Message ID | 20200608141445.309-4-fff@bareminimum.eu |
---|---|
State | Superseded |
Headers | show |
Series | vxlan: add capability for multiple fdb entries | expand |
On 6/8/20 4:14 PM, Johannes Kimmel wrote: > Similar to wireguard, vxlan can configure multiple peers or add specific > entries to the fdb for a single mac address. > > While you can still use peeraddr/peer6addr option within the proto > vxlan/vxlan6 section to not break existing configurations, this patch > allows to add multiple sections that conigure fdb entries via the bridge > command. As such, the bridge command is now a dependency of the vxlan > package. (To be honest without the bridge command available, vxlan isn't > very much fun to use or debug at all) I have added two comments below; apart from this, the patch is looking good. > > Field names are taken direclty from the bridge command. > > Example with all supported parameters, since this hasn't been documented so > far: > > config interface 'vx0' > option proto 'vxlan6' # use vxlan over ipv6 > > # main options > option ip6addr '2001:db8::1' # listen address > option tunlink 'wan6' # optional if listen address given > option peer6addr '2001:db8::2' # now optional > option port '8472' # this is the standard port under linux > option vid '42' # VXLAN Network Identifier to use > option mtu '1430' # vxlan6 has 70 bytes overhead > > # extra options > option rxcsum '0' # allow receiving packets without checksum > option txcsum '0' # send packets without checksum > option ttl '16' # specifies the TTL value for outgoing packets > option tos '0' # specifies the TOS value for outgoing packets > option macaddr '11:22:33:44:55:66' # optional, manually specify mac > # default is a random address > > Single peer with head-end replication. Corresponds to the following call > to bridge: > > $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3 > > config vxlan_vx0 We usually keep the UCI section name a constant string, and `vxlan_*` is not very descriptive. Let's call this 'vxlan_peer' or 'vxlan_dst'. The reference to the interface should be specified as a separate option, for example: option vxlan 'vx0' > option dst '2001:db8::3' # always required > > It's possible to specify a multicast address as destination. Useful when > multicast routing is available or within one lan segment: > > config vxlan_vx0 > option dst 'ff02::1337' # multicast group to join. > # all bum traffic will be send there > option via 'eth1' # for multicast, an outgoing interface needs > # to be specified > > All available peer options for completeness: > > config vxlan_vx0 > option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac, > option dst '2001:db8::4' # connected to this peer > option via 'eth0.1' # use this interface only > option port '4789' # use different port for this peer > option vni '23' # override vni for this peer > option src_vni '123' # see man 3 bridge > > Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>> --- > package/network/config/vxlan/Makefile | 2 +- > package/network/config/vxlan/files/vxlan.sh | 36 ++++++++++++++++++++- > 2 files changed, 36 insertions(+), 2 deletions(-) > > diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile > index 5850c44..46970d9 100644 > --- a/package/network/config/vxlan/Makefile > +++ b/package/network/config/vxlan/Makefile > @@ -11,7 +11,7 @@ define Package/vxlan > CATEGORY:=Network > MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net> > TITLE:=Virtual eXtensible LAN config support > - DEPENDS:=+kmod-vxlan > + DEPENDS:=+kmod-vxlan +ip-bridge I'd like to avoid making this dependency mandatory, as we're using the vxlan package in Gluon on devices with small flash. Let's just call proto_notify_error from proto_vxlan_setup_peer when `bridge` is not available. > PKGARCH:=all > endef > > diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh > index bdcaa62..319d95c 100755 > --- a/package/network/config/vxlan/files/vxlan.sh > +++ b/package/network/config/vxlan/files/vxlan.sh > @@ -7,6 +7,38 @@ > init_proto "$@" > } > > +proto_vxlan_setup_peer() { > + local peer_config="$1" > + > + local lladdr > + local dst > + local src_vni > + local vni > + local port > + local via > + > + config_get lladdr "${peer_config}" "lladdr" > + config_get dst "${peer_config}" "dst" > + config_get src_vni "${peer_config}" "src_vni" > + config_get vni "${peer_config}" "vni" > + config_get port "${peer_config}" "port" > + config_get via "${peer_config}" "via" > + > + [ -z "${dst}" ] && { > + proto_notify_error "$cfg" "MISSING_PEER_ADDRESS" > + exit > + } > + > + bridge fdb append \ > + ${lladdr:-00:00:00:00:00:00} \ > + dev ${cfg} \ > + ${dst:+dst $dst} \ > + ${src_vni:+src_vni $src_vni} \ > + ${vni:+vni $vni} \ > + ${port:+port $port} \ > + ${via:+via $via} > +} > + > vxlan_generic_setup() { > local cfg="$1" > local mode="$2" > @@ -18,7 +50,6 @@ vxlan_generic_setup() { > local port vid ttl tos mtu macaddr zone rxcsum txcsum > json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum > > - > proto_init_update "$link" 1 > > proto_add_tunnel > @@ -47,6 +78,9 @@ vxlan_generic_setup() { > proto_close_data > > proto_send_update "$cfg" > + > + config_load network > + config_foreach proto_vxlan_setup_peer "vxlan_${cfg}" > } > > proto_vxlan_setup() { >
If you resend this with adjustments, please also bump PKG_RELEASE then as well. Since both patches received positive feedback, I think it should be enough to bump it once for the 3/3 patch. Best Adrian > -----Original Message----- > From: openwrt-devel [mailto:openwrt-devel-bounces@lists.openwrt.org] > On Behalf Of Matthias Schiffer > Sent: Samstag, 18. Juli 2020 17:34 > To: Johannes Kimmel <fff@bareminimum.eu> > Cc: openwrt-devel@lists.openwrt.org > Subject: Re: [OpenWrt-Devel] [PATCH 3/3] vxlan: add capability for multiple > fdb entries > > On 6/8/20 4:14 PM, Johannes Kimmel wrote: > > Similar to wireguard, vxlan can configure multiple peers or add > > specific entries to the fdb for a single mac address. > > > > While you can still use peeraddr/peer6addr option within the proto > > vxlan/vxlan6 section to not break existing configurations, this patch > > allows to add multiple sections that conigure fdb entries via the > > bridge command. As such, the bridge command is now a dependency of > the > > vxlan package. (To be honest without the bridge command available, > > vxlan isn't very much fun to use or debug at all) > > I have added two comments below; apart from this, the patch is looking > good. > > > > > Field names are taken direclty from the bridge command. > > > > Example with all supported parameters, since this hasn't been > > documented so > > far: > > > > config interface 'vx0' > > option proto 'vxlan6' # use vxlan over ipv6 > > > > # main options > > option ip6addr '2001:db8::1' # listen address > > option tunlink 'wan6' # optional if listen address given > > option peer6addr '2001:db8::2' # now optional > > option port '8472' # this is the standard port under linux > > option vid '42' # VXLAN Network Identifier to use > > option mtu '1430' # vxlan6 has 70 bytes overhead > > > > # extra options > > option rxcsum '0' # allow receiving packets without checksum > > option txcsum '0' # send packets without checksum > > option ttl '16' # specifies the TTL value for outgoing packets > > option tos '0' # specifies the TOS value for outgoing packets > > option macaddr '11:22:33:44:55:66' # optional, manually specify mac > > # default is a random address > > > > Single peer with head-end replication. Corresponds to the following > > call to bridge: > > > > $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3 > > > > config vxlan_vx0 > > We usually keep the UCI section name a constant string, and `vxlan_*` is not > very descriptive. > > Let's call this 'vxlan_peer' or 'vxlan_dst'. The reference to the interface > should be specified as a separate option, for example: > > option vxlan 'vx0' > > > > > option dst '2001:db8::3' # always required > > > > It's possible to specify a multicast address as destination. Useful > > when multicast routing is available or within one lan segment: > > > > config vxlan_vx0 > > option dst 'ff02::1337' # multicast group to join. > > # all bum traffic will be send there > > option via 'eth1' # for multicast, an outgoing interface needs > > # to be specified > > > > All available peer options for completeness: > > > > config vxlan_vx0 > > option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac, > > option dst '2001:db8::4' # connected to this peer > > option via 'eth0.1' # use this interface only > > option port '4789' # use different port for this peer > > option vni '23' # override vni for this peer > > option src_vni '123' # see man 3 bridge > > > > Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>> --- > > package/network/config/vxlan/Makefile | 2 +- > > package/network/config/vxlan/files/vxlan.sh | 36 > > ++++++++++++++++++++- > > 2 files changed, 36 insertions(+), 2 deletions(-) > > > > diff --git a/package/network/config/vxlan/Makefile > > b/package/network/config/vxlan/Makefile > > index 5850c44..46970d9 100644 > > --- a/package/network/config/vxlan/Makefile > > +++ b/package/network/config/vxlan/Makefile > > @@ -11,7 +11,7 @@ define Package/vxlan > > CATEGORY:=Network > > MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net> > > TITLE:=Virtual eXtensible LAN config support > > - DEPENDS:=+kmod-vxlan > > + DEPENDS:=+kmod-vxlan +ip-bridge > > I'd like to avoid making this dependency mandatory, as we're using the vxlan > package in Gluon on devices with small flash. > > Let's just call proto_notify_error from proto_vxlan_setup_peer when > `bridge` is not available. > > > > PKGARCH:=all > > endef > > > > diff --git a/package/network/config/vxlan/files/vxlan.sh > > b/package/network/config/vxlan/files/vxlan.sh > > index bdcaa62..319d95c 100755 > > --- a/package/network/config/vxlan/files/vxlan.sh > > +++ b/package/network/config/vxlan/files/vxlan.sh > > @@ -7,6 +7,38 @@ > > init_proto "$@" > > } > > > > +proto_vxlan_setup_peer() { > > + local peer_config="$1" > > + > > + local lladdr > > + local dst > > + local src_vni > > + local vni > > + local port > > + local via > > + > > + config_get lladdr "${peer_config}" "lladdr" > > + config_get dst "${peer_config}" "dst" > > + config_get src_vni "${peer_config}" "src_vni" > > + config_get vni "${peer_config}" "vni" > > + config_get port "${peer_config}" "port" > > + config_get via "${peer_config}" "via" > > + > > + [ -z "${dst}" ] && { > > + proto_notify_error "$cfg" "MISSING_PEER_ADDRESS" > > + exit > > + } > > + > > + bridge fdb append \ > > + ${lladdr:-00:00:00:00:00:00} \ > > + dev ${cfg} \ > > + ${dst:+dst $dst} \ > > + ${src_vni:+src_vni $src_vni} \ > > + ${vni:+vni $vni} \ > > + ${port:+port $port} \ > > + ${via:+via $via} > > +} > > + > > vxlan_generic_setup() { > > local cfg="$1" > > local mode="$2" > > @@ -18,7 +50,6 @@ vxlan_generic_setup() { > > local port vid ttl tos mtu macaddr zone rxcsum txcsum > > json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum > > > > - > > proto_init_update "$link" 1 > > > > proto_add_tunnel > > @@ -47,6 +78,9 @@ vxlan_generic_setup() { > > proto_close_data > > > > proto_send_update "$cfg" > > + > > + config_load network > > + config_foreach proto_vxlan_setup_peer "vxlan_${cfg}" > > } > > > > proto_vxlan_setup() { > > >
Thanks for the feedback. I reworked the patch to incorporate the requested changes. On 18.07.20 17:33, Matthias Schiffer wrote: > On 6/8/20 4:14 PM, Johannes Kimmel wrote: >> Similar to wireguard, vxlan can configure multiple peers or add specific >> entries to the fdb for a single mac address. >> >> While you can still use peeraddr/peer6addr option within the proto >> vxlan/vxlan6 section to not break existing configurations, this patch >> allows to add multiple sections that conigure fdb entries via the bridge >> command. As such, the bridge command is now a dependency of the vxlan >> package. (To be honest without the bridge command available, vxlan isn't >> very much fun to use or debug at all) > I have added two comments below; apart from this, the patch is looking good. > >> Field names are taken direclty from the bridge command. >> >> Example with all supported parameters, since this hasn't been documented so >> far: >> >> config interface 'vx0' >> option proto 'vxlan6' # use vxlan over ipv6 >> >> # main options >> option ip6addr '2001:db8::1' # listen address >> option tunlink 'wan6' # optional if listen address given >> option peer6addr '2001:db8::2' # now optional >> option port '8472' # this is the standard port under linux >> option vid '42' # VXLAN Network Identifier to use >> option mtu '1430' # vxlan6 has 70 bytes overhead >> >> # extra options >> option rxcsum '0' # allow receiving packets without checksum >> option txcsum '0' # send packets without checksum >> option ttl '16' # specifies the TTL value for outgoing packets >> option tos '0' # specifies the TOS value for outgoing packets >> option macaddr '11:22:33:44:55:66' # optional, manually specify mac >> # default is a random address >> >> Single peer with head-end replication. Corresponds to the following call >> to bridge: >> >> $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3 >> >> config vxlan_vx0 > We usually keep the UCI section name a constant string, and `vxlan_*` is > not very descriptive. > > Let's call this 'vxlan_peer' or 'vxlan_dst'. The reference to the interface > should be specified as a separate option, for example: > > option vxlan 'vx0' > > > >> option dst '2001:db8::3' # always required >> >> It's possible to specify a multicast address as destination. Useful when >> multicast routing is available or within one lan segment: >> >> config vxlan_vx0 >> option dst 'ff02::1337' # multicast group to join. >> # all bum traffic will be send there >> option via 'eth1' # for multicast, an outgoing interface needs >> # to be specified >> >> All available peer options for completeness: >> >> config vxlan_vx0 >> option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac, >> option dst '2001:db8::4' # connected to this peer >> option via 'eth0.1' # use this interface only >> option port '4789' # use different port for this peer >> option vni '23' # override vni for this peer >> option src_vni '123' # see man 3 bridge >> >> Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>> --- >> package/network/config/vxlan/Makefile | 2 +- >> package/network/config/vxlan/files/vxlan.sh | 36 ++++++++++++++++++++- >> 2 files changed, 36 insertions(+), 2 deletions(-) >> >> diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile >> index 5850c44..46970d9 100644 >> --- a/package/network/config/vxlan/Makefile >> +++ b/package/network/config/vxlan/Makefile >> @@ -11,7 +11,7 @@ define Package/vxlan >> CATEGORY:=Network >> MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net> >> TITLE:=Virtual eXtensible LAN config support >> - DEPENDS:=+kmod-vxlan >> + DEPENDS:=+kmod-vxlan +ip-bridge > I'd like to avoid making this dependency mandatory, as we're using the > vxlan package in Gluon on devices with small flash. > > Let's just call proto_notify_error from proto_vxlan_setup_peer when > `bridge` is not available. > > >> PKGARCH:=all >> endef >> >> diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh >> index bdcaa62..319d95c 100755 >> --- a/package/network/config/vxlan/files/vxlan.sh >> +++ b/package/network/config/vxlan/files/vxlan.sh >> @@ -7,6 +7,38 @@ >> init_proto "$@" >> } >> >> +proto_vxlan_setup_peer() { >> + local peer_config="$1" >> + >> + local lladdr >> + local dst >> + local src_vni >> + local vni >> + local port >> + local via >> + >> + config_get lladdr "${peer_config}" "lladdr" >> + config_get dst "${peer_config}" "dst" >> + config_get src_vni "${peer_config}" "src_vni" >> + config_get vni "${peer_config}" "vni" >> + config_get port "${peer_config}" "port" >> + config_get via "${peer_config}" "via" >> + >> + [ -z "${dst}" ] && { >> + proto_notify_error "$cfg" "MISSING_PEER_ADDRESS" >> + exit >> + } >> + >> + bridge fdb append \ >> + ${lladdr:-00:00:00:00:00:00} \ >> + dev ${cfg} \ >> + ${dst:+dst $dst} \ >> + ${src_vni:+src_vni $src_vni} \ >> + ${vni:+vni $vni} \ >> + ${port:+port $port} \ >> + ${via:+via $via} >> +} >> + >> vxlan_generic_setup() { >> local cfg="$1" >> local mode="$2" >> @@ -18,7 +50,6 @@ vxlan_generic_setup() { >> local port vid ttl tos mtu macaddr zone rxcsum txcsum >> json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum >> >> - >> proto_init_update "$link" 1 >> >> proto_add_tunnel >> @@ -47,6 +78,9 @@ vxlan_generic_setup() { >> proto_close_data >> >> proto_send_update "$cfg" >> + >> + config_load network >> + config_foreach proto_vxlan_setup_peer "vxlan_${cfg}" >> } >> >> proto_vxlan_setup() { >> >
diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile index 5850c44..46970d9 100644 --- a/package/network/config/vxlan/Makefile +++ b/package/network/config/vxlan/Makefile @@ -11,7 +11,7 @@ define Package/vxlan CATEGORY:=Network MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net> TITLE:=Virtual eXtensible LAN config support - DEPENDS:=+kmod-vxlan + DEPENDS:=+kmod-vxlan +ip-bridge PKGARCH:=all endef diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh index bdcaa62..319d95c 100755 --- a/package/network/config/vxlan/files/vxlan.sh +++ b/package/network/config/vxlan/files/vxlan.sh @@ -7,6 +7,38 @@ init_proto "$@" } +proto_vxlan_setup_peer() { + local peer_config="$1" + + local lladdr + local dst + local src_vni + local vni + local port + local via + + config_get lladdr "${peer_config}" "lladdr" + config_get dst "${peer_config}" "dst" + config_get src_vni "${peer_config}" "src_vni" + config_get vni "${peer_config}" "vni" + config_get port "${peer_config}" "port" + config_get via "${peer_config}" "via" + + [ -z "${dst}" ] && { + proto_notify_error "$cfg" "MISSING_PEER_ADDRESS" + exit + } + + bridge fdb append \ + ${lladdr:-00:00:00:00:00:00} \ + dev ${cfg} \ + ${dst:+dst $dst} \ + ${src_vni:+src_vni $src_vni} \ + ${vni:+vni $vni} \ + ${port:+port $port} \ + ${via:+via $via} +} + vxlan_generic_setup() { local cfg="$1" local mode="$2" @@ -18,7 +50,6 @@ vxlan_generic_setup() { local port vid ttl tos mtu macaddr zone rxcsum txcsum json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum - proto_init_update "$link" 1 proto_add_tunnel @@ -47,6 +78,9 @@ vxlan_generic_setup() { proto_close_data proto_send_update "$cfg" + + config_load network + config_foreach proto_vxlan_setup_peer "vxlan_${cfg}" } proto_vxlan_setup() {
Similar to wireguard, vxlan can configure multiple peers or add specific entries to the fdb for a single mac address. While you can still use peeraddr/peer6addr option within the proto vxlan/vxlan6 section to not break existing configurations, this patch allows to add multiple sections that conigure fdb entries via the bridge command. As such, the bridge command is now a dependency of the vxlan package. (To be honest without the bridge command available, vxlan isn't very much fun to use or debug at all) Field names are taken direclty from the bridge command. Example with all supported parameters, since this hasn't been documented so far: config interface 'vx0' option proto 'vxlan6' # use vxlan over ipv6 # main options option ip6addr '2001:db8::1' # listen address option tunlink 'wan6' # optional if listen address given option peer6addr '2001:db8::2' # now optional option port '8472' # this is the standard port under linux option vid '42' # VXLAN Network Identifier to use option mtu '1430' # vxlan6 has 70 bytes overhead # extra options option rxcsum '0' # allow receiving packets without checksum option txcsum '0' # send packets without checksum option ttl '16' # specifies the TTL value for outgoing packets option tos '0' # specifies the TOS value for outgoing packets option macaddr '11:22:33:44:55:66' # optional, manually specify mac # default is a random address Single peer with head-end replication. Corresponds to the following call to bridge: $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3 config vxlan_vx0 option dst '2001:db8::3' # always required It's possible to specify a multicast address as destination. Useful when multicast routing is available or within one lan segment: config vxlan_vx0 option dst 'ff02::1337' # multicast group to join. # all bum traffic will be send there option via 'eth1' # for multicast, an outgoing interface needs # to be specified All available peer options for completeness: config vxlan_vx0 option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac, option dst '2001:db8::4' # connected to this peer option via 'eth0.1' # use this interface only option port '4789' # use different port for this peer option vni '23' # override vni for this peer option src_vni '123' # see man 3 bridge Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> --- package/network/config/vxlan/Makefile | 2 +- package/network/config/vxlan/files/vxlan.sh | 36 ++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-)