Hi, the sdn beta seem to works fine currently, I think the model is good enough to handle users need.
I'm already thinking about the next step: ip management (ipam) && dhcp. The main idea is to be able to defined subnets with pools of address ip on vnets, and when user create a vm on this vnet, he's only able to use an ip address from available pools. The ip address management can be done internal in the cluster, or use an external source through plugin. (racktables, netbox, phpipam,...). This is really needed for big company like me, where you have multiple proxmox cluster but also physicals servers, kubernetes cluster,... where all ips addresses are registred to a central software. When user will create a new vm or add a nic to the vm, he could choose ip address "auto", and the next available ip addresse will be returned with the ipam driver. User could also choose a specific ip address with verification of availability. In second step, we could also add dhcp server features, with static ip/mac leases. (Kea dhcp seem a good candidate). with 1 local dhcp server by node. (only responding to local vms) for bgp-evpn it's easy because we already have a anycast gateway ip, so it can be use by dhcp server. for vlan && layer2 plugin, I wonder if we could also assign some kind of anycast ip (same ip on each host/vnet), but with filtering (iptables,ebtables,....) I could also works to implement cloudinit network metadata. Here some implementations doc in openstack && openebula ------------------------------------------------------- openstack --------- https://specs.openstack.org/openstack/neutron-specs/specs/liberty/neutron-ipam.html https://www.youtube.com/watch?v=l_JSXSIRr6M https://www.youtube.com/watch?v=smbs0Up87Y4 opennebula ---------- https://docs.opennebula.io/5.10/integration/infrastructure_integration/devel-ipam.html#devel-ipam https://docs.opennebula.io/5.10/operation/network_management/manage_vnets.html#managing-address-ranges Somes notes/ideas for the implementation/config: ---------------------------------------------- /etc/pve/sdn/subnets.cfg ------------------------- subnet: subnet1 cidr 192.168.0.0/24 allocation-pools 192.168.0.10-17, 192.168.0.70-10, 192.168.0.100 (default is the full cidr without network/broadcast address) (I'm not sure, maybe allocation-pools should be differents objects to manage permissions on them) vnet vnet1 ipam internal (default) dhcp 1 -> generate dhcp configuration subnet: subnet2 cidr 192.168.1.0/24 vnet vnet1 ipam netbox subnet: subnet3 vnet vnet2 ipam netbox /etc/pve/sdn/ipam.cfg --------------------- netbox: mynetboximap api http://netbox.com/api/ login: ... password: ... firewall : ----------- - allowing only src/dst subnet on vnet by default ? - add vnets rules option ? - dhcp filtering rules (ebtables, dhcp snooping) add a new intermediate vnet chain : ->PVEFW-FWBR-IN->VNET-VNETID-IN--> TAP ? or add rules in each vm tap chain? vm|ct nic gui: -------------- - display all available ips in a list ? (maybe too huge with big subnets) or -> choose vnet -> choose available subnet -> field ip address: "auto|next free ip" -> api find_next_ip && record to ipam on submit. -> specify a specific ip address -> add_ip (with verification if still available) ipam driver api --------------- - add_subnet - add_ip - del_ip - add_next_ip ipam internal database (yml ?): --------------------------------- simply ip array -subnet1 - 192.168.0.1 - 192.168.0.2 - 192.168.0.3 or array of hash with more infos ? -subnet2 - ip: 192.168.1.1 vm: 100 net: 0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
