| Message ID | 20201124032629.647-1-fff@bareminimum.eu |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] vxlan: allow for dynamic source ip selection | expand |
On Tue, Nov 24, 2020 at 04:26:29AM +0100, Johannes Kimmel wrote: > Fixes: FS#3426 > Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426 > > V2: > - bump PKG_RELEASE > - add small explaination about behaviour changes > > Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> Tested-by: Bastian Bittorf <bb@npl.de> works here with the option ipaddr auto or empty case Bravo! This indeed fixes above ticket 3426 bye, Bastian
On 11/24/20 4:26 AM, Johannes Kimmel wrote: > By setting 'auto', the zero address or the empty string as source > address (option ipaddr, option ip6addr), vxlan will choose one > dynamically. This helps in setups where a wan ip or prefix changes. > > This corresponse to setting up an vxlan tunnel with: > > proto vxlan6: > # ip link add vx0 type vxlan id ID local :: ... > proto vxlan: > # ip link add vx0 type vxlan id ID local 0.0.0.0 ... > > While it is possible to not specify a source ip at all, the kernel will > default to setting up a ipv4 tunnel. The kernel will take any hint from > source and peer ips to figure out, what tunnel type to use. To make sure > we setup an ipv6 tunnel for proto vxlan6, this workaround is needed. > > Specifying 'inherit' as source ip, the old behaviour is used whereby > a source ip is calculated once from the tunlink interface. Do we still need the 'inherit' config, or is the new auto behaviour strictly better? > > This will not change the behaviour of currently working configurations. > However this will allow former broken configurations, namely those not > specifying both a source address and tunnel interface, to setup a > tunnel interface. Previously those configurations weren't reporting an > error and were stueck in a setup loop like in Bug FS#3426. > > This change lifts the currently very strict behaviour and should fix the > following bug: > > Fixes: FS#3426 > Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426 > > V2: > - bump PKG_RELEASE > - add small explaination about behaviour changes > > Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> > --- > package/network/config/vxlan/Makefile | 2 +- > package/network/config/vxlan/files/vxlan.sh | 55 ++++++++++++--------- > 2 files changed, 34 insertions(+), 23 deletions(-) > > diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile > index 0b4d6713f9..97972d6d85 100644 > --- a/package/network/config/vxlan/Makefile > +++ b/package/network/config/vxlan/Makefile > @@ -1,7 +1,7 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=vxlan > -PKG_RELEASE:=6 > +PKG_RELEASE:=7 > PKG_LICENSE:=GPL-2.0 > > include $(INCLUDE_DIR)/package.mk > diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh > index 5c1c484c47..579964b385 100755 > --- a/package/network/config/vxlan/files/vxlan.sh > +++ b/package/network/config/vxlan/files/vxlan.sh > @@ -114,18 +114,23 @@ proto_vxlan_setup() { > > ( proto_add_host_dependency "$cfg" '' "$tunlink" ) > > - [ -z "$ipaddr" ] && { > - local wanif="$tunlink" > - if [ -z "$wanif" ] && ! network_find_wan wanif; then > - proto_notify_error "$cfg" "NO_WAN_LINK" > - exit > - fi > + case "$ipaddr" in > + "inherit") > + local wanif="$tunlink" > + if [ -z "$wanif" ] && ! network_find_wan wanif; then > + proto_notify_error "$cfg" "NO_WAN_LINK" > + exit > + fi > > - if ! network_get_ipaddr ipaddr "$wanif"; then > - proto_notify_error "$cfg" "NO_WAN_LINK" > - exit > - fi > - } > + if ! network_get_ipaddr ipaddr "$wanif"; then > + proto_notify_error "$cfg" "NO_WAN_LINK" > + exit > + fi > + ;; > + "auto"|"") > + ipaddr="0.0.0.0" > + ;; > + esac > > vxlan_generic_setup "$cfg" 'vxlan' "$ipaddr" "$peeraddr" > } > @@ -138,18 +143,24 @@ proto_vxlan6_setup() { > > ( proto_add_host_dependency "$cfg" '' "$tunlink" ) > > - [ -z "$ip6addr" ] && { > - local wanif="$tunlink" > - if [ -z "$wanif" ] && ! network_find_wan6 wanif; then > - proto_notify_error "$cfg" "NO_WAN_LINK" > - exit > - fi > + case "$ip6addr" in > + "inherit") > + local wanif="$tunlink" > + if [ -z "$wanif" ] && ! network_find_wan6 wanif; then > + proto_notify_error "$cfg" "NO_WAN_LINK" > + exit > + fi > > - if ! network_get_ipaddr6 ip6addr "$wanif"; then > - proto_notify_error "$cfg" "NO_WAN_LINK" > - exit > - fi > - } > + if ! network_get_ipaddr6 ip6addr "$wanif"; then > + proto_notify_error "$cfg" "NO_WAN_LINK" > + exit > + fi > + ;; > + "auto"|"") > + # ensure tunnel via ipv6 > + ip6addr="::" > + ;; > + esac > > vxlan_generic_setup "$cfg" 'vxlan6' "$ip6addr" "$peer6addr" > } >
On 27.11.20 17:13, Matthias Schiffer wrote: > On 11/24/20 4:26 AM, Johannes Kimmel wrote: >> By setting 'auto', the zero address or the empty string as source >> address (option ipaddr, option ip6addr), vxlan will choose one >> dynamically. This helps in setups where a wan ip or prefix changes. >> >> This corresponse to setting up an vxlan tunnel with: >> >> proto vxlan6: >> # ip link add vx0 type vxlan id ID local :: ... >> proto vxlan: >> # ip link add vx0 type vxlan id ID local 0.0.0.0 ... >> >> While it is possible to not specify a source ip at all, the kernel will >> default to setting up a ipv4 tunnel. The kernel will take any hint from >> source and peer ips to figure out, what tunnel type to use. To make sure >> we setup an ipv6 tunnel for proto vxlan6, this workaround is needed. >> >> Specifying 'inherit' as source ip, the old behaviour is used whereby >> a source ip is calculated once from the tunlink interface. > > Do we still need the 'inherit' config, or is the new auto behaviour > strictly better? > Good question. Personally I don't see myself using this, but I added this to force the old behaviour, in case a guaranteed stable source address is needed. This might be useful when learning is disabled and another control plane is managing the vxlan fdb entries. But I'm just guessing here. >> >> This will not change the behaviour of currently working configurations. >> However this will allow former broken configurations, namely those not >> specifying both a source address and tunnel interface, to setup a >> tunnel interface. Previously those configurations weren't reporting an >> error and were stueck in a setup loop like in Bug FS#3426. >> >> This change lifts the currently very strict behaviour and should fix the >> following bug: >> >> Fixes: FS#3426 >> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426 >> >> V2: >> - bump PKG_RELEASE >> - add small explaination about behaviour changes >> >> Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> >> --- >> package/network/config/vxlan/Makefile | 2 +- >> package/network/config/vxlan/files/vxlan.sh | 55 ++++++++++++--------- >> 2 files changed, 34 insertions(+), 23 deletions(-) >> >> diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile >> index 0b4d6713f9..97972d6d85 100644 >> --- a/package/network/config/vxlan/Makefile >> +++ b/package/network/config/vxlan/Makefile >> @@ -1,7 +1,7 @@ >> include $(TOPDIR)/rules.mk >> >> PKG_NAME:=vxlan >> -PKG_RELEASE:=6 >> +PKG_RELEASE:=7 >> PKG_LICENSE:=GPL-2.0 >> >> include $(INCLUDE_DIR)/package.mk >> diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh >> index 5c1c484c47..579964b385 100755 >> --- a/package/network/config/vxlan/files/vxlan.sh >> +++ b/package/network/config/vxlan/files/vxlan.sh >> @@ -114,18 +114,23 @@ proto_vxlan_setup() { >> >> ( proto_add_host_dependency "$cfg" '' "$tunlink" ) >> >> - [ -z "$ipaddr" ] && { >> - local wanif="$tunlink" >> - if [ -z "$wanif" ] && ! network_find_wan wanif; then >> - proto_notify_error "$cfg" "NO_WAN_LINK" >> - exit >> - fi >> + case "$ipaddr" in >> + "inherit") >> + local wanif="$tunlink" >> + if [ -z "$wanif" ] && ! network_find_wan wanif; then >> + proto_notify_error "$cfg" "NO_WAN_LINK" >> + exit >> + fi >> >> - if ! network_get_ipaddr ipaddr "$wanif"; then >> - proto_notify_error "$cfg" "NO_WAN_LINK" >> - exit >> - fi >> - } >> + if ! network_get_ipaddr ipaddr "$wanif"; then >> + proto_notify_error "$cfg" "NO_WAN_LINK" >> + exit >> + fi >> + ;; >> + "auto"|"") >> + ipaddr="0.0.0.0" >> + ;; >> + esac >> >> vxlan_generic_setup "$cfg" 'vxlan' "$ipaddr" "$peeraddr" >> } >> @@ -138,18 +143,24 @@ proto_vxlan6_setup() { >> >> ( proto_add_host_dependency "$cfg" '' "$tunlink" ) >> >> - [ -z "$ip6addr" ] && { >> - local wanif="$tunlink" >> - if [ -z "$wanif" ] && ! network_find_wan6 wanif; then >> - proto_notify_error "$cfg" "NO_WAN_LINK" >> - exit >> - fi >> + case "$ip6addr" in >> + "inherit") >> + local wanif="$tunlink" >> + if [ -z "$wanif" ] && ! network_find_wan6 wanif; then >> + proto_notify_error "$cfg" "NO_WAN_LINK" >> + exit >> + fi >> >> - if ! network_get_ipaddr6 ip6addr "$wanif"; then >> - proto_notify_error "$cfg" "NO_WAN_LINK" >> - exit >> - fi >> - } >> + if ! network_get_ipaddr6 ip6addr "$wanif"; then >> + proto_notify_error "$cfg" "NO_WAN_LINK" >> + exit >> + fi >> + ;; >> + "auto"|"") >> + # ensure tunnel via ipv6 >> + ip6addr="::" >> + ;; >> + esac >> >> vxlan_generic_setup "$cfg" 'vxlan6' "$ip6addr" "$peer6addr" >> } >> > > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel >
diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile index 0b4d6713f9..97972d6d85 100644 --- a/package/network/config/vxlan/Makefile +++ b/package/network/config/vxlan/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vxlan -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_LICENSE:=GPL-2.0 include $(INCLUDE_DIR)/package.mk diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh index 5c1c484c47..579964b385 100755 --- a/package/network/config/vxlan/files/vxlan.sh +++ b/package/network/config/vxlan/files/vxlan.sh @@ -114,18 +114,23 @@ proto_vxlan_setup() { ( proto_add_host_dependency "$cfg" '' "$tunlink" ) - [ -z "$ipaddr" ] && { - local wanif="$tunlink" - if [ -z "$wanif" ] && ! network_find_wan wanif; then - proto_notify_error "$cfg" "NO_WAN_LINK" - exit - fi + case "$ipaddr" in + "inherit") + local wanif="$tunlink" + if [ -z "$wanif" ] && ! network_find_wan wanif; then + proto_notify_error "$cfg" "NO_WAN_LINK" + exit + fi - if ! network_get_ipaddr ipaddr "$wanif"; then - proto_notify_error "$cfg" "NO_WAN_LINK" - exit - fi - } + if ! network_get_ipaddr ipaddr "$wanif"; then + proto_notify_error "$cfg" "NO_WAN_LINK" + exit + fi + ;; + "auto"|"") + ipaddr="0.0.0.0" + ;; + esac vxlan_generic_setup "$cfg" 'vxlan' "$ipaddr" "$peeraddr" } @@ -138,18 +143,24 @@ proto_vxlan6_setup() { ( proto_add_host_dependency "$cfg" '' "$tunlink" ) - [ -z "$ip6addr" ] && { - local wanif="$tunlink" - if [ -z "$wanif" ] && ! network_find_wan6 wanif; then - proto_notify_error "$cfg" "NO_WAN_LINK" - exit - fi + case "$ip6addr" in + "inherit") + local wanif="$tunlink" + if [ -z "$wanif" ] && ! network_find_wan6 wanif; then + proto_notify_error "$cfg" "NO_WAN_LINK" + exit + fi - if ! network_get_ipaddr6 ip6addr "$wanif"; then - proto_notify_error "$cfg" "NO_WAN_LINK" - exit - fi - } + if ! network_get_ipaddr6 ip6addr "$wanif"; then + proto_notify_error "$cfg" "NO_WAN_LINK" + exit + fi + ;; + "auto"|"") + # ensure tunnel via ipv6 + ip6addr="::" + ;; + esac vxlan_generic_setup "$cfg" 'vxlan6' "$ip6addr" "$peer6addr" }
By setting 'auto', the zero address or the empty string as source address (option ipaddr, option ip6addr), vxlan will choose one dynamically. This helps in setups where a wan ip or prefix changes. This corresponse to setting up an vxlan tunnel with: proto vxlan6: # ip link add vx0 type vxlan id ID local :: ... proto vxlan: # ip link add vx0 type vxlan id ID local 0.0.0.0 ... While it is possible to not specify a source ip at all, the kernel will default to setting up a ipv4 tunnel. The kernel will take any hint from source and peer ips to figure out, what tunnel type to use. To make sure we setup an ipv6 tunnel for proto vxlan6, this workaround is needed. Specifying 'inherit' as source ip, the old behaviour is used whereby a source ip is calculated once from the tunlink interface. This will not change the behaviour of currently working configurations. However this will allow former broken configurations, namely those not specifying both a source address and tunnel interface, to setup a tunnel interface. Previously those configurations weren't reporting an error and were stueck in a setup loop like in Bug FS#3426. This change lifts the currently very strict behaviour and should fix the following bug: Fixes: FS#3426 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426 V2: - bump PKG_RELEASE - add small explaination about behaviour changes Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> --- package/network/config/vxlan/Makefile | 2 +- package/network/config/vxlan/files/vxlan.sh | 55 ++++++++++++--------- 2 files changed, 34 insertions(+), 23 deletions(-)