefan Hanreich @ 2024-11-13 19:09 UTC (permalink / raw)
To: Proxmox VE development discussion, Alexandre Derumier
I can see this working with Simple and EVPN zone where the host has an
IP because he is acting as a gateway.
But for VLAN / QinQ / VXLAN the way it is currently implemented is
confusing imo, since we are 'abusing' the gateway field for what is
essentially a bind address for dnsmasq.
There is already 'dhcp-dns-server' which configures the DNS server that
dnsmasq sends. Maybe we could add 'dhcp-default-gateway' as well, so
users can configure a default gateway that dnsmasq should send for those
zones if they have a central external firewall in that VLAN.
And then maybe make the bind address explicit for VLAN / VXLAN / QinQ by
moving it from gateway to 'dhcp-bind-address' and document that this
address is then reserved? This would also solve the IPv6 issue, wouldn't it?
Another issue is that the host is sending itself as default gateway and
DNS server in those zones, which we should probably not do (we turn off
forwarding on the interfaces, but it also overwrites resolv.conf, which
can be quite confusing I think). That should be easy to change (I have
it on my machine already).
I have the changes ready on my machine, but I wanted to ask for your
opinion as well, I can also just send them tomorrow and you can review
them if you like.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones
2024-11-13 19:09 ` Stefan Hanreich
@ 2024-11-14 10:29 ` Aaron Lauterer
0 siblings, 0 replies; 15+ messages in thread
From: Aaron Lauterer @ 2024-11-14 10:29 UTC (permalink / raw)
To: Proxmox VE development discussion, Stefan Hanreich, Alexandre Derumier
A few thoughts from my side after an in-person talk with Stefan.
On 2024-11-13 20:09, Stefan Hanreich wrote:
> I can see this working with Simple and EVPN zone where the host has an
> IP because he is acting as a gateway.
>
> But for VLAN / QinQ / VXLAN the way it is currently implemented is
> confusing imo, since we are 'abusing' the gateway field for what is
> essentially a bind address for dnsmasq.
In these cases, we should hide the gateway option in the zone settings
as it doesn't apply at all!
>
> There is already 'dhcp-dns-server' which configures the DNS server that
> dnsmasq sends. Maybe we could add 'dhcp-default-gateway' as well, so
> users can configure a default gateway that dnsmasq should send for those
> zones if they have a central external firewall in that VLAN.>
> And then maybe make the bind address explicit for VLAN / VXLAN / QinQ by
> moving it from gateway to 'dhcp-bind-address' and document that this
> address is then reserved? This would also solve the IPv6 issue, wouldn't it?
Yep, having it as DHCP options for the subnet would probably be the best
place in the GUI.
* Gateway
* DNS Server(s)
* DHCP Listening Address
The DHCP listening address would need to be mandatory, while the gateway
and DNS server announcements are optional.
>
> Another issue is that the host is sending itself as default gateway and
> DNS server in those zones, which we should probably not do (we turn off
> forwarding on the interfaces, but it also overwrites resolv.conf, which
> can be quite confusing I think). That should be easy to change (I have
> it on my machine already).
If we stick with VLANs as example (should apply for VXLAN & QinQ as
well), we usually have the gateway and DNS servers outside the PVE host.
Think, the router/firewall in which all VLANs terminate. The DNS server
could be on the router/firewall but also on a different machine in the
network.
We probably don't want to announce any gateway & DNS if those settings
are empty, just hand out IPs.
>
> I have the changes ready on my machine, but I wanted to ask for your
> opinion as well, I can also just send them tomorrow and you can review
> them if you like.
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 15+ messages in thread