diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-11-24 20:33:25 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-11-24 20:33:25 +0100 |
commit | 525af4f27dc2aa7e226f2bba46b4b1736bbc014f (patch) | |
tree | 8068edf769df8f680246ebd0e5e1e6e625ff3ed2 | |
parent | 24b23d41146eddd8fb0609ad4ae85d27e7c6ec6a (diff) | |
parent | 5238f0970219639e988bc31beb7db27b43f94e6e (diff) | |
download | vyos-1x-525af4f27dc2aa7e226f2bba46b4b1736bbc014f.tar.gz vyos-1x-525af4f27dc2aa7e226f2bba46b4b1736bbc014f.zip |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x:
bridge: T1673: re-use "base" variable
bridge: T1673: add missing VLAN bridge member migration
geneve: T1799: add misssing "vni" to default_config_data
vxlan: T1636: add misssing "vni" to default_config_data
geneve: T1799: set minimum MTU size 1500 bytes
geneve: T1799: add IPv4 routing parameters
geneve: T1799: support bridging
geneve: T1799: add Generic Network Virtualization Encapsulation
-rw-r--r-- | data/interface-types.json | 3 | ||||
-rw-r--r-- | interface-definitions/interfaces-geneve.xml | 118 | ||||
-rw-r--r-- | python/vyos/ifconfig.py | 39 | ||||
-rwxr-xr-x | src/completion/list_interfaces.py | 3 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-geneve.py | 166 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-vxlan.py | 5 | ||||
-rwxr-xr-x | src/migration-scripts/interfaces/0-to-1 | 171 |
7 files changed, 430 insertions, 75 deletions
diff --git a/data/interface-types.json b/data/interface-types.json index f1862b882..f174d3c39 100644 --- a/data/interface-types.json +++ b/data/interface-types.json @@ -14,5 +14,6 @@ "wireless": "wlan", "wirelessmodem": "wlm", "input": "ifb", - "pppoe": "pppoe" + "pppoe": "pppoe", + "geneve": "gnv" } diff --git a/interface-definitions/interfaces-geneve.xml b/interface-definitions/interfaces-geneve.xml new file mode 100644 index 000000000..e65ce6826 --- /dev/null +++ b/interface-definitions/interfaces-geneve.xml @@ -0,0 +1,118 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces-geneve.py"> + <properties> + <help>Generic Network Virtualization Encapsulation (GENEVE)</help> + <priority>460</priority> + <constraint> + <regex>gnv[0-9]+$</regex> + </constraint> + <constraintErrorMessage>GENEVE interface must be named gnvN</constraintErrorMessage> + <valueHelp> + <format>gnvN</format> + <description>GENEVE interface name</description> + </valueHelp> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-cidr"/> + </constraint> + </properties> + </leafNode> + <leafNode name="description"> + <properties> + <help>Interface description</help> + <constraint> + <regex>^.{1,256}$</regex> + </constraint> + <constraintErrorMessage>Interface description too long (limit 256 characters)</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="disable"> + <properties> + <help>Disable interface</help> + <valueless/> + </properties> + </leafNode> + <node name="ip"> + <properties> + <help>IPv4 routing parameters</help> + </properties> + <children> + <leafNode name="arp-cache-timeout"> + <properties> + <help>ARP cache entry timeout in seconds</help> + <valueHelp> + <format>1-86400</format> + <description>ARP cache entry timout in seconds (default 30)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + <constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="enable-proxy-arp"> + <properties> + <help>Enable proxy-arp on this interface</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>1450-9000</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1500-9000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1500 and 9000</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="remote"> + <properties> + <help>Remote address of GENEVE tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote address of GENEVE tunnel</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="vni"> + <properties> + <help>Virtual Network Identifier</help> + <valueHelp> + <format>0-16777214</format> + <description>GENEVE virtual network identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777214"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/python/vyos/ifconfig.py b/python/vyos/ifconfig.py index 279d948b7..f487e6a5b 100644 --- a/python/vyos/ifconfig.py +++ b/python/vyos/ifconfig.py @@ -1609,7 +1609,7 @@ class WireGuardIf(Interface): class VXLANIf(Interface, ): """ The VXLAN protocol is a tunnelling protocol designed to solve the - problem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN the + problem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN the size of the identifier is expanded to 24 bits (16777216). VXLAN is described by IETF RFC 7348, and has been implemented by a @@ -1668,3 +1668,40 @@ class VXLANIf(Interface, ): 'remote': '' } return config + +class GeneveIf(Interface, ): + """ + Geneve: Generic Network Virtualization Encapsulation + + For more information please refer to: + https://tools.ietf.org/html/draft-gross-geneve-00 + https://www.redhat.com/en/blog/what-geneve + https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#geneve + https://lwn.net/Articles/644938/ + """ + def __init__(self, ifname, config=''): + if config: + self._ifname = ifname + + if not os.path.exists('/sys/class/net/{}'.format(self._ifname)): + cmd = 'ip link add name {} type geneve id {} remote {}' \ + .format(self._ifname, config['vni'], config['remote']) + self._cmd(cmd) + + super().__init__(ifname, type='geneve') + + @staticmethod + def get_config(): + """ + GENEVE interfaces require a configuration when they are added using + iproute2. This static method will provide the configuration dictionary + used by this class. + + Example: + >> dict = GeneveIf().get_config() + """ + config = { + 'vni': 0, + 'remote': '' + } + return config diff --git a/src/completion/list_interfaces.py b/src/completion/list_interfaces.py index 47eeaf00c..f336968a6 100755 --- a/src/completion/list_interfaces.py +++ b/src/completion/list_interfaces.py @@ -36,8 +36,9 @@ elif args.bridgeable: wireless = vyos.interfaces.list_interfaces_of_type("wireless") tunnel = vyos.interfaces.list_interfaces_of_type("tunnel") wireless = vyos.interfaces.list_interfaces_of_type("wireless") + geneve = vyos.interfaces.list_interfaces_of_type("geneve") - interfaces = eth + bond + l2tpv3 + openvpn + vxlan + wireless + tunnel + interfaces = eth + bond + l2tpv3 + openvpn + vxlan + tunnel + wireless + geneve elif args.bondable: eth = vyos.interfaces.list_interfaces_of_type("ethernet") diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py new file mode 100755 index 000000000..ba684b553 --- /dev/null +++ b/src/conf_mode/interfaces-geneve.py @@ -0,0 +1,166 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit +from copy import deepcopy + +from vyos.configdict import list_diff +from vyos.config import Config +from vyos.ifconfig import GeneveIf, Interface +from vyos.interfaces import get_type_of_interface +from vyos import ConfigError +from netifaces import interfaces + +default_config_data = { + 'address': [], + 'deleted': False, + 'description': '', + 'disable': False, + 'intf': '', + 'ip_arp_cache_tmo': 30, + 'ip_proxy_arp': 0, + 'mtu': 1500, + 'remote': '', + 'vni': '' +} + +def get_config(): + geneve = deepcopy(default_config_data) + conf = Config() + + # determine tagNode instance + try: + geneve['intf'] = os.environ['VYOS_TAGNODE_VALUE'] + except KeyError as E: + print("Interface not specified") + + # Check if interface has been removed + if not conf.exists('interfaces geneve ' + geneve['intf']): + geneve['deleted'] = True + return geneve + + # set new configuration level + conf.set_level('interfaces geneve ' + geneve['intf']) + + # retrieve configured interface addresses + if conf.exists('address'): + geneve['address'] = conf.return_values('address') + + # retrieve interface description + if conf.exists('description'): + geneve['description'] = conf.return_value('description') + + # Disable this interface + if conf.exists('disable'): + geneve['disable'] = True + + # ARP cache entry timeout in seconds + if conf.exists('ip arp-cache-timeout'): + geneve['ip_arp_cache_tmo'] = int(conf.return_value('ip arp-cache-timeout')) + + # Enable proxy-arp on this interface + if conf.exists('ip enable-proxy-arp'): + geneve['ip_proxy_arp'] = 1 + + # Maximum Transmission Unit (MTU) + if conf.exists('mtu'): + geneve['mtu'] = int(conf.return_value('mtu')) + + # Remote address of GENEVE tunnel + if conf.exists('remote'): + geneve['remote'] = conf.return_value('remote') + + # Virtual Network Identifier + if conf.exists('vni'): + geneve['vni'] = conf.return_value('vni') + + return geneve + + +def verify(geneve): + if geneve['deleted']: + # bail out early + return None + + if not geneve['remote']: + raise ConfigError('GENEVE remote must be configured') + + if not geneve['vni']: + raise ConfigError('GENEVE VNI must be configured') + + return None + + +def generate(geneve): + return None + + +def apply(geneve): + # Check if GENEVE interface already exists + if geneve['intf'] in interfaces(): + v = GeneveIf(geneve['intf']) + # GENEVE is super picky and the tunnel always needs to be recreated, + # thus we can simply always delete it first. + v.remove() + + if not geneve['deleted']: + # GENEVE interface needs to be created on-block + # instead of passing a ton of arguments, I just use a dict + # that is managed by vyos.ifconfig + conf = deepcopy(GeneveIf.get_config()) + + # Assign GENEVE instance configuration parameters to config dict + conf['vni'] = geneve['vni'] + conf['remote'] = geneve['remote'] + + # Finally create the new interface + v = GeneveIf(geneve['intf'], config=conf) + # update interface description used e.g. by SNMP + v.set_alias(geneve['description']) + # Maximum Transfer Unit (MTU) + v.set_mtu(geneve['mtu']) + + # configure ARP cache timeout in milliseconds + v.set_arp_cache_tmo(geneve['ip_arp_cache_tmo']) + # Enable proxy-arp on this interface + v.set_proxy_arp(geneve['ip_proxy_arp']) + + # Configure interface address(es) - no need to implicitly delete the + # old addresses as they have already been removed by deleting the + # interface above + for addr in geneve['address']: + v.add_addr(addr) + + # As the bond interface is always disabled first when changing + # parameters we will only re-enable the interface if it is not + # administratively disabled + if not geneve['disable']: + v.set_state('up') + + return None + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 1097ae4d0..30ff1755d 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -38,8 +38,9 @@ default_config_data = { 'link': '', 'mtu': 1450, 'remote': '', - 'remote_port': 8472 # The Linux implementation of VXLAN pre-dates - # the IANA's selection of a standard destination port + 'remote_port': 8472, # The Linux implementation of VXLAN pre-dates + # the IANA's selection of a standard destination port + 'vni': '' } def get_config(): diff --git a/src/migration-scripts/interfaces/0-to-1 b/src/migration-scripts/interfaces/0-to-1 index 96e18b5d5..ee4d6b82c 100755 --- a/src/migration-scripts/interfaces/0-to-1 +++ b/src/migration-scripts/interfaces/0-to-1 @@ -6,78 +6,109 @@ # https://phabricator.vyos.net/T1556 import sys - from vyos.configtree import ConfigTree -if (len(sys.argv) < 1): - print("Must specify file name!") - sys.exit(1) - -file_name = sys.argv[1] - -with open(file_name, 'r') as f: - config_file = f.read() - -config = ConfigTree(config_file) -base = ['interfaces', 'bridge'] - -if not config.exists(base): - # Nothing to do - sys.exit(0) -else: - # - # make stp and igmp-snooping nodes valueless - # - for br in config.list_nodes(base): - # STP: check if enabled - if config.exists(base + [br, 'stp']): - stp_val = config.return_value(base + [br, 'stp']) - # STP: delete node with old syntax - config.delete(base + [br, 'stp']) - # STP: set new node - if enabled - if stp_val == "true": - config.set(base + [br, 'stp'], value=None) - - # igmp-snooping: check if enabled - if config.exists(base + [br, 'igmp-snooping', 'querier']): - igmp_val = config.return_value(base + [br, 'igmp-snooping', 'querier']) - # igmp-snooping: delete node with old syntax - config.delete(base + [br, 'igmp-snooping', 'querier']) - # igmp-snooping: set new node - if enabled - if igmp_val == "enable": - config.set(base + [br, 'igmp', 'querier'], value=None) - - # - # move interface based bridge-group to actual bridge (de-nest) - # - bridge_types = ['bonding', 'ethernet', 'l2tpv3', 'openvpn', 'vxlan', 'wireless'] - for type in bridge_types: - if not config.exists(['interfaces', type]): - continue - - for intf in config.list_nodes(['interfaces', type]): - # check if bridge-group exists - if config.exists(['interfaces', type, intf, 'bridge-group']): - bridge = config.return_value(['interfaces', type, intf, 'bridge-group', 'bridge']) - - # create new bridge member interface - config.set(base + [bridge, 'member', 'interface', intf]) - # format as tag node to avoid loading problems - config.set_tag(base + [bridge, 'member', 'interface']) - - # cost: migrate if configured - if config.exists(['interfaces', type, intf, 'bridge-group', 'cost']): - cost = config.return_value(['interfaces', type, intf, 'bridge-group', 'cost']) - # set new node - config.set(base + [bridge, 'member', 'interface', intf, 'cost'], value=cost) - - if config.exists(['interfaces', type, intf, 'bridge-group', 'priority']): - priority = config.return_value(['interfaces', type, intf, 'bridge-group', 'priority']) - # set new node - config.set(base + [bridge, 'member', 'interface', intf, 'priority'], value=priority) - - # Delete the old bridge-group assigned to an interface - config.delete(['interfaces', type, intf, 'bridge-group']) +def migrate_bridge(config, tree, intf): + # check if bridge-group exists + tree_bridge = tree + ['bridge-group'] + if config.exists(tree_bridge): + bridge = config.return_value(tree_bridge + ['bridge']) + # create new bridge member interface + config.set(base + [bridge, 'member', 'interface', intf]) + # format as tag node to avoid loading problems + config.set_tag(base + [bridge, 'member', 'interface']) + + # cost: migrate if configured + tree_cost = tree + ['bridge-group', 'cost'] + if config.exists(tree_cost): + cost = config.return_value(tree_cost) + # set new node + config.set(base + [bridge, 'member', 'interface', intf, 'cost'], value=cost) + + # priority: migrate if configured + tree_priority = tree + ['bridge-group', 'priority'] + if config.exists(tree_priority): + priority = config.return_value(tree_priority) + # set new node + config.set(base + [bridge, 'member', 'interface', intf, 'priority'], value=priority) + + # Delete the old bridge-group assigned to an interface + config.delete(tree_bridge) + + +if __name__ == '__main__': + if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + + file_name = sys.argv[1] + + with open(file_name, 'r') as f: + config_file = f.read() + + config = ConfigTree(config_file) + base = ['interfaces', 'bridge'] + + if not config.exists(base): + # Nothing to do + sys.exit(0) + else: + # + # make stp and igmp-snooping nodes valueless + # + for br in config.list_nodes(base): + # STP: check if enabled + if config.exists(base + [br, 'stp']): + stp_val = config.return_value(base + [br, 'stp']) + # STP: delete node with old syntax + config.delete(base + [br, 'stp']) + # STP: set new node - if enabled + if stp_val == "true": + config.set(base + [br, 'stp'], value=None) + + # igmp-snooping: check if enabled + if config.exists(base + [br, 'igmp-snooping', 'querier']): + igmp_val = config.return_value(base + [br, 'igmp-snooping', 'querier']) + # igmp-snooping: delete node with old syntax + config.delete(base + [br, 'igmp-snooping', 'querier']) + # igmp-snooping: set new node - if enabled + if igmp_val == "enable": + config.set(base + [br, 'igmp', 'querier'], value=None) + + # + # move interface based bridge-group to actual bridge (de-nest) + # + bridge_types = ['bonding', 'ethernet', 'l2tpv3', 'openvpn', 'vxlan', 'wireless'] + for type in bridge_types: + if not config.exists(['interfaces', type]): + continue + + for interface in config.list_nodes(['interfaces', type]): + # check if bridge-group exists + bridge_group = ['interfaces', type, interface] + if config.exists(bridge_group + ['bridge-group']): + migrate_bridge(config, bridge_group, interface) + + # We also need to migrate VLAN interfaces + vlan_base = ['interfaces', type, interface, 'vif'] + if config.exists(vlan_base): + for vlan in config.list_nodes(vlan_base): + intf = "{}.{}".format(interface, vlan) + migrate_bridge(config, vlan_base + [vlan], intf) + + # And then we have service VLANs (vif-s) interfaces + vlan_base = ['interfaces', type, interface, 'vif-s'] + if config.exists(vlan_base): + for vif_s in config.list_nodes(vlan_base): + intf = "{}.{}".format(interface, vif_s) + migrate_bridge(config, vlan_base + [vif_s], intf) + + # Every service VLAN can have multiple customer VLANs (vif-c) + vlan_c = ['interfaces', type, interface, 'vif-s', vif_s, 'vif-c'] + if config.exists(vlan_c): + for vif_c in config.list_nodes(vlan_c): + intf = "{}.{}.{}".format(interface, vif_s, vif_c) + migrate_bridge(config, vlan_c + [vif_c], intf) try: with open(file_name, 'w') as f: |