From b3eca8c14e77eabee5afe04a49dee0208bc715ee Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 8 Jul 2022 12:42:26 +0000 Subject: lb-wan: T4518: Add XML for conf mode load-balancing wan Add XML for configuration mode "load-balancing wan" for the future rewriting this to Python Remove node from Makefile as Python code is not yet completed --- Makefile | 3 + .../include/ipv4-address-prefix-range.xml.i | 39 ++ .../include/port-port-range.xml.i | 26 ++ interface-definitions/load-balancing-wan.xml.in | 395 +++++++++++++++++++++ src/conf_mode/load-balancing-wan.py | 65 ++++ 5 files changed, 528 insertions(+) create mode 100644 interface-definitions/include/ipv4-address-prefix-range.xml.i create mode 100644 interface-definitions/include/port-port-range.xml.i create mode 100644 interface-definitions/load-balancing-wan.xml.in create mode 100755 src/conf_mode/load-balancing-wan.py diff --git a/Makefile b/Makefile index 5e01108c0..56d446a27 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ interface_definitions: $(config_xml_obj) # T2773 - EIGRP support for VRF rm -rf $(TMPL_DIR)/vrf/name/node.tag/protocols/eigrp + # T4518, T4470 Load-balancing wan + rm -rf $(TMPL_DIR)/load-balancing + # XXX: test if there are empty node.def files - this is not allowed as these # could mask help strings or mandatory priority statements find $(TMPL_DIR) -name node.def -type f -empty -exec false {} + || sh -c 'echo "There are empty node.def files! Check your interface definitions." && exit 1' diff --git a/interface-definitions/include/ipv4-address-prefix-range.xml.i b/interface-definitions/include/ipv4-address-prefix-range.xml.i new file mode 100644 index 000000000..aadc6aaec --- /dev/null +++ b/interface-definitions/include/ipv4-address-prefix-range.xml.i @@ -0,0 +1,39 @@ + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + !ipv4 + Match everything except the specified address + + + !ipv4net + Match everything except the specified prefix + + + !ipv4range + Match everything except the specified range + + + + + + + + + + + + diff --git a/interface-definitions/include/port-port-range.xml.i b/interface-definitions/include/port-port-range.xml.i new file mode 100644 index 000000000..ce550f549 --- /dev/null +++ b/interface-definitions/include/port-port-range.xml.i @@ -0,0 +1,26 @@ + + + + Port number + + txt + Named port (any name in /etc/services, e.g., http) + + + u32:1-65535 + Numeric IP port + + + start-end + Numbered port range (e.g. 1001-1005) + + + + \n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005' + + + + + + + diff --git a/interface-definitions/load-balancing-wan.xml.in b/interface-definitions/load-balancing-wan.xml.in new file mode 100644 index 000000000..c2b6316ae --- /dev/null +++ b/interface-definitions/load-balancing-wan.xml.in @@ -0,0 +1,395 @@ + + + + + Configure load-balancing + + + + + Configure Wide Area Network (WAN) load-balancing + + + + + Disable source NAT rules from being configured for WAN load balancing + + + + + + Enable WAN load balancing for locally sourced traffic + + + + + + Flush connection tracking tables on connection state change + + + + + + Script to be executed on interface status change + + txt + Script in /config/scripts + + + + + + + + + Interface name + + + + + + + + Failure count + + u32:1-10 + Failure count + + + + + + + + + Outbound interface nexthop address. Can be 'DHCP or IPv4 address' [REQUIRED] + + dhcp + + + ipv4 + Nexthop IP address + + + dhcp + Set the nexthop via DHCP + + + + (dhcp) + + + + + + Success count + + u32:1-10 + Success count + + + + + + + + + Rule number + + u32:0-4294967295 + Rule number + + + + + + + + + Ping response time (seconds) + + u32:1-30 + Response time (seconds) + + + + + + + + + Health target address + + ipv4 + Health target address + + + + + + + + + Path to user-defined script + + txt + Script in /config/scripts + + + + + + + + + TTL limit (hop count) + + u32:1-254 + Number of hops + + + + + + + + + WLB test type + + ping ttl user-defined + + + ping + Test with ICMP echo response + + + ttl + Test with UDP TTL expired response + + + user-defined + User-defined test script + + + (ping|ttl|user-defined) + + + + + + + + + + Rule number (1-9999) + + u32:1-9999 + Rule number + + + + + + + + + Description for this rule + + txt + Description for this rule + + + + + + Destination + + + #include + #include + + + + + Exclude packets matching this rule from WAN load balance + + + + + + Enable failover for packets matching this rule from WAN load balance + + + + + + Inbound interface name (e.g., "eth0") [REQUIRED] + + any + + + + + + + Interface name [REQUIRED] + + + + + + + + Load-balance weight + + u32:1-255 + Interface weight + + + + + Weight must be between 1 and 255 + + + + + + + Enable packet limit for this rule + + + + + Burst limit for matching packets + + u32:0-4294967295 + Burst limit for matching packets + + + + + + + + + Time window for rate calculation + + hour minute second + + + hour + hour + + + minute + minute + + + second + second + + + (hour|minute|second) + + + + + + Number of packets used for rate limit + + u32:0-4294967295 + Number of packets used for rate limit + + + + + + + + + Threshold behavior for limit + + above below + + + above + Above limit + + + below + Below limit + + + (above|below) + + + + + + + + Option to match traffic per-packet instead of the default, per-flow + + + + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + + + Source information + + + #include + #include + + + + + + + Configure sticky connections + + + + + Enable sticky incoming WAN connections + + + + + + + + + + diff --git a/src/conf_mode/load-balancing-wan.py b/src/conf_mode/load-balancing-wan.py new file mode 100755 index 000000000..11840249f --- /dev/null +++ b/src/conf_mode/load-balancing-wan.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +from sys import exit + +from vyos.config import Config +from vyos.configdict import node_changed +from vyos.util import call +from vyos import ConfigError +from pprint import pprint +from vyos import airbag +airbag.enable() + + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + + base = ['load-balancing', 'wan'] + lb = conf.get_config_dict(base, get_first_key=True, + no_tag_node_value_mangle=True) + + pprint(lb) + return lb + +def verify(lb): + return None + + +def generate(lb): + if not lb: + return None + + return None + + +def apply(lb): + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) -- cgit v1.2.3