summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-vxlan.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode/interfaces-vxlan.py')
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py236
1 files changed, 0 insertions, 236 deletions
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
deleted file mode 100755
index 4251e611b..000000000
--- a/src/conf_mode/interfaces-vxlan.py
+++ /dev/null
@@ -1,236 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-import os
-
-from sys import exit
-from netifaces import interfaces
-
-from vyos.base import Warning
-from vyos.config import Config
-from vyos.configdict import get_interface_dict
-from vyos.configdict import leaf_node_changed
-from vyos.configdict import is_node_changed
-from vyos.configdict import node_changed
-from vyos.configverify import verify_address
-from vyos.configverify import verify_bridge_delete
-from vyos.configverify import verify_mtu_ipv6
-from vyos.configverify import verify_mirror_redirect
-from vyos.configverify import verify_source_interface
-from vyos.configverify import verify_bond_bridge_member
-from vyos.ifconfig import Interface
-from vyos.ifconfig import VXLANIf
-from vyos.template import is_ipv6
-from vyos.utils.dict import dict_search
-from vyos import ConfigError
-from vyos import airbag
-airbag.enable()
-
-def get_config(config=None):
- """
- Retrive CLI config as dictionary. Dictionary can never be empty, as at least
- the interface name will be added or a deleted flag
- """
- if config:
- conf = config
- else:
- conf = Config()
- base = ['interfaces', 'vxlan']
- ifname, vxlan = get_interface_dict(conf, base)
-
- # VXLAN interfaces are picky and require recreation if certain parameters
- # change. But a VXLAN interface should - of course - not be re-created if
- # it's description or IP address is adjusted. Feels somehow logic doesn't it?
- for cli_option in ['parameters', 'gpe', 'group', 'port', 'remote',
- 'source-address', 'source-interface', 'vni']:
- if is_node_changed(conf, base + [ifname, cli_option]):
- vxlan.update({'rebuild_required': {}})
- break
-
- # When dealing with VNI filtering we need to know what VNI was actually removed,
- # so build up a dict matching the vlan_to_vni structure but with removed values.
- tmp = node_changed(conf, base + [ifname, 'vlan-to-vni'], recursive=True)
- if tmp:
- vxlan.update({'vlan_to_vni_removed': {}})
- for vlan in tmp:
- vni = leaf_node_changed(conf, base + [ifname, 'vlan-to-vni', vlan, 'vni'])
- vxlan['vlan_to_vni_removed'].update({vlan : {'vni' : vni[0]}})
-
- # We need to verify that no other VXLAN tunnel is configured when external
- # mode is in use - Linux Kernel limitation
- conf.set_level(base)
- vxlan['other_tunnels'] = conf.get_config_dict([], key_mangling=('-', '_'),
- get_first_key=True,
- no_tag_node_value_mangle=True)
-
- # This if-clause is just to be sure - it will always evaluate to true
- ifname = vxlan['ifname']
- if ifname in vxlan['other_tunnels']:
- del vxlan['other_tunnels'][ifname]
- if len(vxlan['other_tunnels']) == 0:
- del vxlan['other_tunnels']
-
- return vxlan
-
-def verify(vxlan):
- if 'deleted' in vxlan:
- verify_bridge_delete(vxlan)
- return None
-
- if int(vxlan['mtu']) < 1500:
- Warning('RFC7348 recommends VXLAN tunnels preserve a 1500 byte MTU')
-
- if 'group' in vxlan:
- if 'source_interface' not in vxlan:
- raise ConfigError('Multicast VXLAN requires an underlaying interface')
- verify_source_interface(vxlan)
-
- if not any(tmp in ['group', 'remote', 'source_address', 'source_interface'] for tmp in vxlan):
- raise ConfigError('Group, remote, source-address or source-interface must be configured')
-
- if 'vni' not in vxlan and dict_search('parameters.external', vxlan) == None:
- raise ConfigError('Must either configure VXLAN "vni" or use "external" CLI option!')
-
- if dict_search('parameters.external', vxlan) != None:
- if 'vni' in vxlan:
- raise ConfigError('Can not specify both "external" and "VNI"!')
-
- if 'other_tunnels' in vxlan:
- # When multiple VXLAN interfaces are defined and "external" is used,
- # all VXLAN interfaces need to have vni-filter enabled!
- # See Linux Kernel commit f9c4bb0b245cee35ef66f75bf409c9573d934cf9
- other_vni_filter = False
- for tunnel, tunnel_config in vxlan['other_tunnels'].items():
- if dict_search('parameters.vni_filter', tunnel_config) != None:
- other_vni_filter = True
- break
- # eqivalent of the C foo ? 'a' : 'b' statement
- vni_filter = True and (dict_search('parameters.vni_filter', vxlan) != None) or False
- # If either one is enabled, so must be the other. Both can be off and both can be on
- if (vni_filter and not other_vni_filter) or (not vni_filter and other_vni_filter):
- raise ConfigError(f'Using multiple VXLAN interfaces with "external" '\
- 'requires all VXLAN interfaces to have "vni-filter" configured!')
-
- if not vni_filter and not other_vni_filter:
- other_tunnels = ', '.join(vxlan['other_tunnels'])
- raise ConfigError(f'Only one VXLAN tunnel is supported when "external" '\
- f'CLI option is used and "vni-filter" is unset. '\
- f'Additional tunnels: {other_tunnels}')
-
- if 'gpe' in vxlan and 'external' not in vxlan:
- raise ConfigError(f'VXLAN-GPE is only supported when "external" '\
- f'CLI option is used.')
-
- if 'source_interface' in vxlan:
- # VXLAN adds at least an overhead of 50 byte - we need to check the
- # underlaying device if our VXLAN package is not going to be fragmented!
- vxlan_overhead = 50
- if 'source_address' in vxlan and is_ipv6(vxlan['source_address']):
- # IPv6 adds an extra 20 bytes overhead because the IPv6 header is 20
- # bytes larger than the IPv4 header - assuming no extra options are
- # in use.
- vxlan_overhead += 20
-
- # If source_address is not used - check IPv6 'remote' list
- elif 'remote' in vxlan:
- if any(is_ipv6(a) for a in vxlan['remote']):
- vxlan_overhead += 20
-
- lower_mtu = Interface(vxlan['source_interface']).get_mtu()
- if lower_mtu < (int(vxlan['mtu']) + vxlan_overhead):
- raise ConfigError(f'Underlaying device MTU is to small ({lower_mtu} '\
- f'bytes) for VXLAN overhead ({vxlan_overhead} bytes!)')
-
- # Check for mixed IPv4 and IPv6 addresses
- protocol = None
- if 'source_address' in vxlan:
- if is_ipv6(vxlan['source_address']):
- protocol = 'ipv6'
- else:
- protocol = 'ipv4'
-
- if 'remote' in vxlan:
- error_msg = 'Can not mix both IPv4 and IPv6 for VXLAN underlay'
- for remote in vxlan['remote']:
- if is_ipv6(remote):
- if protocol == 'ipv4':
- raise ConfigError(error_msg)
- protocol = 'ipv6'
- else:
- if protocol == 'ipv6':
- raise ConfigError(error_msg)
- protocol = 'ipv4'
-
- if 'vlan_to_vni' in vxlan:
- if 'is_bridge_member' not in vxlan:
- raise ConfigError('VLAN to VNI mapping requires that VXLAN interface '\
- 'is member of a bridge interface!')
-
- vnis_used = []
- for vif, vif_config in vxlan['vlan_to_vni'].items():
- if 'vni' not in vif_config:
- raise ConfigError(f'Must define VNI for VLAN "{vif}"!')
- vni = vif_config['vni']
- if vni in vnis_used:
- raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!')
- vnis_used.append(vni)
-
- if dict_search('parameters.neighbor_suppress', vxlan) != None:
- if 'is_bridge_member' not in vxlan:
- raise ConfigError('Neighbor suppression requires that VXLAN interface '\
- 'is member of a bridge interface!')
-
- verify_mtu_ipv6(vxlan)
- verify_address(vxlan)
- verify_bond_bridge_member(vxlan)
- verify_mirror_redirect(vxlan)
-
- # We use a defaultValue for port, thus it's always safe to use
- if vxlan['port'] == '8472':
- Warning('Starting from VyOS 1.4, the default port for VXLAN '\
- 'has been changed to 4789. This matches the IANA assigned '\
- 'standard port number!')
-
- return None
-
-def generate(vxlan):
- return None
-
-def apply(vxlan):
- # Check if the VXLAN interface already exists
- if 'rebuild_required' in vxlan or 'delete' in vxlan:
- if vxlan['ifname'] in interfaces():
- v = VXLANIf(vxlan['ifname'])
- # VXLAN is super picky and the tunnel always needs to be recreated,
- # thus we can simply always delete it first.
- v.remove()
-
- if 'deleted' not in vxlan:
- # Finally create the new interface
- v = VXLANIf(**vxlan)
- v.update(vxlan)
-
- return None
-
-if __name__ == '__main__':
- try:
- c = get_config()
- verify(c)
- generate(c)
- apply(c)
- except ConfigError as e:
- print(e)
- exit(1)