[pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam

Tue Sep 8 09:44:19 CEST 2020

On 08.09.20 05:52, Alexandre DERUMIER wrote:
>>> When trying this I got the gateway IP returned for both, as CT IP and gateway IP. 
>>> Did not checked this patch closer, but I figured that this behavior is caused by 
>>> the SDN code. 
> 
> mmm, that's strange. 
> 
> When you create or update the subnet, the gateway ip you define on the subnet should be registered in the ipam.
> (you have enable an ipam right ?)

Yes, the built-in "PVE" one

> 
> 
> Then, when you create CT, without any ip, it'll try to find first available ip in ipam.

I did it on an existing CT, changing from a normal bridge to that vnet.

> (So if the gateway was not registered in ipam (bug maybe), that could explain why you have it both).
> 
> for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW,I'm not sure that it's the best path location)

I'd like to have stuff in priv/ folder prefixed with a directory
namespace, maybe "sdn" here.

Besides that, how big can this get on huge setups? We only can have 512k files
for now.

> 
>>> On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely 
>>> split and separated from each other? I mean, it is flexible, but a user needs to do a lot 
>>> of, almost boilerplate-like, work to get this started. 
>>> Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest 
>>> beginner case.. 
> 
> Well for subnet, you can assign multiple subnets by vnet, so yes, it's really need to by separated.
> (Somebody at hertzner for example, buying subnets or /32 failovers ips, and want to add them to a vnet)
> IPAM/DNS, are more reusable configurations. (like api url,key,....). So I think you'll define 1 or 2 of them max.
> 
> I think subnet+ipam+dns are ip features.
> zones,vnets,controller are physical network features

Could it make sense to have subnets and vnets at least in the same section config,
with different types? (a bit like storage.cfg) So that we reduce the configuration
file amount a bit.

Maybe we could also visualize this in the gui a bit "easier".
We could merge VNet and SubNet management into one panel, maybe with split view
like FW ipsets, you won't have the same subnet in different VNets after all, or?

We could also merge DNS and IP management into one panel, maybe with split view
like HA or vertical like FW ipsets.

But this is not too relevant for now, can always be fine tuned once the API/backend
stuff is in.

On another note, are there some unit/regressions tests for this stuff?
Would give a bit more confidence with this.

skimming through the code currently, seems mostly OK for now, need to think a bit
about how the general concepts are implemented and if that fits all OK.