From: Alexandre Derumier Date: Mon, 10 May 2021 06:40:58 +0000 (+0200) Subject: zones: simple|evpn : only enable ip-forward if gateway is defined on the subnet X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=bdec70894dd1e2ce7417e3cf0e8783f8d9208e1f;p=matthieu%2Fpve-network.git zones: simple|evpn : only enable ip-forward if gateway is defined on the subnet or ifquery report an error --- diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 4e1dc48..4fa46f7 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -95,6 +95,8 @@ sub generate_sdn_config { my $address = {}; my $ipv4 = undef; my $ipv6 = undef; + my $enable_forward_v4 = undef; + my $enable_forward_v6 = undef; my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1); foreach my $subnetid (sort keys %{$subnets}) { my $subnet = $subnets->{$subnetid}; @@ -115,10 +117,12 @@ sub generate_sdn_config { $ipv6 = 1; $iptables = "ip6tables"; $checkrouteip = '2001:4860:4860::8888'; + $enable_forward_v6 = 1 if $gateway; } else { $ipv4 = 1; $iptables = "iptables"; $checkrouteip = '8.8.8.8'; + $enable_forward_v4 = 1 if $gateway; } if ($subnet->{snat}) { @@ -144,8 +148,8 @@ sub generate_sdn_config { push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "alias $alias" if $alias; - push @iface_config, "ip-forward on" if $ipv4; - push @iface_config, "ip6-forward on" if $ipv6; + push @iface_config, "ip-forward on" if $enable_forward_v4; + push @iface_config, "ip6-forward on" if $enable_forward_v6; push @iface_config, "arp-accept on" if $ipv4||$ipv6; push @iface_config, "vrf $vrf_iface" if $vrf_iface; push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; diff --git a/PVE/Network/SDN/Zones/SimplePlugin.pm b/PVE/Network/SDN/Zones/SimplePlugin.pm index 103585c..7757747 100644 --- a/PVE/Network/SDN/Zones/SimplePlugin.pm +++ b/PVE/Network/SDN/Zones/SimplePlugin.pm @@ -59,6 +59,8 @@ sub generate_sdn_config { my $ipv4 = undef; my $ipv6 = undef; + my $enable_forward_v4 = undef; + my $enable_forward_v6 = undef; foreach my $subnetid (sort keys %{$subnets}) { my $subnet = $subnets->{$subnetid}; @@ -79,10 +81,12 @@ sub generate_sdn_config { $ipv6 = 1; $iptables = "ip6tables"; $checkrouteip = '2001:4860:4860::8888'; + $enable_forward_v6 = 1 if $gateway; } else { $ipv4 = 1; $iptables = "iptables"; $checkrouteip = '8.8.8.8'; + $enable_forward_v4 = 1 if $gateway; } #add route for /32 pointtopoint @@ -111,8 +115,8 @@ sub generate_sdn_config { } push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "alias $alias" if $alias; - push @iface_config, "ip-forward on" if $ipv4; - push @iface_config, "ip6-forward on" if $ipv6; + push @iface_config, "ip-forward on" if $enable_forward_v4; + push @iface_config, "ip6-forward on" if $enable_forward_v6; push @{$config->{$vnetid}}, @iface_config; diff --git a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config new file mode 100644 index 0000000..c0ca898 --- /dev/null +++ b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config @@ -0,0 +1,31 @@ +log syslog informational +ip forwarding +ipv6 forwarding +frr defaults datacenter +service integrated-vtysh-config +hostname localhost +! +! +vrf vrf_myzone + vni 1000 +exit-vrf +! +router bgp 65000 + bgp router-id 192.168.0.1 + no bgp default ipv4-unicast + coalesce-time 1000 + neighbor VTEP peer-group + neighbor VTEP remote-as 65000 + neighbor VTEP bfd + neighbor 192.168.0.2 peer-group VTEP + neighbor 192.168.0.3 peer-group VTEP + ! + address-family l2vpn evpn + neighbor VTEP activate + advertise-all-vni + exit-address-family +! +router bgp 65000 vrf vrf_myzone +! +line vty +! \ No newline at end of file diff --git a/test/zones/evpn/ipv4ipv6nogateway/expected_sdn_interfaces b/test/zones/evpn/ipv4ipv6nogateway/expected_sdn_interfaces new file mode 100644 index 0000000..378fa77 --- /dev/null +++ b/test/zones/evpn/ipv4ipv6nogateway/expected_sdn_interfaces @@ -0,0 +1,40 @@ +#version:1 + +auto myvnet +iface myvnet + hwaddress A2:1D:CB:1A:C0:8B + bridge_ports vxlan_myvnet + bridge_stp off + bridge_fd 0 + mtu 1450 + arp-accept on + vrf vrf_myzone + +auto vrf_myzone +iface vrf_myzone + vrf-table auto + post-up ip route add vrf vrf_myzone unreachable default metric 4278198272 + +auto vrfbr_myzone +iface vrfbr_myzone + bridge-ports vrfvx_myzone + bridge_stp off + bridge_fd 0 + mtu 1450 + vrf vrf_myzone + +auto vrfvx_myzone +iface vrfvx_myzone + vxlan-id 1000 + vxlan-local-tunnelip 192.168.0.1 + bridge-learning off + bridge-arp-nd-suppress on + mtu 1450 + +auto vxlan_myvnet +iface vxlan_myvnet + vxlan-id 100 + vxlan-local-tunnelip 192.168.0.1 + bridge-learning off + bridge-arp-nd-suppress on + mtu 1450 diff --git a/test/zones/evpn/ipv4ipv6nogateway/interfaces b/test/zones/evpn/ipv4ipv6nogateway/interfaces new file mode 100644 index 0000000..66bb826 --- /dev/null +++ b/test/zones/evpn/ipv4ipv6nogateway/interfaces @@ -0,0 +1,7 @@ +auto vmbr0 +iface vmbr0 inet static + address 192.168.0.1/24 + gateway 192.168.0.254 + bridge-ports eth0 + bridge-stp off + bridge-fd 0 diff --git a/test/zones/evpn/ipv4ipv6nogateway/sdn_config b/test/zones/evpn/ipv4ipv6nogateway/sdn_config new file mode 100644 index 0000000..ab2273f --- /dev/null +++ b/test/zones/evpn/ipv4ipv6nogateway/sdn_config @@ -0,0 +1,30 @@ +{ + version => 1, + vnets => { + ids => { + myvnet => { tag => "100", type => "vnet", zone => "myzone" }, + }, + }, + + zones => { + ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B' } }, + }, + controllers => { + ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } }, + }, + + subnets => { + ids => { + 'myzone-10.0.0.0-24' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + }, + 'myzone-2a08:2142:302:3::-64' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + } + } + } +} + + diff --git a/test/zones/simple/ipv4v6nogateway/expected_sdn_interfaces b/test/zones/simple/ipv4v6nogateway/expected_sdn_interfaces new file mode 100644 index 0000000..1e0c2c7 --- /dev/null +++ b/test/zones/simple/ipv4v6nogateway/expected_sdn_interfaces @@ -0,0 +1,7 @@ +#version:1 + +auto myvnet +iface myvnet + bridge_ports none + bridge_stp off + bridge_fd 0 diff --git a/test/zones/simple/ipv4v6nogateway/interfaces b/test/zones/simple/ipv4v6nogateway/interfaces new file mode 100644 index 0000000..68b6a88 --- /dev/null +++ b/test/zones/simple/ipv4v6nogateway/interfaces @@ -0,0 +1,5 @@ +auto vmbr0 +iface vmbr0 inet manual + bridge-ports eth0 + bridge-stp off + bridge-fd 0 diff --git a/test/zones/simple/ipv4v6nogateway/sdn_config b/test/zones/simple/ipv4v6nogateway/sdn_config new file mode 100644 index 0000000..dbd75c9 --- /dev/null +++ b/test/zones/simple/ipv4v6nogateway/sdn_config @@ -0,0 +1,25 @@ +{ + version => 1, + vnets => { + ids => { + myvnet => { type => "vnet", zone => "myzone" }, + }, + }, + zones => { + ids => { myzone => { ipam => "pve", type => "simple" } }, + }, + subnets => { + ids => { + 'myzone-192.168.0.0-24' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + }, + 'myzone-2a08:2142:302:3::-64' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + } + } + } +} + +