[pve-devel] [PATCH pve-docs 0/1] vxlan l3 routing

Mon Dec 10 16:59:30 CET 2018

Hi Dietmar,

I'll have time to work again on /etc/pve/network.cfg idea.

I don't known if you have some time to check my idea about using ifupdown2 "alias"

BTW,talking with students on last training (a lot coming from vmware world),
they think it could be great to be able to define global network (distributed virtual switch/ dvs in vmware),
for vlan or vxlan, and be able to make permissions on it. (maybe be able to add them in a proxmox pool).

----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "dietmar" <dietmar at proxmox.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Samedi 25 Août 2018 02:10:33
Objet: Re: [pve-devel] [PATCH pve-docs 0/1] vxlan l3 routing

>>Just try - maybe you can find a way to define a cluster wide config 
>>(etc/pve/network.cfg) for those bridges. 
>> 
>>vnet1000: vxlan # VNI 1000 
>> device vmbr0 # => vxlan-local-tunnelip 
>> group 239.0.0.1 

>>above would create the vtep and the bridge called 'vnet1000'? 

Hi Dietmar, 

I think I have found a way. 

ifupdown2 support "alias" options 

" 
auto eno1 
iface eno1 
alias hypervisor_port_1 
" 

ip link set dev ${interface name} alias "${description}" 

Examples: 
ip link set dev eno1 alias "hypervisor_port_1" 
Link aliases show up in "ip link show" output, like: 
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000 
link/ether 22:ce:e0:99:63:6f brd ff:ff:ff:ff:ff:ff 
alias hypervisor_port_1 

Like this, we could define a common alias on differents hosts, with differents interfaces, 
and no need to use a vmbr0. (I'm thinking of layer3 underlay, with multiple interfaces with ecmp) 

Some examples: 
--------------- 

multicast setup 
--------------- 
vnet1000: vxlan # VNI 1000 
device hypervisor_port_1 
type multicast 
group 239.0.0.1 

this will add a vxlan1000 interface with "vxlan-svcnodeip ..." option (with multicast address) 
and vxlan-physdev (interface enX with hypervisor_port_1 alias) 

node1 
----- 
auto eno1 
iface eno1 inet static 
address 192.168.0.1/24 
alias hypervisor_port_1 

auto vxlan1000 
iface vxlan1000 inet manual 
vxlan-svcnodeip 239.0.0.1 
vxlan-physdev eno1 

auto vmbr1000 
iface vmbr1000 inet manual 
bridge_ports vxlan1000 
bridge_stp off 
bridge_fd 0 

node2 
----- 
auto eno2 
iface eno2 inet static 
address 192.168.0.2/24 
alias hypervisor_port_1 

auto vxlan1000 
iface vxlan1000 inet manual 
vxlan-svcnodeip 239.0.0.1 
vxlan-physdev eno2 

auto vmbr1000 
iface vmbr1000 inet manual 
bridge_ports vxlan1000 
bridge_stp off 
bridge_fd 0 

unicast setup 
------------- 
vnet1000: vxlan # VNI 1000 
device hypervisor_port_1 
type unicast 
group 192.168.0.1,192.168.0.2,192.168.0.3,ip4,ip5,.. (all proxmox nodes ips or others ip) 

this will add a vxlan1000 interface with "vxlan_remoteip ..." option, with all ips from "group", excluding ip of hypervisor_port_1 on each host, 
and a vmbr1000 with 192.168.0.1 (anycast gateway) 

node1 
----- 
auto eno1 
iface eno1 inet static 
address 192.168.0.1/24 
alias hypervisor_port_1 

auto vxlan1000 
iface vxlan1000 inet manual 
vxlan_remoteip 192.168.0.2 
vxlan_remoteip 192.168.0.3 

auto vmbr1000 
iface vmbr1000 inet manual 
bridge_ports vxlan1000 
bridge_stp off 
bridge_fd 0 

node2 
----- 
auto eno2 
iface eno2 inet static 
address 192.168.0.2/24 
alias hypervisor_port_1 

auto vxlan1000 
iface vxlan1000 inet manual 
vxlan_remoteip 192.168.0.1 
vxlan_remoteip 192.168.0.3 

auto vmbr1000 
iface vmbr1000 inet manual 
bridge_ports vxlan1000 
bridge_stp off 
bridge_fd 0 

evpn-bgp setup 
-------------- 
vnet1000: vxlan # VNI 1000 
device hypervisor_port_1 
type evpn-bgp 
gateway 10.0.0.1 

this will add a vxlan1000 interface "vxlan-local-tunnelip ..." with ip address of hypervisor_port_1 on each host, 
and a vmbr1000 with 192.168.0.1 (anycast gateway) 

node1 
----- 
auto eno1 
iface eno1 inet static 
address 192.168.0.1/24 
alias hypervisor_port_1 

auto vxlan1000 
iface vxlan1000 inet manual 
vxlan-id 1000 
vxlan-local-tunnelip 192.168.0.1 
bridge-learning off 
bridge-arp-nd-suppress on 
bridge-unicast-flood off 
bridge-multicast-flood off 

auto vmbr1000 
iface vmbr1000 inet static 
address 10.0.0.1/24 
bridge_ports vxlan1000 
bridge_stp off 
bridge_fd 0 
node2 
----- 
auto eno2 
iface eno2 inet static 
address 192.168.0.2/24 
alias hypervisor_port_1 

auto vxlan1000 
iface vxlan1000 inet manual 
vxlan-id 1000 
vxlan-local-tunnelip 192.168.0.2 
bridge-learning off 
bridge-arp-nd-suppress on 
bridge-unicast-flood off 
bridge-multicast-flood off 

auto vmbr1000 
iface vmbr1000 inet static 
address 10.0.0.1/24 
bridge_ports vxlan1000 
bridge_stp off 
bridge_fd 0 

What do you think about this ? 

----- Mail original ----- 
De: "dietmar" <dietmar at proxmox.com> 
À: "aderumier" <aderumier at odiso.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Mardi 14 Août 2018 12:09:20 
Objet: Re: [pve-devel] [PATCH pve-docs 0/1] vxlan l3 routing 

> >>Not sure if the vxlan config is most times node related, so you always have 
> >>node 
> >>related config anyways? 
> with frr, The vxlan interface indeed have the local ip vxlan-local-tunnelip. 
> (this could be found in frr.conf). 
> This could be managed with ifupdown2 template (as vxlan-local-tunnelip is 
> always the same). 
> 
> I was thinking of vmbr definition, as it's exactly the same on all nodes. (and 
> can't be managed easily with ifupdown2 template). 
> We can manage this with puppet without problem, but I was thinking for users 
> which only manage this through proxmox. 

Just try - maybe you can find a way to define a cluster wide config 
(etc/pve/network.cfg) for those bridges. 

vnet1000: vxlan # VNI 1000 
device vmbr0 # => vxlan-local-tunnelip 
group 239.0.0.1 

above would create the vtep and the bridge called 'vnet1000'? 

... 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 