Proxmox/pve-network
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-network.git synced 2025-03-06 00:58:16 +03:00
Code Releases Activity

zone: qinq: add vnet without tag support

Browse Source 
some user want to be able to define a vnet without vlan,
so at qinq zone level, to be able to see traffic from others vnets of this
qinq zone.
Some example of usage is a inter-vnet firewall/gateway vm.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This commit is contained in:
Alexandre Derumier 2021-04-29 23:00:17 +02:00 committed by Thomas Lamprecht
parent 90c150b25b
commit 403b05e2c1
19 changed files with 366 additions and 83 deletions
PVE/Network/SDN/Zones
QinQPlugin.pm
test/zones/qinq
bridge
expected_sdn_interfaces
bridge_notagvnet
expected_sdn_interfacesinterfacessdn_config
bridge_vlanaware
expected_sdn_interfaces
bridge_vlanaware_notagvnet
expected_sdn_interfacesinterfacessdn_config
bridge_vlanaware_vlanawarevnet
expected_sdn_interfaces
bridge_vlanaware_vlanprotocol
expected_sdn_interfaces
bridge_vlanawarevnet
expected_sdn_interfaces
bridge_vlanprotocol
expected_sdn_interfaces
ovs
expected_sdn_interfaces
ovs_notagvnet
expected_sdn_interfacesinterfacessdn_config
ovs_vlanawarevnet
expected_sdn_interfaces
ovs_vlanprotocol
expected_sdn_interfaces

97
PVE/Network/SDN/Zones/QinQPlugin.pm

@ -65,6 +65,16 @@ sub generate_sdn_config {
my @iface_config = ();
my $vnet_bridge_ports = "";
my $zone_bridge_ports = "";
my $zone_notag_uplink = "ln_".$zoneid;
my $zone_notag_uplinkpeer = "pr_".$zoneid;
my $zone = "z_$zoneid";
if($ctag) {
$vnet_bridge_ports = "$zone.$ctag";
} else {
$vnet_bridge_ports = $zone_notag_uplinkpeer;
}
if($is_ovs) {
@ -72,7 +82,6 @@ sub generate_sdn_config {
$vlanprotocol = "802.1q" if !$vlanprotocol;
my $svlan_iface = "sv_".$zoneid;
my $zone = "z_$zoneid";
#ovs dot1q-tunnel port
@iface_config = ();
@ -87,45 +96,23 @@ sub generate_sdn_config {
my @ovs_ports = split / / , @{$config->{$bridge}}[0];
@{$config->{$bridge}}[0] .= " $svlan_iface" if !grep( $_ eq $svlan_iface, @ovs_ports );
#zone vlan aware bridge
@iface_config = ();
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "bridge-stp off";
push @iface_config, "bridge-ports $svlan_iface";
push @iface_config, "bridge-fd 0";
push @iface_config, "bridge-vlan-aware yes";
push @iface_config, "bridge-vids 2-4094";
push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
$vnet_bridge_ports = "$zone.$ctag";
$zone_bridge_ports = $svlan_iface;
} elsif ($vlan_aware) {
#vlanawarebrige-(tag)----->vlanwarebridge-(tag)----->vnet
my $zone = "z_$zoneid";
if($vlanprotocol) {
@iface_config = ();
push @iface_config, "bridge-vlan-protocol $vlanprotocol";
push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge};
}
#zone vlan bridge
@iface_config = ();
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "bridge-stp off";
push @iface_config, "bridge-ports $bridge.$stag";
push @iface_config, "bridge-fd 0";
push @iface_config, "bridge-vlan-aware yes";
push @iface_config, "bridge-vids 2-4094";
push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
$vnet_bridge_ports = "$zone.$ctag";
$zone_bridge_ports = "$bridge.$stag";
} else {
#eth--->eth.x(svlan)--->eth.x.y(cvlan)---->vnet
#eth--->eth.x(svlan)----->vlanwarebridge-(tag)----->vnet---->vnet
my @bridge_ifaces = PVE::Network::SDN::Zones::Plugin::get_bridge_ifaces($bridge);
@ -133,7 +120,6 @@ sub generate_sdn_config {
# use named vlan interface to avoid too long names
my $svlan_iface = "sv_$zoneid";
my $cvlan_iface = "cv_$vnetid";
#svlan
@iface_config = ();
@ -142,16 +128,32 @@ sub generate_sdn_config {
push @iface_config, "vlan-protocol $vlanprotocol" if $vlanprotocol;
push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface};
#cvlan
@iface_config = ();
push @iface_config, "vlan-raw-device $svlan_iface";
push @iface_config, "vlan-id $ctag";
push(@{$config->{$cvlan_iface}}, @iface_config) if !$config->{$cvlan_iface};
$vnet_bridge_ports .= " $cvlan_iface";
$zone_bridge_ports = $svlan_iface;
last;
}
}
#veth peer for notag vnet
@iface_config = ();
push @iface_config, "link-type veth";
push @iface_config, "veth-peer-name $zone_notag_uplinkpeer";
push(@{$config->{$zone_notag_uplink}}, @iface_config) if !$config->{$zone_notag_uplink};
@iface_config = ();
push @iface_config, "link-type veth";
push @iface_config, "veth-peer-name $zone_notag_uplink";
push(@{$config->{$zone_notag_uplinkpeer}}, @iface_config) if !$config->{$zone_notag_uplinkpeer};
#zone vlan aware bridge
@iface_config = ();
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "bridge-stp off";
push @iface_config, "bridge-ports $zone_bridge_ports $zone_notag_uplink";
push @iface_config, "bridge-fd 0";
push @iface_config, "bridge-vlan-aware yes";
push @iface_config, "bridge-vids 2-4094";
push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
#vnet bridge
@iface_config = ();
push @iface_config, "bridge_ports $vnet_bridge_ports";
@ -179,27 +181,24 @@ sub status {
}
my $vlan_aware = PVE::Network::SDN::Zones::Plugin::is_vlanaware($bridge);
my $is_ovs = PVE::Network::SDN::Zones::Plugin::is_ovs($bridge);
my $tag = $vnet->{tag};
my $vnet_uplink = "ln_".$vnetid;
my $vnet_uplinkpeer = "pr_".$vnetid;
my $zone_notag_uplink = "ln_".$zone;
my $zone_notag_uplinkpeer = "pr_".$zone;
my $zonebridge = "z_$zone";
# ifaces to check
my $ifaces = [ $vnetid, $bridge ];
if($is_ovs) {
my $svlan_iface = "sv_".$zone;
my $zonebridge = "z_$zone";
push @$ifaces, $zonebridge;
push @$ifaces, $zone_notag_uplink;
push @$ifaces, $zone_notag_uplinkpeer;
if (!$vlan_aware) {
my $svlan_iface = "sv_$zone";
push @$ifaces, $svlan_iface;
push @$ifaces, $zonebridge;
} elsif ($vlan_aware) {
my $zonebridge = "z_$zone";
push @$ifaces, $zonebridge;
} else {
my $svlan_iface = "sv_$vnetid";
my $cvlan_iface = "cv_$vnetid";
push @$ifaces, $svlan_iface;
push @$ifaces, $cvlan_iface;
}
foreach my $iface (@{$ifaces}) {
@ -218,8 +217,7 @@ sub vnet_update_hook {
my $vnet = $vnet_cfg->{ids}->{$vnetid};
my $tag = $vnet->{tag};
raise_param_exc({ tag => "missing vlan tag"}) if !defined($vnet->{tag});
raise_param_exc({ tag => "vlan tag max value is 4096"}) if $vnet->{tag} > 4096;
raise_param_exc({ tag => "vlan tag max value is 4096"}) if $tag && $tag > 4096;
# verify that tag is not already defined in another vnet on same zone
foreach my $id (keys %{$vnet_cfg->{ids}}) {
@ -228,6 +226,7 @@ sub vnet_update_hook {
my $other_tag = $othervnet->{tag};
next if $vnet->{zone} ne $othervnet->{zone};
raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $other_tag && $tag eq $other_tag;
raise_param_exc({ tag => "vnet $id without tag already exist in this zone"}) if !$other_tag && !$tag;
}
}

53
test/zones/qinq/bridge/expected_sdn_interfaces

@ -1,38 +1,43 @@
#version:1
auto cv_myvnet
iface cv_myvnet
vlan-raw-device sv_myzone
vlan-id 100
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto cv_myvnet2
iface cv_myvnet2
vlan-raw-device sv_myzone
vlan-id 101
auto cv_myvnet3
iface cv_myvnet3
vlan-raw-device sv_myzone2
vlan-id 100
auto ln_myzone2
iface ln_myzone2
link-type veth
veth-peer-name pr_myzone2
auto myvnet
iface myvnet
bridge_ports cv_myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
auto myvnet2
iface myvnet2
bridge_ports cv_myvnet2
bridge_ports z_myzone.101
bridge_stp off
bridge_fd 0
auto myvnet3
iface myvnet3
bridge_ports cv_myvnet3
bridge_ports z_myzone2.100
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto pr_myzone2
iface pr_myzone2
link-type veth
veth-peer-name ln_myzone2
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
@ -42,3 +47,19 @@ auto sv_myzone2
iface sv_myzone2
vlan-raw-device eth0
vlan-id 20
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto z_myzone2
iface z_myzone2
bridge-stp off
bridge-ports sv_myzone2 ln_myzone2
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

36
test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces Normal file

@ -0,0 +1,36 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
auto myvnet2
iface myvnet2
bridge_ports pr_myzone
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
vlan-id 10
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

5
test/zones/qinq/bridge_notagvnet/interfaces Normal file

@ -0,0 +1,5 @@
auto vmbr0
iface vmbr0 inet manual
bridge-ports eth0
bridge-stp off
bridge-fd 0

14
test/zones/qinq/bridge_notagvnet/sdn_config Normal file

@ -0,0 +1,14 @@
{
version => 1,
vnets => {
ids => {
myvnet => { tag => 100, type => "vnet", zone => "myzone" },
myvnet2 => { type => "vnet", zone => "myzone" },
},
},
zones => {
ids => {
myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" },
},
},
}

24
test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces

@ -1,5 +1,15 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto ln_myzone2
iface ln_myzone2
link-type veth
veth-peer-name pr_myzone2
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@ -18,10 +28,20 @@ iface myvnet3
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto pr_myzone2
iface pr_myzone2
link-type veth
veth-peer-name ln_myzone2
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports vmbr0.10
bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
@ -29,7 +49,7 @@ iface z_myzone
auto z_myzone2
iface z_myzone2
bridge-stp off
bridge-ports vmbr0.20
bridge-ports vmbr0.20 ln_myzone2
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

27
test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces Normal file

@ -0,0 +1,27 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports pr_myzone
bridge_stp off
bridge_fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

7
test/zones/qinq/bridge_vlanaware_notagvnet/interfaces Normal file

@ -0,0 +1,7 @@
auto vmbr0
iface vmbr0 inet manual
bridge-ports eth0
bridge-stp off
bridge-fd 0
bridge-vids 2-4094
bridge-vlan-aware 1

11
test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config Normal file

@ -0,0 +1,11 @@
{
version => 1,
vnets => {
ids => {
myvnet => { type => "vnet", vlanaware => "1", zone => "myzone" },
},
},
zones => {
ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
},
}

12
test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces

@ -1,5 +1,10 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@ -8,10 +13,15 @@ iface myvnet
bridge-vlan-aware yes
bridge-vids 2-4094
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports vmbr0.10
bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

12
test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces

@ -1,11 +1,21 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto vmbr0
iface vmbr0
bridge-vlan-protocol 802.1ad
@ -13,7 +23,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports vmbr0.10
bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

23
test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces

@ -1,19 +1,32 @@
#version:1
auto cv_myvnet
iface cv_myvnet
vlan-raw-device sv_myzone
vlan-id 100
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports cv_myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
vlan-id 10
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

23
test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces

@ -1,18 +1,31 @@
#version:1
auto cv_myvnet
iface cv_myvnet
vlan-raw-device sv_myzone
vlan-id 100
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports cv_myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
vlan-id 10
vlan-protocol 802.1ad
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

24
test/zones/qinq/ovs/expected_sdn_interfaces

@ -1,5 +1,15 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto ln_myzone2
iface ln_myzone2
link-type veth
veth-peer-name pr_myzone2
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@ -18,6 +28,16 @@ iface myvnet3
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto pr_myzone2
iface pr_myzone2
link-type veth
veth-peer-name ln_myzone2
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
@ -37,7 +57,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
@ -45,7 +65,7 @@ iface z_myzone
auto z_myzone2
iface z_myzone2
bridge-stp off
bridge-ports sv_myzone2
bridge-ports sv_myzone2 ln_myzone2
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

37
test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces Normal file

@ -0,0 +1,37 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports pr_myzone
bridge_stp off
bridge_fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options vlan_mode=dot1q-tunnel tag=10 other_config:qinq-ethtype=802.1q
auto vmbr0
iface vmbr0
ovs_ports sv_myzone
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

9
test/zones/qinq/ovs_notagvnet/interfaces Normal file

@ -0,0 +1,9 @@
auto eth0
iface eth0 inet manual
ovs_type OVSPort
ovs_bridge vmbr0
auto vmbr0
iface vmbr0 inet manual
ovs_type OVSBridge
ovs_ports eth0

11
test/zones/qinq/ovs_notagvnet/sdn_config Normal file

@ -0,0 +1,11 @@
{
version => 1,
vnets => {
ids => {
myvnet => { type => "vnet", vlanaware => "1", zone => "myzone" },
},
},
zones => {
ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
},
}

12
test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces

@ -1,5 +1,10 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@ -8,6 +13,11 @@ iface myvnet
bridge-vlan-aware yes
bridge-vids 2-4094
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
@ -21,7 +31,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

12
test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces

@ -1,11 +1,21 @@
#version:1
auto ln_myzone
iface ln_myzone
link-type veth
veth-peer-name pr_myzone
auto myvnet
iface myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
auto pr_myzone
iface pr_myzone
link-type veth
veth-peer-name ln_myzone
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
@ -19,7 +29,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
bridge-ports sv_myzone
bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094