[pve-devel] [RFC cluster/manager/network 0/6] Add support for DHCP servers to SDN

Wed Sep 20 23:48:27 CEST 2023

Le mercredi 13 septembre 2023 à 13:21 +0000, DERUMIER, Alexandre a
écrit :
> yes, use should be able to define his own ip too. (maybe directly in
> a
> ipam gui on the sdn subnet ,   or maybe on the vm nic gui (but
> registering ip in ipam),  I'm really not sure ...)

Hi, I have done some tests with differents external ipam, to compare 
storing or not storing ip on proxmox side.

Finally, It's not so easy without writing ip on proxmox side (in vm
config or somewhere else), because to retrieve a reserved ip from
external ipam when vm start, we need to lookup maybe from mac address,
maybe from hostname of the vm, or maybe some custom attributes, but not
all ipams accept same attributes. 

(at least phpipam && netbox don't support all features, or not easyly.
Netbox for example, for macaddress need to register the full vm object
&& interfaces + mac  + mapping to ip, Phpipam is a single ip object
with mac as attribute).

So I think the best way is still to write the ip into the vm config,
this allow to inject already reserved ip in dhcp at vm start/migrate
without need to call the ipam (also avoid start problem is ipam server
is down).

and this allow to use it for firewall ipfilter, I see a usecase for sdn
vxlan too or special /32 route injection)

I just need some protections for snapshot, but nothing too difficult,
but we really need to avoid to try to manage in ipam multiple
version/snapshot of ip entry for a vm. 
I had tried 2years ago, it was really painful to handle this in
differents ipam.
So maybe the best way is to forbid to change ip address when a snapshot
already exist.

I think we could implement ipam call like:

create vm or add a new nic  --> 
-----------------------------
qm create ... -net0
bridge=vnet,....,ip=(auto|192.168.0.1|dynamic),ip6=(..)

auto : search a free ip in ipam.  write the ip address in net0: ...,ip=
ip field 

192.168.0.1:  check if ip is free in ipam && register ip in ipam. write
the ip in ip field.

dynamic: write "ephemeral" in net0: ....,ip=ephemeral (This is a
dynamic ip registered at vm start, and release at vm stop)

vm start
---------
- if ip=ephemeral, find && register a free ip in ipam, write it in vm
net0: ...,ip=192.168.0.10[E] .   (maybe with a special flag [E] to
indicate it's ephemeral)
- read ip from vm config && inject in dhcp

vm_stop
-------
if ip is ephemeral (netX: ip=192.168.0.10[E]),  delete ip from ipam,
set ip=ephemeral in vm config

vm_destroy or nic remove/unplug
-------------------------
if netX: ...,ip=192.168.0.10   ,  remove ip from ipam

nic update when vm is running:
------------------------------
if ip is defined : netX: ip=192.168.0.10,  we don't allow bridge change
or ip change, as vm is not notified about theses changes, and still use
old ip.

We can allow nic hot-unplug && hotplug. (guest os will remove the ip on
nic removal, and will call dhcp again on nic hotplug)

nic hotplug with ip=auto:
-------------------------

--> add nic in pending state ----> find ip in ipam && write it in
pending ---> do the hotplug in qemu.

We need to handle the config revert to remove ip from ipam if the nic
hotplug is blocked in pending state(I never see this case until os
don't have pci_hotplug module loaded, but it's better to be carefull )

The ipam modules (internal pve, phpipam,netbox) are already for this, I
think it shouldn't be too difficult.

dnsmasq seem to have a reservation file option, where we can
dynamically add ip-mac without need to reload it. 

I'll try it, re-using your current dnsmasq patches.