Mirror/pve-network
1
0
Fork 1
mirror of git://git.proxmox.com/git/pve-network.git synced 2025-04-30 11:27:11 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

zones: simple|evpn : only enable ip-forward if gateway is defined on the subnet

Browse source 
or ifquery report an error
This commit is contained in:
Alexandre Derumier 2021-05-10 08:40:58 +02:00 committed by Thomas Lamprecht
parent d6557a2dcd
commit bdec70894d
9 changed files with 157 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
PVE/Network/SDN/Zones/EvpnPlugin.pm
View file

@ -95,6 +95,8 @@ sub generate_sdn_config {
my $address = {};
my $ipv4 = undef;
my $ipv6 = undef;
my $enable_forward_v4 = undef;
my $enable_forward_v6 = undef;
my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
@ -115,10 +117,12 @@ sub generate_sdn_config {
$ipv6 = 1;
$iptables = "ip6tables";
$checkrouteip = '2001:4860:4860::8888';
$enable_forward_v6 = 1 if $gateway;
} else {
$ipv4 = 1;
$iptables = "iptables";
$checkrouteip = '8.8.8.8';
$enable_forward_v4 = 1 if $gateway;
}
if ($subnet->{snat}) {
@ -144,8 +148,8 @@ sub generate_sdn_config {
push @iface_config, "bridge_fd 0";
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
push @iface_config, "ip-forward on" if $ipv4;
push @iface_config, "ip6-forward on" if $ipv6;
push @iface_config, "ip-forward on" if $enable_forward_v4;
push @iface_config, "ip6-forward on" if $enable_forward_v6;
push @iface_config, "arp-accept on" if $ipv4||$ipv6;
push @iface_config, "vrf $vrf_iface" if $vrf_iface;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};

8
PVE/Network/SDN/Zones/SimplePlugin.pm
View file

@ -59,6 +59,8 @@ sub generate_sdn_config {
my $ipv4 = undef;
my $ipv6 = undef;
my $enable_forward_v4 = undef;
my $enable_forward_v6 = undef;
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
@ -79,10 +81,12 @@ sub generate_sdn_config {
$ipv6 = 1;
$iptables = "ip6tables";
$checkrouteip = '2001:4860:4860::8888';
$enable_forward_v6 = 1 if $gateway;
} else {
$ipv4 = 1;
$iptables = "iptables";
$checkrouteip = '8.8.8.8';
$enable_forward_v4 = 1 if $gateway;
}
#add route for /32 pointtopoint
@ -111,8 +115,8 @@ sub generate_sdn_config {
}
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
push @iface_config, "ip-forward on" if $ipv4;
push @iface_config, "ip6-forward on" if $ipv6;
push @iface_config, "ip-forward on" if $enable_forward_v4;
push @iface_config, "ip6-forward on" if $enable_forward_v6;
push @{$config->{$vnetid}}, @iface_config;

31
test/zones/evpn/ipv4ipv6nogateway/expected_controller_config Normal file
View file

@ -0,0 +1,31 @@
log syslog informational
ip forwarding
ipv6 forwarding
frr defaults datacenter
service integrated-vtysh-config
hostname localhost
!
!
vrf vrf_myzone
vni 1000
exit-vrf
!
router bgp 65000
bgp router-id 192.168.0.1
no bgp default ipv4-unicast
coalesce-time 1000
neighbor VTEP peer-group
neighbor VTEP remote-as 65000
neighbor VTEP bfd
neighbor 192.168.0.2 peer-group VTEP
neighbor 192.168.0.3 peer-group VTEP
!
address-family l2vpn evpn
neighbor VTEP activate
advertise-all-vni
exit-address-family
!
router bgp 65000 vrf vrf_myzone
!
line vty
!

40
test/zones/evpn/ipv4ipv6nogateway/expected_sdn_interfaces Normal file
View file

@ -0,0 +1,40 @@
#version:1
auto myvnet
iface myvnet
hwaddress A2:1D:CB:1A:C0:8B
bridge_ports vxlan_myvnet
bridge_stp off
bridge_fd 0
mtu 1450
arp-accept on
vrf vrf_myzone
auto vrf_myzone
iface vrf_myzone
vrf-table auto
post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
auto vrfbr_myzone
iface vrfbr_myzone
bridge-ports vrfvx_myzone
bridge_stp off
bridge_fd 0
mtu 1450
vrf vrf_myzone
auto vrfvx_myzone
iface vrfvx_myzone
vxlan-id 1000
vxlan-local-tunnelip 192.168.0.1
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
auto vxlan_myvnet
iface vxlan_myvnet
vxlan-id 100
vxlan-local-tunnelip 192.168.0.1
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450

7
test/zones/evpn/ipv4ipv6nogateway/interfaces Normal file
View file

@ -0,0 +1,7 @@
auto vmbr0
iface vmbr0 inet static
address 192.168.0.1/24
gateway 192.168.0.254
bridge-ports eth0
bridge-stp off
bridge-fd 0

30
test/zones/evpn/ipv4ipv6nogateway/sdn_config Normal file
View file

@ -0,0 +1,30 @@
{
version => 1,
vnets => {
ids => {
myvnet => { tag => "100", type => "vnet", zone => "myzone" },
},
},
zones => {
ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } },
},
controllers => {
ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
},
subnets => {
ids => {
'myzone-10.0.0.0-24' => {
'type' => 'subnet',
'vnet' => 'myvnet',
},
'myzone-2a08:2142:302:3::-64' => {
'type' => 'subnet',
'vnet' => 'myvnet',
}
}
}
}

7
test/zones/simple/ipv4v6nogateway/expected_sdn_interfaces Normal file
View file

@ -0,0 +1,7 @@
#version:1
auto myvnet
iface myvnet
bridge_ports none
bridge_stp off
bridge_fd 0

5
test/zones/simple/ipv4v6nogateway/interfaces Normal file
View file

@ -0,0 +1,5 @@
auto vmbr0
iface vmbr0 inet manual
bridge-ports eth0
bridge-stp off
bridge-fd 0

25
test/zones/simple/ipv4v6nogateway/sdn_config Normal file
View file

@ -0,0 +1,25 @@
{
version => 1,
vnets => {
ids => {
myvnet => { type => "vnet", zone => "myzone" },
},
},
zones => {
ids => { myzone => { ipam => "pve", type => "simple" } },
},
subnets => {
ids => {
'myzone-192.168.0.0-24' => {
'type' => 'subnet',
'vnet' => 'myvnet',
},
'myzone-2a08:2142:302:3::-64' => {
'type' => 'subnet',
'vnet' => 'myvnet',
}
}
}
}