From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 31B201FF163
for <inbox@lore.proxmox.com>; Thu, 10 Oct 2024 10:19:11 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 80E5A146C9;
Thu, 10 Oct 2024 10:19:37 +0200 (CEST)
Date: Wed, 09 Oct 2024 16:55:50 +0000
To: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
In-Reply-To: <9045eca45de7aa50fd817fb9221cfa04c524ff19.camel@groupe-cyllene.com>
References: <20241008040109.322473-1-andrew@apalrd.net>
<20241008040109.322473-2-andrew@apalrd.net>
<9045eca45de7aa50fd817fb9221cfa04c524ff19.camel@groupe-cyllene.com>
X-Mailman-Approved-At: Thu, 10 Oct 2024 10:19:35 +0200
MIME-Version: 1.0
Message-ID: <mailman.254.1728548376.332.pve-devel@lists.proxmox.com>
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
From: Andrew via pve-devel <pve-devel@lists.proxmox.com>
Precedence: list
Cc: Andrew <andrew@apalrd.net>,
"pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
X-Mailman-Version: 2.1.29
X-BeenThere: pve-devel@lists.proxmox.com
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
Subject: Re: [pve-devel] [PATCH ifupdown2 1/1] Correctly handle IPv6
addresses in vxlan
Content-Type: multipart/mixed; boundary="===============6134050151233771568=="
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
--===============6134050151233771568==
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <andrew@apalrd.net>
X-Original-To: pve-devel@lists.proxmox.com
Delivered-To: pve-devel@lists.proxmox.com
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id A8F91C3D9D
for <pve-devel@lists.proxmox.com>; Wed, 9 Oct 2024 18:56:02 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 8B7BABBC3
for <pve-devel@lists.proxmox.com>; Wed, 9 Oct 2024 18:56:02 +0200 (CEST)
Received: from mail-4317.proton.ch (mail-4317.proton.ch [185.70.43.17])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for <pve-devel@lists.proxmox.com>; Wed, 9 Oct 2024 18:56:00 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apalrd.net;
s=protonmail; t=1728492953; x=1728752153;
bh=7o79y/P4Mrj3atwdHy7yVF3xWVJoMCCN0lP6fwMzIL0=;
h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID:BIMI-Selector;
b=LYh8ubacYlDN3TcGaiRN315OVYCp7aiBIhRtQ1Hm1TCakLhcLOf3HcbLoUZ/0qeKS
R24Fr5+RFgKiXzCY5tyPGCsMQTIdHzIS9WWuj1I/IZYUv9P1j1j1t46po9A2CLJkVN
jU1L8F4OTxNZeFmXGjI8kNxYYD1prYwUxfjWc/U/UmOcKXpmlMuu23lIa24xRpimjR
XGAxlJJIu2VHiO+YVUyRkkdHyAbFxmh+ZGVvLGtMUcMv/2jdKCZIksOHex0OKxnGgy
WUUCBsjFNmQbM3VrpFRvDD5QBqgmx/WX6Nf1ChZAAssfIEfFB0jpsb80gUjmk73qTP
BJHnilXciLrlg==
Date: Wed, 09 Oct 2024 16:55:50 +0000
To: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
From: Andrew <andrew@apalrd.net>
Cc: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: Re: [PATCH ifupdown2 1/1] Correctly handle IPv6 addresses in vxlan
Message-ID: <17214981-4406-4100-AFF6-9F70E12E421B@apalrd.net>
In-Reply-To: <9045eca45de7aa50fd817fb9221cfa04c524ff19.camel@groupe-cyllene.com>
References: <20241008040109.322473-1-andrew@apalrd.net> <20241008040109.322473-2-andrew@apalrd.net> <9045eca45de7aa50fd817fb9221cfa04c524ff19.camel@groupe-cyllene.com>
Feedback-ID: 38364418:user:proton
X-Pm-Message-ID: 64cad63d8904e38c893da30cf404857890d7bf9a
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.002 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
RCVD_IN_MSPIKE_H4 0.001 Very Good reputation (+4)
RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [vxlan.py,apalrd.net]
X-Mailman-Approved-At: Thu, 10 Oct 2024 10:19:35 +0200
Yes, I read all of the PRs and discussion on ifupdown2 GitHub before implem=
enting this.
Ultimately I disagreed with the solution to use a separate parameter for IP=
v6, for the following reasons:
- We can only have one local tunnel IP, so having two parameters means we n=
eed to check if the other one has been set (since setting both would be inv=
alid)
- There are already other cases in ifupdown2 which do ip.version =3D=3D 6 i=
ncluding common parameters like address and gateway, and most parameters do=
take both IPv4 and IPv6 addresses (such as the remoteip field in vxlan), s=
o having one parameter for both families would be consistent with other par=
ameters in the interfaces file which take both families (regardless of the =
kernel implementation having two fields instead of one in this case)
- ifupdown-ng already solved this problem using a single parameter instead =
of two, so doing something else would diverge ifupdown2 vs ifupdown-ng synt=
ax which should be the same
I could add additional error checking to ensure that remoteip[] and localip=
are the same address family if you=E2=80=99d like. Currently that results =
in a Netlink exception which gets passed back as an error message. The kern=
el only allows one address family for a vxlan interface.
Thanks,
Andrew
> On Oct 9, 2024, at 11:37, DERUMIER, Alexandre <alexandre.derumier@groupe-=
cyllene.com> wrote:
>=20
> Try to look at ifupdown2 github, their are 2 old pull request about
> this (never merged/ never completed)
>=20
>=20
>=20
> https://github.com/CumulusNetworks/ifupdown2/pull/172
>=20
> "
> For this we would need a new attribute vxlan-local-tunnelip6, we don't
> want to reuse the same attribute for ipv6.
> We are using netlink to configure vxlans, so it's important to use a
> different attribute to set the proper netlink attribute (I don't want
> to have things like if IPAddress(value).version =3D=3D 6: set
> Link.IFLA_VXLAN_LOCAL
> "
>=20
> https://github.com/CumulusNetworks/ifupdown2/pull/182
>=20
>=20
> so, at minimum, this need to use a different "vxlan-local-tunnelip6"
> attribute for ipv6
>=20
>=20
> -------- Message initial --------
> De: apalrd <andrew@apalrd.net>
> =C3=80: pve-devel@lists.proxmox.com
> Cc: apalrd <andrew@apalrd.net>
> Objet: [PATCH ifupdown2 1/1] Correctly handle IPv6 addresses in vxlan
> Date: 08/10/2024 06:01:09
>=20
> ---
> ifupdown2/addons/vxlan.py | 26 ++++++++++++++++----------
> 1 file changed, 16 insertions(+), 10 deletions(-)
>=20
> diff --git a/ifupdown2/addons/vxlan.py b/ifupdown2/addons/vxlan.py
> index 084aec9..4aa8e50 100644
> --- a/ifupdown2/addons/vxlan.py
> +++ b/ifupdown2/addons/vxlan.py
> @@ -51,7 +51,7 @@ class vxlan(Vxlan, moduleBase):
> },
> "vxlan-local-tunnelip": {
> "help": "vxlan local tunnel ip",
> - "validvals": ["<ipv4>"],
> + "validvals": ["<ipv4>,<ipv6>"],
> "example": ["vxlan-local-tunnelip 172.16.20.103"]
> },
> "vxlan-svcnodeip": {
> @@ -66,7 +66,7 @@ class vxlan(Vxlan, moduleBase):
> },
> "vxlan-remoteip": {
> "help": "vxlan remote ip",
> - "validvals": ["<ipv4>"],
> + "validvals": ["<ipv4>,<ipv6>"],
> "example": ["vxlan-remoteip 172.16.22.127"],
> "multiline": True
> },
> @@ -521,7 +521,7 @@ class vxlan(Vxlan, moduleBase):
> local =3D self._vxlan_local_tunnelip
> =20
> if link_exists:
> - cached_ifla_vxlan_local =3D
> cached_vxlan_ifla_info_data.get(Link.IFLA_VXLAN_LOCAL)
> + cached_ifla_vxlan_local =3D
> cached_vxlan_ifla_info_data.get(Link.IFLA_VXLAN_LOCAL) or
> cached_vxlan_ifla_info_data.get(Link.IFLA_VXLAN_LOCAL6)
> =20
> # on ifreload do not overwrite anycast_ip to individual ip
> # if clagd has modified
> @@ -547,7 +547,7 @@ class vxlan(Vxlan, moduleBase):
> =20
> if local:
> try:
> - local =3D ipnetwork.IPv4Address(local)
> + local =3D ipnetwork.IPAddress(local)
> =20
> if local.initialized_with_prefixlen:
> self.logger.warning("%s: vxlan-local-tunnelip %s:
> netmask ignored" % (ifname, local))
> @@ -559,13 +559,19 @@ class vxlan(Vxlan, moduleBase):
> if local:
> if local !=3D cached_ifla_vxlan_local:
> self.logger.info("%s: set vxlan-local-tunnelip %s" %
> (ifname, local))
> - user_request_vxlan_info_data[Link.IFLA_VXLAN_LOCAL] =3D
> local
> + if local.version =3D=3D 6:
> + =20
> user_request_vxlan_info_data[Link.IFLA_VXLAN_LOCAL6] =3D local
> + else:
> + =20
> user_request_vxlan_info_data[Link.IFLA_VXLAN_LOCAL] =3D local
> =20
> # if both local-ip and anycast-ip are identical the
> function prints a warning
> self.syntax_check_localip_anycastip_equal(ifname,
> local, self._clagd_vxlan_anycast_ip)
> elif cached_ifla_vxlan_local:
> self.logger.info("%s: removing vxlan-local-tunnelip (cache
> %s)" % (ifname, cached_ifla_vxlan_local))
> - user_request_vxlan_info_data[Link.IFLA_VXLAN_LOCAL] =3D None
> + if cached_ifla_vxlan_local.version =3D=3D 6:
> + user_request_vxlan_info_data[Link.IFLA_VXLAN_LOCAL6] =3D
> None
> + else:
> + user_request_vxlan_info_data[Link.IFLA_VXLAN_LOCAL] =3D
> None
> =20
> return local
> =20
> @@ -1236,7 +1242,7 @@ class vxlan(Vxlan, moduleBase):
> if remoteips:
> try:
> for remoteip in remoteips:
> - ipnetwork.IPv4Address(remoteip)
> + ipnetwork.IPAddress(remoteip)
> except Exception as e:
> self.log_error('%s: vxlan-remoteip: %s' %
> (ifaceobj.name, str(e)))
> =20
> @@ -1244,7 +1250,7 @@ class vxlan(Vxlan, moduleBase):
> # purge any removed remote ip
> old_remoteips =3D self.get_old_remote_ips(ifaceobj.name)
> =20
> - if vxlan_purge_remotes or remoteips or (remoteips !=3D
> old_remoteips):
> + if vxlan_purge_remotes or (isinstance(remoteips,list) and
> remoteips !=3D old_remoteips):
> # figure out the diff for remotes and do the bridge fdb
> updates
> # only if provisioned by user and not by an vxlan external
> # controller.
> @@ -1281,8 +1287,8 @@ class vxlan(Vxlan, moduleBase):
> "00:00:00:00:00:00",
> None, True, addr
> )
> - except Exception:
> - pass
> + except Exception as e:
> + self.log_error('%s: vxlan-remoteip<add>: %s' %
> (ifaceobj.name, str(e)))
> =20
> self.vxlan_remote_ip_map(ifaceobj, vxlan_mcast_grp_map)
> =20
>=20
--===============6134050151233771568==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
--===============6134050151233771568==--