[pve-devel] [PATCH common 1/1] Fix #545: Allow descriptive names for network bridges and bonds

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Jun 6 11:49:30 CEST 2019 

On Thu, Jun 06, 2019 at 07:54:21AM +0200, Alexandre DERUMIER wrote:
> Hi,
> 
> I think the main problem could be the 16 characters limit.

we currently allow up to 20 characters in our API/the interface standard
option, and even more in the actual interface name format ('pve-iface').

'ip link' starts failing with 16 character-long interface names already,
so effectively its 15 characters (maybe this is a bug in iproute2?).

so effectively that means we have
- 11 characters left for hypervisor interfaces (vmbr/vnet/bond all have
  4 characters)
- already hit the limit for container interfaces (veth/fwbr/fwpr/fwln +
  9 digits of VMID + i + 1 digit interface index)
- already over the limit for VM interfaces (fwbr/fpr/fwln/tap + 9 digits
  of VMID +i + 2 digits interface index)

so IMHO, we already have at least two bugs here:
- API/JSONSchema accept interface names that are too long
- our naming scheme generates interface names that are too long for VMs
  with firewall enabled, maximum-length VMID, maximum-length interface
  index (e.g., VM 100000000 and net10)

> ifupdown2 already support "alias" option on interfaces
> 
> auto eth0
> iface eth0
>     alias "my super long string of description"
> 
> 
> which is doing:
> 
> #ip link set dev eth0 alias "my super long string of description"
> 
> 
> and you can see description with 
> #ip link

that would be nice to support in addition to more readable names. IMHO,
allowing at least alphanumeric (and some other characters like '-_.+'?)
should be completely fine, and allows admins to set short, descriptive
names like

vmbr_internal
vmbr_external
vmbr_dmz
vmbr_uplink
vmbr_vpn
vmbr_private
vmbr_c_xyz (for client/customer xyz)
vmbr_test
vmbr_dev

the interface name is used/displayed/supported across the board, the
alias likely is not (yet). e.g. stuff like references in config files,
firewall rules, monitoring scripts, metrics/billing, ...

> I was planning to use that for vnet too. (keeping vnet(\d+) as interface id, and add a custom description).
> 
> We could add easily a ifup script for ifupdown1.

if we allow more characters for vmbr and bond, the same would probably
apply to vnet as well ;)

> What do you think about this ?

I'd like to see both - more descriptive names, and some way to specify a
long form description (whether as alias, comment, label, .. - whatever
has the best ease of implementation/range of support ratio ;))

> ----- Mail original -----
> De: "Fabian Grünbichler" <f.gruenbichler at proxmox.com>
> À: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Mercredi 5 Juin 2019 11:25:47
> Objet: Re: [pve-devel] [PATCH common 1/1] Fix #545: Allow descriptive names for network bridges and bonds
> 
> On Wed, May 15, 2019 at 11:49:30AM +0200, Dominic Jäger wrote: 
> > Allowing more descriptive names for network bridges and bonds makes 
> > their identification easier. 
> 
> there are probably a few more places where this would need to be 
> adjusted: 
> 
> /usr/share/perl5/PVE/FirewallSimulator.pm:395: } elsif ($route_state =~ m/^vmbr\d+$/) { 
> /usr/share/perl5/PVE/FirewallSimulator.pm:529: } elsif ($from =~ m|^(vmbr\d+)/(\S+)$|) { 
> /usr/share/perl5/PVE/FirewallSimulator.pm:567: } elsif ($to =~ m|^(vmbr\d+)/(\S+)$|) { 
> /usr/share/perl5/PVE/QemuServer.pm:5914: bridge => "vmbr$ind", 
> /usr/share/perl5/PVE/Service/pve_firewall.pm:287: pattern => '(host|outside|vm\d+|ct\d+|vmbr\d+/\S+)', 
> /usr/share/perl5/PVE/Service/pve_firewall.pm:294: pattern => '(host|outside|vm\d+|ct\d+|vmbr\d+/\S+)', 
> /usr/share/perl5/PVE/Network.pm:498: PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { 
> 
> as well as the GUI part. 
> 
> per our discussion, maybe this + labels/comments on interfaces could 
> get a v2? ;) 
> 
> > Signed-off-by: Dominic Jäger <d.jaeger at proxmox.com> 
> > --- 
> > src/PVE/INotify.pm | 4 ++-- 
> > 1 file changed, 2 insertions(+), 2 deletions(-) 
> > 
> > diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm 
> > index b660041..75e5010 100644 
> > --- a/src/PVE/INotify.pm 
> > +++ b/src/PVE/INotify.pm 
> > @@ -1027,7 +1027,7 @@ sub __read_etc_network_interfaces { 
> > 
> > foreach my $iface (keys %$ifaces) { 
> > my $d = $ifaces->{$iface}; 
> > - if ($iface =~ m/^bond\d+$/) { 
> > + if ($iface =~ m/^bond\w+$/) { 
> > if (!$d->{ovs_type}) { 
> > $d->{type} = 'bond'; 
> > } elsif ($d->{ovs_type} eq 'OVSBond') { 
> > @@ -1049,7 +1049,7 @@ sub __read_etc_network_interfaces { 
> > } else { 
> > $d->{type} = 'unknown'; 
> > } 
> > - } elsif ($iface =~ m/^vmbr\d+$/) { 
> > + } elsif ($iface =~ m/^vmbr\w+$/) { 
> > if (!$d->{ovs_type}) { 
> > $d->{type} = 'bridge'; 
> > 
> > -- 
> > 2.11.0 
> > 
> > _______________________________________________ 
> > pve-devel mailing list 
> > pve-devel at pve.proxmox.com 
> > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list