Add support for VRF devices (LP: #1773522) #285
Conversation
|
Can we have NetworkManager supported in this PR (or shortly afterward)? |
Yes, I'm working on adding NM support to this PR, too. |
|
Awesome! |
slyon
changed the title
slyon
force-pushed
the
slyon/vrf-vxlan
branch
6 times, most recently
from
a92759b
to
f77f422
Compare
|
The new integration tests ( Thank you very much @netdever for the initial implementation. Also, @Conan-Kudo seems to be interested, especially in the NetworkManager part. |
|
Looks good to me. Thanks! |
doc/netplan.md
Outdated
| @@ -72,7 +72,7 @@ Physical devices | |||
|
|
|||
| Virtual devices | |||
|
|
|||
| : (Examples: veth, bridge, bond) These are fully under the control of the | |||
| : (Examples: veth, bridge, bond, vrf) These are fully under the control of the | |||
There was a problem hiding this comment.
question (blocking): Seeing vrf in this list, how is revertability handled in netplan try?
Does networkd handle it on its own?
There was a problem hiding this comment.
This is a very good question! And I needed to do some investigation in order to answer this. But this is working as expected (and similar to vlans): vrfs are cleaned up on netplan apply (if using the --state parameter properly) or on netplan try (using the --config-file parameter). netplan try --state ... still behaves a bit odd, but that's unrelated to this PR.
VRFs are different to bonds/bridges, in that the backend (networkd/NM) does not need to initialize certain parameters, which cannot be changed afterwards and is therefore much more similar to a VLAN interface, which can just be deleted.
So I think this is all fine!
$ cat /etc/netplan/main_test.yaml
network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: true
dhcp6: true
$ cat ./test.yaml
network:
vrfs:
vrf0:
table: 1004
interfaces: [enp0s31f6]
$ sudo LD_LIBRARY_PATH=. PYTHONPATH=. src/netplan.script --config-file=test.yaml try
Do you want to keep these settings?
Press ENTER before the timeout to accept the new configuration
Changes will revert in 111 seconds
# === meanwhile in another terminal ===
$ ip l show vrf0
110: vrf0: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether a2:f7:52:d9:7c:5c brd ff:ff:ff:ff:ff:ff
# === terminal switch ===
^C
Reverting.
$ ip l show vrf0
Device "vrf0" does not exist.
(I actually found a bug/typo while testing this, which I fixed in b39dbea)
slyon
force-pushed
the
slyon/vrf-vxlan
branch
2 times, most recently
from
5328f9d
to
f94dedc
Compare
|
Thanks for the quality review @schopin-pro! I think I addressed or replied to all of your remarks. Also, I found a bug/typo while re-testing this, which I fixed in b39dbea |
V2: + reduce VRF table mismatch if-clause + handle 'renderer' stanza for VRF devices V3: + Print a debug log when ignoring a redundant route table value on VRF devices Co-authored-by: Lukas Märdian <[email protected]>
Co-authored-by: Lukas Märdian <[email protected]>
|
Thanks for your final review. I've added a debug log about ignoring the redundant table value in V3 of 362b85a to account for that for now. Merging. |
Description
Adding support for Virtual Routing and Forwarding devices using the sd-networkd and NetworkManager backends.
Any VRF device is linked to a (new) routing table, specified via the
tablestanza and can define its child interfaces viainterfaces: [...]. If anyroutes:orrouting-policy:settings are given, those are implicitly connected to the VRF's routing table.It builds upon #272 (squashed & rebased), extracted VRF bits.
Example:
Checklist
make checksuccessfully.make check-coverage).