[lxc-devel] [lxd/master] Routed NIC: Host addresses for multiple NIC support

tomponline on Github lxc-bot at linuxcontainers.org
Fri Mar 27 15:26:57 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 970 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200327/8ed91ab4/attachment.bin>
-------------- next part --------------
From f58544dce7590c98e2a2ca2fa3974bf7ca99ddc0 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Fri, 27 Mar 2020 15:17:20 +0000
Subject: [PATCH 1/3] lxd/device/nic: Adds ipv4.host_address and
 ipv6.host_address keys

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/device/nic.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lxd/device/nic.go b/lxd/device/nic.go
index abcac9868e..2b0841c3f2 100644
--- a/lxd/device/nic.go
+++ b/lxd/device/nic.go
@@ -51,6 +51,8 @@ func nicValidationRules(requiredFields []string, optionalFields []string) map[st
 		"boot.priority":           shared.IsUint32,
 		"ipv4.gateway":            NetworkValidGateway,
 		"ipv6.gateway":            NetworkValidGateway,
+		"ipv4.host_address":       NetworkValidAddressV4,
+		"ipv6.host_address":       NetworkValidAddressV6,
 	}
 
 	validators := map[string]func(value string) error{}

From fcd9df4f3cc73b8435e5f04be76c0520a302b572 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Fri, 27 Mar 2020 15:17:51 +0000
Subject: [PATCH 2/3] lxd/device/nic/routed: Adds ability to specify host-side
 veth interface IP address

Useful when using multiple routed NICs to provide a stable next-hop address.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/device/nic_routed.go | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/lxd/device/nic_routed.go b/lxd/device/nic_routed.go
index e6ef7f50c7..cbd1c73523 100644
--- a/lxd/device/nic_routed.go
+++ b/lxd/device/nic_routed.go
@@ -39,6 +39,8 @@ func (d *nicRouted) validateConfig(instConf instance.ConfigReader) error {
 		"vlan",
 		"ipv4.gateway",
 		"ipv6.gateway",
+		"ipv4.host_address",
+		"ipv6.host_address",
 	}
 
 	rules := nicValidationRules(requiredFields, optionalFields)
@@ -218,7 +220,7 @@ func (d *nicRouted) Start() (*deviceConfig.RunConfig, error) {
 
 		if nicHasAutoGateway(d.config["ipv4.gateway"]) {
 			// Use a fixed link-local address as the next-hop default gateway.
-			nic = append(nic, deviceConfig.RunConfigItem{Key: "ipv4.gateway", Value: nicRoutedIPv4GW})
+			nic = append(nic, deviceConfig.RunConfigItem{Key: "ipv4.gateway", Value: d.ipv4HostAddress()})
 		}
 	}
 
@@ -230,7 +232,7 @@ func (d *nicRouted) Start() (*deviceConfig.RunConfig, error) {
 
 		if nicHasAutoGateway(d.config["ipv6.gateway"]) {
 			// Use a fixed link-local address as the next-hop default gateway.
-			nic = append(nic, deviceConfig.RunConfigItem{Key: "ipv6.gateway", Value: nicRoutedIPv6GW})
+			nic = append(nic, deviceConfig.RunConfigItem{Key: "ipv6.gateway", Value: d.ipv6HostAddress()})
 		}
 	}
 
@@ -279,15 +281,15 @@ func (d *nicRouted) postStart() error {
 	// inside the instance work and ensure that traffic doesn't periodically halt whilst ARP/NDP
 	// is re-detected.
 	if v["host_name"] != "" {
-		if d.config["ipv4.address"] != "" && nicHasAutoGateway(d.config["ipv4.gateway"]) {
-			_, err := shared.RunCommand("ip", "-4", "addr", "add", fmt.Sprintf("%s/32", nicRoutedIPv4GW), "dev", v["host_name"])
+		if d.config["ipv4.address"] != "" {
+			_, err := shared.RunCommand("ip", "-4", "addr", "add", fmt.Sprintf("%s/32", d.ipv4HostAddress()), "dev", v["host_name"])
 			if err != nil {
 				return err
 			}
 		}
 
-		if d.config["ipv6.address"] != "" && nicHasAutoGateway(d.config["ipv6.gateway"]) {
-			_, err := shared.RunCommand("ip", "-6", "addr", "add", fmt.Sprintf("%s/128", nicRoutedIPv6GW), "dev", v["host_name"])
+		if d.config["ipv6.address"] != "" {
+			_, err := shared.RunCommand("ip", "-6", "addr", "add", fmt.Sprintf("%s/128", d.ipv6HostAddress()), "dev", v["host_name"])
 			if err != nil {
 				return err
 			}
@@ -326,3 +328,19 @@ func (d *nicRouted) postStop() error {
 
 	return nil
 }
+
+func (d *nicRouted) ipv4HostAddress() string {
+	if d.config["ipv4.host_address"] != "" {
+		return d.config["ipv4.host_address"]
+	}
+
+	return nicRoutedIPv4GW
+}
+
+func (d *nicRouted) ipv6HostAddress() string {
+	if d.config["ipv6.host_address"] != "" {
+		return d.config["ipv6.host_address"]
+	}
+
+	return nicRoutedIPv6GW
+}

From 2e9a6926b5b2b9343567f93605aa8194b48c4524 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Fri, 27 Mar 2020 15:24:11 +0000
Subject: [PATCH 3/3] api: Adds container_nic_routed_host_address API extension

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 doc/api-extensions.md | 15 +++++++++++++++
 shared/version/api.go |  1 +
 2 files changed, 16 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 3fc67bccf3..2013853462 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -975,3 +975,18 @@ This adds a new `size` field to the output of `/1.0/instances/<name>/snapshots/<
 
 ## clustering\_edit\_roles
 This adds a writable endpoint for cluster members, allowing the editing of their roles.
+
+## container\_nic\_routed\_host\_address
+This introduces the `ipv4.host_address` and `ipv6.host_address` NIC config keys that can be used to control the
+host-side veth interface's IP addresses. This can be useful when using multiple routed NICs at the same time and
+needing a predictable next-hop address to use.
+
+This also alters the behaviour of `ipv4.gateway` and `ipv6.gateway` NIC config keys. When they are set to "auto"
+the container will have its default gateway set to the value of `ipv4.host_address` or `ipv6.host_address` respectively.
+
+The default values are:
+
+`ipv4.host_address`: 169.254.0.1
+`ipv6.host_address`: fe80::1
+
+This is backward compatible with the previous default behaviour.
diff --git a/shared/version/api.go b/shared/version/api.go
index cfa20e71f6..a082c41b3e 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -199,6 +199,7 @@ var APIExtensions = []string{
 	"trust_ca_certificates",
 	"snapshot_disk_usage",
 	"clustering_edit_roles",
+	"container_nic_routed_host_address",
 }
 
 // APIExtensionsCount returns the number of available API extensions.

More information about the lxc-devel mailing list