summaryrefslogtreecommitdiff
path: root/doc/rtd/topics/network-config-format-v1.rst
blob: a3beccbdbf1980d3e930d90c77d7e928f6943973 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
.. _network_config_v1:

Networking Config Version 1
===========================

This network configuration format lets users customize their instance's
networking interfaces by assigning subnet configuration, virtual device
creation (bonds, bridges, vlans) routes and DNS configuration.

Required elements of a Network Config Version 1 are ``config`` and
``version``.

Cloud-init will read this format from system config.
For example the following could be present in
``/etc/cloud/cloud.cfg.d/custom-networking.cfg``:

.. code-block:: yaml

  network:
    version: 1
    config:
    - type: physical
      name: eth0
      subnets:
        - type: dhcp

The :ref:`datasource_nocloud` datasource can also provide cloud-init
networking configuration in this Format.

Configuration Types
-------------------
Within the network ``config`` portion, users include a list of configuration
types.  The current list of support ``type`` values are as follows:

- Physical (``physical``)
- Bond (``bond``)
- Bridge (``bridge``)
- VLAN (``vlan``)
- Nameserver (``nameserver``)
- Route (``route``)

Physical, Bond, Bridge and VLAN types may also include IP configuration under
the key ``subnets``.

- Subnet/IP (``subnets``)


Physical
~~~~~~~~
The ``physical`` type configuration represents a "physical" network device,
typically Ethernet-based.  At least one of these entries is required for
external network connectivity.  Type ``physical`` requires only one key:
``name``.  A ``physical`` device may contain some or all of the following
keys:

**name**: *<desired device name>*

A devices name must be less than 15 characters.  Names exceeding the maximum
will be truncated. This is a limitation of the Linux kernel network-device
structure.

**mac_address**: *<MAC Address>*

The MAC Address is a device unique identifier that most Ethernet-based network
devices possess. Specifying a MAC Address is optional.
Letters must be lowercase.

.. note::

  MAC addresses must be strings. As MAC addresses which consist of only the
  digits 0-9 (i.e. no hex a-f) can be interpreted as a base 60 integer per
  the `YAML 1.1 spec`_ it is best practice to quote all MAC addresses to ensure
  they are parsed as strings regardless of value.

.. _YAML 1.1 spec: https://yaml.org/type/int.html

.. note::

  Cloud-init will handle the persistent mapping between a
  device's ``name`` and the ``mac_address``.

**mtu**: *<MTU SizeBytes>*

The MTU key represents a device's Maximum Transmission Unit, the largest size
packet or frame, specified in octets (eight-bit bytes), that can be sent in a
packet- or frame-based network.  Specifying ``mtu`` is optional.

.. note::

  The possible supported values of a device's MTU is not available at
  configuration time.  It's possible to specify a value too large or to
  small for a device and may be ignored by the device.


**Physical Example**::

  network:
    version: 1
    config:
      # Simple network adapter
      - type: physical
        name: interface0
        mac_address: '00:11:22:33:44:55'
      # Second nic with Jumbo frames
      - type: physical
        name: jumbo0
        mac_address: aa:11:22:33:44:55
        mtu: 9000
      # 10G pair
      - type: physical
        name: gbe0
        mac_address: cd:11:22:33:44:00
      - type: physical
        name: gbe1
        mac_address: cd:11:22:33:44:02

Bond
~~~~
A ``bond`` type will configure a Linux software Bond with one or more network
devices.  A ``bond`` type requires the following keys:

**name**: *<desired device name>*

A devices name must be less than 15 characters.  Names exceeding the maximum
will be truncated. This is a limitation of the Linux kernel network-device
structure.

**mac_address**: *<MAC Address>*

When specifying MAC Address on a bond this value will be assigned to the bond
device and may be different than the MAC address of any of the underlying
bond interfaces.  Specifying a MAC Address is optional.  If ``mac_address`` is
not present, then the bond will use one of the MAC Address values from one of
the bond interfaces.

.. note::

  MAC addresses must be strings. As MAC addresses which consist of only the
  digits 0-9 (i.e. no hex a-f) can be interpreted as a base 60 integer per
  the `YAML 1.1 spec`_ it is best practice to quote all MAC addresses to ensure
  they are parsed as strings regardless of value.

.. _YAML 1.1 spec: https://yaml.org/type/int.html

**bond_interfaces**: *<List of network device names>*

The ``bond_interfaces`` key accepts a list of network device ``name`` values
from the configuration.  This list may be empty.

**mtu**: *<MTU SizeBytes>*

The MTU key represents a device's Maximum Transmission Unit, the largest size
packet or frame, specified in octets (eight-bit bytes), that can be sent in a
packet- or frame-based network.  Specifying ``mtu`` is optional.

.. note::

  The possible supported values of a device's MTU is not available at
  configuration time.  It's possible to specify a value too large or to
  small for a device and may be ignored by the device.

**params**:  *<Dictionary of key: value bonding parameter pairs>*

The ``params`` key in a bond holds a dictionary of bonding parameters.
This dictionary may be empty. For more details on what the various bonding
parameters mean please read the Linux Kernel Bonding.txt.

Valid ``params`` keys are:

  - ``active_slave``: Set bond attribute
  - ``ad_actor_key``: Set bond attribute
  - ``ad_actor_sys_prio``: Set bond attribute
  - ``ad_actor_system``: Set bond attribute
  - ``ad_aggregator``: Set bond attribute
  - ``ad_num_ports``: Set bond attribute
  - ``ad_partner_key``: Set bond attribute
  - ``ad_partner_mac``: Set bond attribute
  - ``ad_select``: Set bond attribute
  - ``ad_user_port_key``: Set bond attribute
  - ``all_slaves_active``: Set bond attribute
  - ``arp_all_targets``: Set bond attribute
  - ``arp_interval``: Set bond attribute
  - ``arp_ip_target``: Set bond attribute
  - ``arp_validate``: Set bond attribute
  - ``downdelay``: Set bond attribute
  - ``fail_over_mac``: Set bond attribute
  - ``lacp_rate``: Set bond attribute
  - ``lp_interval``: Set bond attribute
  - ``miimon``: Set bond attribute
  - ``mii_status``: Set bond attribute
  - ``min_links``: Set bond attribute
  - ``mode``: Set bond attribute
  - ``num_grat_arp``: Set bond attribute
  - ``num_unsol_na``: Set bond attribute
  - ``packets_per_slave``: Set bond attribute
  - ``primary``: Set bond attribute
  - ``primary_reselect``: Set bond attribute
  - ``queue_id``: Set bond attribute
  - ``resend_igmp``: Set bond attribute
  - ``slaves``: Set bond attribute
  - ``tlb_dynamic_lb``: Set bond attribute
  - ``updelay``: Set bond attribute
  - ``use_carrier``: Set bond attribute
  - ``xmit_hash_policy``: Set bond attribute

**Bond Example**::

   network:
    version: 1
    config:
      # Simple network adapter
      - type: physical
        name: interface0
        mac_address: '00:11:22:33:44:55'
      # 10G pair
      - type: physical
        name: gbe0
        mac_address: cd:11:22:33:44:00
      - type: physical
        name: gbe1
        mac_address: cd:11:22:33:44:02
      - type: bond
        name: bond0
        bond_interfaces:
          - gbe0
          - gbe1
        params:
          bond-mode: active-backup

Bridge
~~~~~~
Type ``bridge`` requires the following keys:

- ``name``: Set the name of the bridge.
- ``bridge_interfaces``: Specify the ports of a bridge via their ``name``.
  This list may be empty.
- ``params``:  A list of bridge params.  For more details, please read the
  bridge-utils-interfaces manpage.

Valid keys are:

  - ``bridge_ageing``: Set the bridge's ageing value.
  - ``bridge_bridgeprio``: Set the bridge device network priority.
  - ``bridge_fd``: Set the bridge's forward delay.
  - ``bridge_hello``: Set the bridge's hello value.
  - ``bridge_hw``: Set the bridge's MAC address.
  - ``bridge_maxage``: Set the bridge's maxage value.
  - ``bridge_maxwait``:  Set how long network scripts should wait for the
    bridge to be up.
  - ``bridge_pathcost``:  Set the cost of a specific port on the bridge.
  - ``bridge_portprio``:  Set the priority of a specific port on the bridge.
  - ``bridge_ports``:  List of devices that are part of the bridge.
  - ``bridge_stp``:  Set spanning tree protocol on or off.
  - ``bridge_waitport``: Set amount of time in seconds to wait on specific
    ports to become available.


**Bridge Example**::

   network:
    version: 1
    config:
      # Simple network adapter
      - type: physical
        name: interface0
        mac_address: '00:11:22:33:44:55'
      # Second nic with Jumbo frames
      - type: physical
        name: jumbo0
        mac_address: aa:11:22:33:44:55
        mtu: 9000
      - type: bridge
        name: br0
        bridge_interfaces:
          - jumbo0
        params:
          bridge_ageing: 250
          bridge_bridgeprio: 22
          bridge_fd: 1
          bridge_hello: 1
          bridge_maxage: 10
          bridge_maxwait: 0
          bridge_pathcost:
            - jumbo0 75
          bridge_pathprio:
            - jumbo0 28
          bridge_stp: 'off'
          bridge_maxwait:
            - jumbo0 0


VLAN
~~~~
Type ``vlan`` requires the following keys:

- ``name``: Set the name of the VLAN
- ``vlan_link``: Specify the underlying link via its ``name``.
- ``vlan_id``: Specify the VLAN numeric id.

The following optional keys are supported:

**mtu**: *<MTU SizeBytes>*

The MTU key represents a device's Maximum Transmission Unit, the largest size
packet or frame, specified in octets (eight-bit bytes), that can be sent in a
packet- or frame-based network.  Specifying ``mtu`` is optional.

.. note::

  The possible supported values of a device's MTU is not available at
  configuration time.  It's possible to specify a value too large or to
  small for a device and may be ignored by the device.


**VLAN Example**::

   network:
     version: 1
     config:
       # Physical interfaces.
       - type: physical
         name: eth0
         mac_address: c0:d6:9f:2c:e8:80
       # VLAN interface.
       - type: vlan
         name: eth0.101
         vlan_link: eth0
         vlan_id: 101
         mtu: 1500

Nameserver
~~~~~~~~~~

Users can specify a ``nameserver`` type.  Nameserver dictionaries include
the following keys:

- ``address``: List of IPv4 or IPv6 address of nameservers.
- ``search``: List of hostnames to include in the resolv.conf search path.
- ``interface``: Optional. Ties the nameserver definition to the specified
  interface. The value specified here must match the `name` of an interface
  defined in this config. If unspecified, this nameserver will be considered
  a global nameserver.

**Nameserver Example**::

  network:
    version: 1
    config:
      - type: physical
        name: interface0
        mac_address: '00:11:22:33:44:55'
        subnets:
           - type: static
             address: 192.168.23.14/27
             gateway: 192.168.23.1
      - type: nameserver
        interface: interface0  # Ties nameserver to interface0 only
        address:
          - 192.168.23.2
          - 8.8.8.8
        search:
          - exemplary



Route
~~~~~

Users can include static routing information as well.  A ``route`` dictionary
has the following keys:

- ``destination``: IPv4 network address with CIDR netmask notation.
- ``gateway``: IPv4 gateway address with CIDR netmask notation.
- ``metric``: Integer which sets the network metric value for this route.

**Route Example**::

  network:
    version: 1
    config:
      - type: physical
        name: interface0
        mac_address: '00:11:22:33:44:55'
        subnets:
           - type: static
             address: 192.168.23.14/24
             gateway: 192.168.23.1
      - type: route
        destination: 192.168.24.0/24
        gateway: 192.168.24.1
        metric: 3

Subnet/IP
~~~~~~~~~

For any network device (one of the Config Types) users can define a list of
``subnets`` which contain ip configuration dictionaries.  Multiple subnet
entries will create interface alias allowing a single interface to use
different ip configurations.

Valid keys for ``subnets`` include the following:

- ``type``: Specify the subnet type.
- ``control``: Specify manual, auto or hotplug.  Indicates how the interface
  will be handled during boot.
- ``address``: IPv4 or IPv6 address.  It may include CIDR netmask notation.
- ``netmask``: IPv4 subnet mask in dotted format or CIDR notation.
- ``gateway``: IPv4 address of the default gateway for this subnet.
- ``dns_nameservers``: Specify a list of IPv4 dns server IPs to end up in
  resolv.conf.
- ``dns_search``: Specify a list of search paths to be included in
  resolv.conf.
- ``routes``:  Specify a list of routes for a given interface


Subnet types are one of the following:

- ``dhcp4``: Configure this interface with IPv4 dhcp.
- ``dhcp``: Alias for ``dhcp4``
- ``dhcp6``: Configure this interface with IPv6 dhcp.
- ``static``: Configure this interface with a static IPv4.
- ``static6``: Configure this interface with a static IPv6 .
- ``ipv6_dhcpv6-stateful``: Configure this interface with ``dhcp6``
- ``ipv6_dhcpv6-stateless``: Configure this interface with SLAAC and DHCP
- ``ipv6_slaac``: Configure address with SLAAC

When making use of ``dhcp`` or either of the ``ipv6_dhcpv6`` types,
no additional configuration is needed in the subnet dictionary.

Using ``ipv6_dhcpv6-stateless`` or ``ipv6_slaac`` allows the IPv6 address to be
automatically configured with StateLess Address AutoConfiguration (`SLAAC`_).
SLAAC requires support from the network, so verify that your cloud or network
offering has support before trying it out. With ``ipv6_dhcpv6-stateless``,
DHCPv6 is still used to fetch other subnet details such as gateway or DNS
servers. If you only want to discover the address, use ``ipv6_slaac``.


**Subnet DHCP Example**::

   network:
     version: 1
     config:
       - type: physical
         name: interface0
         mac_address: '00:11:22:33:44:55'
         subnets:
           - type: dhcp


**Subnet Static Example**::

   network:
     version: 1
     config:
       - type: physical
         name: interface0
         mac_address: '00:11:22:33:44:55'
         subnets:
           - type: static
             address: 192.168.23.14/27
             gateway: 192.168.23.1
             dns_nameservers:
               - 192.168.23.2
               - 8.8.8.8
             dns_search:
               - exemplary.maas

The following will result in an ``interface0`` using DHCP and ``interface0:1``
using the static subnet configuration.

**Multiple subnet Example**::

   network:
     version: 1
     config:
       - type: physical
         name: interface0
         mac_address: '00:11:22:33:44:55'
         subnets:
           - type: dhcp
           - type: static
             address: 192.168.23.14/27
             gateway: 192.168.23.1
             dns_nameservers:
               - 192.168.23.2
               - 8.8.8.8
             dns_search:
               - exemplary

**Subnet with routes Example**::

   network:
     version: 1
     config:
       - type: physical
         name: interface0
         mac_address: '00:11:22:33:44:55'
         subnets:
           - type: dhcp
           - type: static
             address: 10.184.225.122
             netmask: 255.255.255.252
             routes:
               - gateway: 10.184.225.121
                 netmask: 255.240.0.0
                 network: 10.176.0.0
               - gateway: 10.184.225.121
                 netmask: 255.240.0.0
                 network: 10.208.0.0


Multi-layered configurations
----------------------------

Complex networking sometimes uses layers of configuration.  The syntax allows
users to build those layers one at a time.  All of the virtual network devices
supported allow specifying an underlying device by their ``name`` value.

**Bonded VLAN Example**::

  network:
    version: 1
    config:
      # 10G pair
      - type: physical
        name: gbe0
        mac_address: cd:11:22:33:44:00
      - type: physical
        name: gbe1
        mac_address: cd:11:22:33:44:02
      # Bond.
      - type: bond
        name: bond0
        bond_interfaces:
          - gbe0
          - gbe1
        params:
          bond-mode: 802.3ad
          bond-lacp-rate: fast
      # A Bond VLAN.
      - type: vlan
          name: bond0.200
          vlan_link: bond0
          vlan_id: 200
          subnets:
              - type: dhcp4

More Examples
-------------
Some more examples to explore the various options available.

**Multiple VLAN example**::

  network:
    version: 1
    config:
    - id: eth0
      mac_address: d4:be:d9:a8:49:13
      mtu: 1500
      name: eth0
      subnets:
      - address: 10.245.168.16/21
        dns_nameservers:
        - 10.245.168.2
        gateway: 10.245.168.1
        type: static
      type: physical
    - id: eth1
      mac_address: d4:be:d9:a8:49:15
      mtu: 1500
      name: eth1
      subnets:
      - address: 10.245.188.2/24
        dns_nameservers: []
        type: static
      type: physical
    - id: eth1.2667
      mtu: 1500
      name: eth1.2667
      subnets:
      - address: 10.245.184.2/24
        dns_nameservers: []
        type: static
      type: vlan
      vlan_id: 2667
      vlan_link: eth1
    - id: eth1.2668
      mtu: 1500
      name: eth1.2668
      subnets:
      - address: 10.245.185.1/24
        dns_nameservers: []
        type: static
      type: vlan
      vlan_id: 2668
      vlan_link: eth1
    - id: eth1.2669
      mtu: 1500
      name: eth1.2669
      subnets:
      - address: 10.245.186.1/24
        dns_nameservers: []
        type: static
      type: vlan
      vlan_id: 2669
      vlan_link: eth1
    - id: eth1.2670
      mtu: 1500
      name: eth1.2670
      subnets:
      - address: 10.245.187.2/24
        dns_nameservers: []
        type: static
      type: vlan
      vlan_id: 2670
      vlan_link: eth1
    - address: 10.245.168.2
      search:
      - dellstack
      type: nameserver

.. _SLAAC: https://tools.ietf.org/html/rfc4862

.. vi: textwidth=78