[pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas

Alexandre DERUMIER aderumier at odiso.com
Mon Jun 22 11:49:21 CEST 2020


>> In second step, we could also add dhcp server features, with static ip/mac leases. (Kea dhcp seem a good candidate). 
>> with 1 local dhcp server by node. (only responding to local vms) 
>> for bgp-evpn it's easy because we already have a anycast gateway ip, so it can be use by dhcp server. 
>> for vlan && layer2 plugin, I wonder if we could also assign some kind of anycast ip (same ip on each host/vnet), but with filtering (iptables,ebtables,....) 
>> I could also works to implement cloudinit network metadata. 
>
>I would prefer to delegate that part to the VM (cloudinit). 
yes, I'm really not sure about dhcp to get it working in every setup. (mainly on layer2, but maybe some isolation with namespace is possible)

If dhcp is able to running on local host, I think it's really a better way to manage ip, dns, routes, and others network settings.

I'm just dreaming of something easy like for containers ip management :)



>>Also, I like the idea that IPAM has a plugin architecture. So it is up to the plugin to 
>>provide a dhcp service? 

I'm still unsure about this. The ipam softwares really only manage subnets, and allocated ip.

I think dhcp code should go in the vnet/zone plugin. (maybe some sdn have their own dhcp implementation).

We could also enable dhcp without ipam, on a specific subnet/vnet, with full dynamic ip.
(and maybe also add nat feature here if needed)


Zone plugin -> dhcp implementation

subnet option (dhcp: enable/disable,  nat: enable/disable)  ---> vnet





> subnet: subnet1 
> cidr 192.168.0.0/24 
> allocation-pools 192.168.0.10-17, 192.168.0.70-10, 192.168.0.100 (default is the full cidr without network/broadcast address) 

>>I thought IP addresses should be managed by the IPAM plugin? 
>>Why would we specify them here? 



I was not sure about permissions handling, it could be great to be able to restrict users to use some ips or range of ip,
in a subnet. (I mainly thinking about public ipv4, where you can't segments sub-subnet and loose 2ips for network/broadcast address.)
But maybe it's something unrelated to this allocation-pools option.
I would like to be able to have:

Users buy/reserved X ip address, and can use them (and only them) in his vm.

Maybe it can be simply manage with ressources pools, where you reserved ips from ipam, and write them a resource pool.





----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>, "aderumier" <aderumier at odiso.com>
Envoyé: Dimanche 21 Juin 2020 08:59:22
Objet: Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas

comments inline 

> When user will create a new vm or add a nic to the vm, he could choose ip address "auto", 
> and the next available ip addresse will be returned with the ipam driver. 

Each NIC may have an associated network allocation pool, where "auto" tries to figure 
out the correct pool autimagically. 

> User could also choose a specific ip address with verification of availability. 

I though this is addition to the network allocation pool. If set, it tries to allocate a specific 
IP address inside the allocation pool. 

> In second step, we could also add dhcp server features, with static ip/mac leases. (Kea dhcp seem a good candidate). 
> with 1 local dhcp server by node. (only responding to local vms) 
> for bgp-evpn it's easy because we already have a anycast gateway ip, so it can be use by dhcp server. 
> for vlan && layer2 plugin, I wonder if we could also assign some kind of anycast ip (same ip on each host/vnet), but with filtering (iptables,ebtables,....) 
> I could also works to implement cloudinit network metadata. 

I would prefer to delegate that part to the VM (cloudinit). 

Also, I like the idea that IPAM has a plugin architecture. So it is up to the plugin to 
provide a dhcp service? 

> Here some implementations doc in openstack && openebula 

Thanks for the links! 

> Somes notes/ideas for the implementation/config: 
> ---------------------------------------------- 
> /etc/pve/sdn/subnets.cfg 
> ------------------------- 
> 
> subnet: subnet1 
> cidr 192.168.0.0/24 
> allocation-pools 192.168.0.10-17, 192.168.0.70-10, 192.168.0.100 (default is the full cidr without network/broadcast address) 

I thought IP addresses should be managed by the IPAM plugin? 
Why would we specify them here? 




More information about the pve-devel mailing list