[lxc-devel] [lxd/master] Network: Adds DHCPv6 stateful support
tomponline on Github
lxc-bot at linuxcontainers.org
Wed Sep 30 14:09:14 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 468 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200930/185e7d0b/attachment.bin>
-------------- next part --------------
From 0bf336b3ecdafa531ee3c25c1018fe7dcfb6d4e5 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 30 Sep 2020 10:59:58 +0100
Subject: [PATCH 1/6] doc/networks: Simplifies OVN single node setup
instructions
Using 127.0.0.1 as the local geneve tunnel encapsulation IP means the user doesn't need to figure out their node's LAN IP.
Also because the lo interface's MTU is max size it allows the OVN bridge to operate at 1500 bytes.
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
doc/networks.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/doc/networks.md b/doc/networks.md
index da37fff468..7cc2660e47 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -266,16 +266,17 @@ This will create a standalone OVN network that is connected to the parent networ
Install the OVN tools and configure the OVN integration bridge on the local node:
```
-apt install ovn-host ovn-central
-ovs-vsctl set open_vswitch . \
+sudo apt install ovn-host ovn-central
+sudo ovs-vsctl set open_vswitch . \
external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock \
external_ids:ovn-encap-type=geneve \
- external_ids:ovn-encap-ip=n.n.n.n \ # The IP of your LXD host on the LAN
+ external_ids:ovn-encap-ip=127.0.0.1
```
Create an OVN network and an instance using it:
```
+lxc network set lxdbr0 ipv4.dhcp.ranges=... ipv4.ovn.ranges=... # Allocate IP range for OVN gateways.
lxc network create ovntest --type=ovn network=lxdbr0
lxc init images:ubuntu/focal c1
lxc config device override c1 eth0 network=ovntest
From de431347e046b65c443d8bff35d9e87e808f9cfd Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 30 Sep 2020 11:41:04 +0100
Subject: [PATCH 2/6] lxd/device/nic/ovn: Improves error message in Start
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/device/nic_ovn.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/device/nic_ovn.go b/lxd/device/nic_ovn.go
index 79aa018feb..41e94e4b4e 100644
--- a/lxd/device/nic_ovn.go
+++ b/lxd/device/nic_ovn.go
@@ -237,7 +237,7 @@ func (d *nicOVN) Start() (*deviceConfig.RunConfig, error) {
// Add new OVN logical switch port for instance.
logicalPortName, err := network.OVNInstanceDevicePortAdd(d.network, d.inst.ID(), d.inst.Name(), d.name, mac, ips)
if err != nil {
- return nil, err
+ return nil, errors.Wrapf(err, "Failed adding OVN port")
}
revert.Add(func() { network.OVNInstanceDevicePortDelete(d.network, d.inst.ID(), d.name) })
From a46531236c841f9fd01ca3161e1adc6f0763b887 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 30 Sep 2020 11:41:25 +0100
Subject: [PATCH 3/6] lxd/network/driver/ovn: Implements DHCPv4Subnet and
DHCPv6Subnet to allow static IPs to be set
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_ovn.go | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go
index 40a3cdb524..17e7101e71 100644
--- a/lxd/network/driver_ovn.go
+++ b/lxd/network/driver_ovn.go
@@ -1558,3 +1558,33 @@ func (n *ovn) instanceDevicePortDelete(instanceID int, deviceName string) error
return nil
}
+
+// DHCPv4Subnet returns the DHCPv4 subnet (if DHCP is enabled on network).
+func (n *ovn) DHCPv4Subnet() *net.IPNet {
+ // DHCP is disabled on this network (an empty ipv4.dhcp setting indicates enabled by default).
+ if n.config["ipv4.dhcp"] != "" && !shared.IsTrue(n.config["ipv4.dhcp"]) {
+ return nil
+ }
+
+ _, subnet, err := net.ParseCIDR(n.config["ipv4.address"])
+ if err != nil {
+ return nil
+ }
+
+ return subnet
+}
+
+// DHCPv6Subnet returns the DHCPv6 subnet (if DHCP or SLAAC is enabled on network).
+func (n *ovn) DHCPv6Subnet() *net.IPNet {
+ // DHCP is disabled on this network (an empty ipv6.dhcp setting indicates enabled by default).
+ if n.config["ipv6.dhcp"] != "" && !shared.IsTrue(n.config["ipv6.dhcp"]) {
+ return nil
+ }
+
+ _, subnet, err := net.ParseCIDR(n.config["ipv6.address"])
+ if err != nil {
+ return nil
+ }
+
+ return subnet
+}
From 0766ad84953fba91decadf04dbcfe96b1f4ad4b3 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 30 Sep 2020 15:01:45 +0100
Subject: [PATCH 4/6] lxd/network/openvswitch/ovn: Fix spelling of
OVNIPv6AddressModeDHCPStateful and OVNIPv6AddressModeDHCPStateless values
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/openvswitch/ovn.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lxd/network/openvswitch/ovn.go b/lxd/network/openvswitch/ovn.go
index aebe5e210f..e5f5677272 100644
--- a/lxd/network/openvswitch/ovn.go
+++ b/lxd/network/openvswitch/ovn.go
@@ -39,10 +39,10 @@ type OVNIPv6AddressMode string
const OVNIPv6AddressModeSLAAC OVNIPv6AddressMode = "slaac"
// OVNIPv6AddressModeDHCPStateful IPv6 DHCPv6 stateful mode.
-const OVNIPv6AddressModeDHCPStateful OVNIPv6AddressMode = "dhcp_stateful"
+const OVNIPv6AddressModeDHCPStateful OVNIPv6AddressMode = "dhcpv6_stateful"
// OVNIPv6AddressModeDHCPStateless IPv6 DHCPv6 stateless mode.
-const OVNIPv6AddressModeDHCPStateless OVNIPv6AddressMode = "dhcp_stateless"
+const OVNIPv6AddressModeDHCPStateless OVNIPv6AddressMode = "dhcpv6_stateless"
// OVNIPv6RAOpts IPv6 router advertisements options that can be applied to a router.
type OVNIPv6RAOpts struct {
From 6aa321fb73571d9e2e43cfa345e6fa368b454a57 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 30 Sep 2020 15:05:31 +0100
Subject: [PATCH 5/6] lxd/network/driver/ovn: Adds support for
ipv6.dhcp.stateful
This needs to be enabled before an OVN NIC can set static `ipv6.address`.
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_ovn.go | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go
index 17e7101e71..899299867d 100644
--- a/lxd/network/driver_ovn.go
+++ b/lxd/network/driver_ovn.go
@@ -98,8 +98,9 @@ func (n *ovn) Validate(config map[string]string) error {
return validate.Optional(validate.IsNetworkAddressCIDRV6)(value)
},
- "dns.domain": validate.IsAny,
- "dns.search": validate.IsAny,
+ "ipv6.dhcp.stateful": validate.Optional(validate.IsBool),
+ "dns.domain": validate.IsAny,
+ "dns.search": validate.IsAny,
// Volatile keys populated automatically as needed.
ovnVolatileParentIPv4: validate.Optional(validate.IsNetworkAddressV4),
@@ -1208,8 +1209,13 @@ func (n *ovn) setup(update bool) error {
// Set IPv6 router advertisement settings.
if routerIntPortIPv6Net != nil {
+ adressMode := openvswitch.OVNIPv6AddressModeSLAAC
+ if shared.IsTrue(n.config["ipv6.dhcp.stateful"]) {
+ adressMode = openvswitch.OVNIPv6AddressModeDHCPStateful
+ }
+
err = client.LogicalRouterPortSetIPv6Advertisements(n.getRouterIntPortName(), &openvswitch.OVNIPv6RAOpts{
- AddressMode: openvswitch.OVNIPv6AddressModeSLAAC,
+ AddressMode: adressMode,
SendPeriodic: true,
DNSSearchList: n.getDNSSearchList(),
RecursiveDNSServer: parent.dnsIPv6,
From 0d2cf135a5d60c5fa6623baa8b080197d0bb552e Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 30 Sep 2020 15:07:13 +0100
Subject: [PATCH 6/6] doc/networks: Documents ipv6.dhcp.stateful option for OVN
networks
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
doc/networks.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/networks.md b/doc/networks.md
index 7cc2660e47..47d3386963 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -297,4 +297,5 @@ dns.domain | string | - | lxd
dns.search | string | - | - | Full comma separated domain search list, defaulting to `dns.domain` value
ipv4.address | string | standard mode | random unused subnet | IPv4 address for the bridge (CIDR notation). Use "none" to turn off IPv4 or "auto" to generate a new one
ipv6.address | string | standard mode | random unused subnet | IPv6 address for the bridge (CIDR notation). Use "none" to turn off IPv6 or "auto" to generate a new one
+ipv6.dhcp.stateful | boolean | ipv6 dhcp | false | Whether to allocate addresses using DHCP
network | string | - | - | Parent network to use for outbound external network access
More information about the lxc-devel
mailing list