Re: [pve-devel] dhcp server
That listens on both addresses (ipv4 and ipv6)? Michael said me that for listen on both ipv4 and ipv6 at the same time, we need to create 2 sockets. But I think that it should work if you listen on ipv4 or ipv6. (I don't known other impacts of dual ipv4 ipv6 stack on host, with communications between deamon) - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: Michael Rasmussen m...@datanom.net, pve-devel@pve.proxmox.com Envoyé: Samedi 26 Juillet 2014 15:53:58 Objet: RE: [pve-devel] dhcp server That sounds good (no changes needed) ;-) I have done some tests, it's working fine with ipv4, no regression. That listens on both addresses (ipv4 and ipv6)? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
just tested with a ipv6 hostname, it's working fine
/usr/share/perl5/PVE/APIDaemon.pm
my $socket = IO::Socket::IP-new(
LocalAddr = $args{host} || undef,
LocalPort = $args{port} || 80,
Listen = SOMAXCONN,
Proto = 'tcp',
ReuseAddr = 1) ||
die unable to create socket - $@\n;
with
/etc/hosts
2001:db8:a:f::2 kvmtest1 pvelocalhost
root@kvmtest1:~# netstat -anp|grep 8006
tcp6 0 0 2001:db8:a:f::2:8006:::*
LISTEN 32003/pveproxy
- Mail original -
De: Alexandre DERUMIER aderum...@odiso.com
À: Dietmar Maurer diet...@proxmox.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Dimanche 27 Juillet 2014 10:12:01
Objet: Re: [pve-devel] dhcp server
That listens on both addresses (ipv4 and ipv6)?
Michael said me that for listen on both ipv4 and ipv6 at the same time, we need
to create 2 sockets.
But I think that it should work if you listen on ipv4 or ipv6.
(I don't known other impacts of dual ipv4 ipv6 stack on host, with
communications between deamon)
- Mail original -
De: Dietmar Maurer diet...@proxmox.com
À: Alexandre DERUMIER aderum...@odiso.com
Cc: Michael Rasmussen m...@datanom.net, pve-devel@pve.proxmox.com
Envoyé: Samedi 26 Juillet 2014 15:53:58
Objet: RE: [pve-devel] dhcp server
That sounds good (no changes needed) ;-)
I have done some tests, it's working fine with ipv4, no regression.
That listens on both addresses (ipv4 and ipv6)?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
Is DHCPv6 really in use? I thought everybody will use IPv6 Neighbor Discovery. This is also what I suspect since no module is available from CPAN but if proxmox is to appear as a boundary router for private nets will IPv6 Neighbor Discovery be sufficient from the clients to the interface on proxmox? AFAIK IPv6 Neighbor Discovery cannot even handle basic things like passing DNS server. So you need DHCPv6. I am a bit afraid how many LOC you write for that DHCP server? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
By the way, about ipv6, pveproxy don't work currently because of IO::Socket::INET not compatible with ipv6 I see that a new IO::Socket::IP support both ipv4 and ipv6, do you known if it's works fine ? - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com, Stefan Priebe s.pri...@profihost.ag Cc: pve-devel@pve.proxmox.com Envoyé: Samedi 26 Juillet 2014 10:41:07 Objet: RE: [pve-devel] dhcp server Is DHCPv6 really in use? I thought everybody will use IPv6 Neighbor Discovery. I think dhcpv6 can assign hostname,dns servers to guest, but not neighbor discovery ? I recently added a IPv6 router to our network (for tresting ipv6). I had IPv6 ND enabled, and guess what happened? All our windows servers and workstation switched to ipv6 automatically and immediately using ND! Unfortunately, there was no DHCPv6 server, so name resolution stopped to work immediately ... ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Sat, 26 Jul 2014 10:45:24 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: By the way, about ipv6, pveproxy don't work currently because of IO::Socket::INET not compatible with ipv6 I see that a new IO::Socket::IP support both ipv4 and ipv6, do you known if it's works fine ? In my dhcp server I use IO::Socket::IP. It works extremely well and is a drop-in replacement for IO::Socket::INET. No code needs any changes;-) -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Hodie natus est radici frater. [ Unto the root is born a brother ] signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Sat, 26 Jul 2014 07:01:42 + Dietmar Maurer diet...@proxmox.com wrote: AFAIK IPv6 Neighbor Discovery cannot even handle basic things like passing DNS server. So you need DHCPv6. Yes, I know that but if the DHCPv6 part should only handle such things it will greatly reduce the complexity and lines of code. I am a bit afraid how many LOC you write for that DHCP server? Well, pveproxy, which is likely the same in complexity, sports 1372 lines off code so I don't consider 1181 lines of code frightening compared to that;-) -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Don't comment bad code - rewrite it. - The Elements of Programming Style (Kernighan Plaugher) signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Sat, 26 Jul 2014 08:46:38 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: Is DHCPv6 really in use? I thought everybody will use IPv6 Neighbor Discovery. I think dhcpv6 can assign hostname,dns servers to guest, but not neighbor discovery ? (I don't use ipv6 currently, but it's planned for 2015-2016, as our ipv4 /20 will be full soon) I found some intestesting openstack slides: http://fr.slideshare.net/shixiongshang1/openstack-havana-over-ipv6 Seems that openstack will start with ND and SLAAC only for a the next major release. The slides mentioned Icehouse release and studying the Icehouse release notes you will find no mentioning of IPv6. So I guess IPv6 didn't make it in Icehouse after all. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: [Babe] Ruth made a big mistake when he gave up pitching. -- Tris Speaker, 1921 signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
I see that a new IO::Socket::IP support both ipv4 and ipv6, do you known if it's works fine ? In my dhcp server I use IO::Socket::IP. It works extremely well and is a drop-in replacement for IO::Socket::INET. No code needs any changes;-) That sounds good (no changes needed) ;-) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
Well, pveproxy, which is likely the same in complexity, sports 1372 lines off code so I don't consider 1181 lines of code frightening compared to that;-) But this is ipv4 only? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Sat, 26 Jul 2014 09:34:40 + Dietmar Maurer diet...@proxmox.com wrote: That sounds good (no changes needed) ;-) To have full support for socket helper IPv6 functions you need to use Socket6 as well. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There are no ABSOLUTE STATEMENTS. I'm very probably wrong. signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Sat, 26 Jul 2014 09:35:59 + Dietmar Maurer diet...@proxmox.com wrote: Well, pveproxy, which is likely the same in complexity, sports 1372 lines off code so I don't consider 1181 lines of code frightening compared to that;-) But this is ipv4 only? Yes, but if we leave IP discovery to ND and SLAAC which is the intended way we will only need to provide DNS et al. Gateway, broadcast and IP will be handled by ND and SLAAC. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There are no ABSOLUTE STATEMENTS. I'm very probably wrong. signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
Yes, but if we leave IP discovery to ND and SLAAC which is the intended way we will only need to provide DNS et al. Gateway, broadcast and IP will be handled by ND and SLAAC. Ok, sound reasonable. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Sat, 26 Jul 2014 11:13:00 + Dietmar Maurer diet...@proxmox.com wrote: Yes, but if we leave IP discovery to ND and SLAAC which is the intended way we will only need to provide DNS et al. Gateway, broadcast and IP will be handled by ND and SLAAC. Ok, sound reasonable. And I forgot to mention: 50% of the code is generic and provided we only need to provide DNS et al the required code for this will only raise the lines of code by 10-15%. My intended way of doing it as IPv6 stateless DHCPv6. Read more here: http://blog.geoff.co.uk/2011/08/02/ipv6-automated-network-configuration/ When SLAAC with RDNSS is widely accepted this will be the way to go and this will be easy provided we use IPv6 stateless DHCPv6. Stateful DHCPv6 as we know from DHCPv4 is a bastard specification anyway since it is not able to provide default routers so SLAAC will be required anyway. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Marriage is the triumph of imagination over intelligence. Second marriage is the triumph of hope over experience. signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
My intended way of doing it as IPv6 stateless DHCPv6. Read more here: http://blog.geoff.co.uk/2011/08/02/ipv6-automated-network-configuration/ When SLAAC with RDNSS is widely accepted this will be the way to go and this will be easy provided we use IPv6 stateless DHCPv6. Stateful DHCPv6 as we know from DHCPv4 is a bastard specification anyway since it is not able to provide default routers so SLAAC will be required anyway. I'm totally newbie with ipv6, but this seem good :) - Mail original - De: Michael Rasmussen m...@datanom.net À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Samedi 26 Juillet 2014 13:31:13 Objet: Re: [pve-devel] dhcp server On Sat, 26 Jul 2014 11:13:00 + Dietmar Maurer diet...@proxmox.com wrote: Yes, but if we leave IP discovery to ND and SLAAC which is the intended way we will only need to provide DNS et al. Gateway, broadcast and IP will be handled by ND and SLAAC. Ok, sound reasonable. And I forgot to mention: 50% of the code is generic and provided we only need to provide DNS et al the required code for this will only raise the lines of code by 10-15%. My intended way of doing it as IPv6 stateless DHCPv6. Read more here: http://blog.geoff.co.uk/2011/08/02/ipv6-automated-network-configuration/ When SLAAC with RDNSS is widely accepted this will be the way to go and this will be easy provided we use IPv6 stateless DHCPv6. Stateful DHCPv6 as we know from DHCPv4 is a bastard specification anyway since it is not able to provide default routers so SLAAC will be required anyway. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Marriage is the triumph of imagination over intelligence. Second marriage is the triumph of hope over experience. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
That sounds good (no changes needed) ;-) I have done some tests, it's working fine with ipv4, no regression. I'll do more tests. - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Michael Rasmussen m...@datanom.net, pve-devel@pve.proxmox.com Envoyé: Samedi 26 Juillet 2014 11:34:40 Objet: Re: [pve-devel] dhcp server I see that a new IO::Socket::IP support both ipv4 and ipv6, do you known if it's works fine ? In my dhcp server I use IO::Socket::IP. It works extremely well and is a drop-in replacement for IO::Socket::INET. No code needs any changes;-) That sounds good (no changes needed) ;-) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
My intended way of doing it as IPv6 stateless DHCPv6. Read more here: http://blog.geoff.co.uk/2011/08/02/ipv6-automated-network-configuration/ Thanks for the link. When SLAAC with RDNSS is widely accepted this will be the way to go and this will be easy provided we use IPv6 stateless DHCPv6. ok, looks good to me. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
That sounds good (no changes needed) ;-) I have done some tests, it's working fine with ipv4, no regression. That listens on both addresses (ipv4 and ipv6)? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] dhcp server
Hi all, The dhcp server is completed with the following limitations: 1) A monitor for changing binding state for expired leases is missing 2) No IPv6 functionality yet since no module is available for IPv6. IPv6 dhcp seems to be completely different from IPv4 dhcp which requires a lot of reading. Since no module seems to exists in perl for DHCP6 I will need to create a module from scratch. This can take some time. From what I have discovered so far IPv6 seems to come with a simple DHCP server build in. Clients use this by network neighborhood discovery and it is only needed for boundary routers which is taken care of by hardware routers/switches. Any comments? You can clone the code from here: git clone git://git.datanom.net/pve-dhcp-server.git Please post comments and questions to the maillist. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Nothing so needs reforming as other people's habits. -- Mark Twain, Pudd'nhead Wilson's Calendar signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
Is DHCPv6 really in use? I thought everybody will use IPv6 Neighbor Discovery. Stefan Am 25.07.2014 21:45, schrieb Michael Rasmussen: Hi all, The dhcp server is completed with the following limitations: 1) A monitor for changing binding state for expired leases is missing 2) No IPv6 functionality yet since no module is available for IPv6. IPv6 dhcp seems to be completely different from IPv4 dhcp which requires a lot of reading. Since no module seems to exists in perl for DHCP6 I will need to create a module from scratch. This can take some time. From what I have discovered so far IPv6 seems to come with a simple DHCP server build in. Clients use this by network neighborhood discovery and it is only needed for boundary routers which is taken care of by hardware routers/switches. Any comments? You can clone the code from here: git clone git://git.datanom.net/pve-dhcp-server.git Please post comments and questions to the maillist. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] dhcp server
On Fri, 25 Jul 2014 21:53:43 +0200 Stefan Priebe s.pri...@profihost.ag wrote: Is DHCPv6 really in use? I thought everybody will use IPv6 Neighbor Discovery. This is also what I suspect since no module is available from CPAN but if proxmox is to appear as a boundary router for private nets will IPv6 Neighbor Discovery be sufficient from the clients to the interface on proxmox? -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Lookie, lookie, here comes cookie... -- Stephen Sondheim signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
It should not be necessary since each host knows the MAC for each VM running on the host and because the discover request will contain the MAC of the client we can filter on MAC in the DHCP server. This way only the host hosting the client will respond to the DHCP request. Oh yes, indeed :) Great :) - Mail original - De: Michael Rasmussen m...@datanom.net À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com, Dietmar Maurer diet...@proxmox.com Envoyé: Dimanche 20 Juillet 2014 15:13:18 Objet: Re: [pve-devel] DHCP server On Sun, 20 Jul 2014 15:04:29 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: Hi, Isn't it possible to filter dhcp request with iptables, on the host outside interface ? Like this, each host have a dhcp server which respond only to vms hosted on the host. It should not be necessary since each host knows the MAC for each VM running on the host and because the discover request will contain the MAC of the client we can filter on MAC in the DHCP server. This way only the host hosting the client will respond to the DHCP request. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Time is but the stream I go a-fishing in. -- Henry David Thoreau ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
The problem is that each node has its own copy of the lease file and that merging is done by corosync after a node has made changes to the file so we will need to implement some kind of two-phase commit among the nodes taking part in the cluster. Alternatively we deside that only one node is handling DHCP requests at a time but this will break the concept of multi master functionality in proxmox. Hi, Isn't it possible to filter dhcp request with iptables, on the host outside interface ? Like this, each host have a dhcp server which respond only to vms hosted on the host. - Mail original - De: Michael Rasmussen m...@datanom.net À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Samedi 19 Juillet 2014 18:53:34 Objet: Re: [pve-devel] DHCP server On Sat, 19 Jul 2014 16:38:02 + Dietmar Maurer diet...@proxmox.com wrote: just lock the file before you write (or what is the question?) I was thinking of these scenarios: 1a) Client broadcast request for IP 2a) Each nodes listen so each could give a reply simultaneously! 1b) Several clients request for an IP simultaneously 2b) Each nodes listen so each could give a reply simultaneously and therefore the same IP could be distributed to different clients! The problem is that each node has its own copy of the lease file and that merging is done by corosync after a node has made changes to the file so we will need to implement some kind of two-phase commit among the nodes taking part in the cluster. Alternatively we deside that only one node is handling DHCP requests at a time but this will break the concept of multi master functionality in proxmox. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: The trouble with eating Italian food is that five or six days later you're hungry again. -- George Miller ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
On Sun, 20 Jul 2014 15:04:29 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: Hi, Isn't it possible to filter dhcp request with iptables, on the host outside interface ? Like this, each host have a dhcp server which respond only to vms hosted on the host. It should not be necessary since each host knows the MAC for each VM running on the host and because the discover request will contain the MAC of the client we can filter on MAC in the DHCP server. This way only the host hosting the client will respond to the DHCP request. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Time is but the stream I go a-fishing in. -- Henry David Thoreau signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
On Sat, 19 Jul 2014 14:27:14 + Dietmar Maurer diet...@proxmox.com wrote: Please coordinate this with Alexandre. But I think a prototype would be interesting, because using perl gives use most flexibility. As I recall it Alexandre were opting for dnsmasq so I don't think our efforts will interfere. I am also leaning more to a Perl solution because we will not depend on the development of dnsmasq and also dnsmasq is tailored for many other purposes as well. Does it work for all client OS we use? I can test (I have these clients installed) with the following clients: - Windows 7 enterprise edition (XP is EOL and I do not want to install windows 8 and 8.1 since I will never be using them. The same applies to windows server 2008(r1|r2), 2010(r1) and 2013) - FreeBSD 8+9+10 - OpenBSD 5 - Omnios 151010 - RHEL/CentOS 5,6,7 - Debian 7 + testing and unstable - Ubuntu 12.04 and 14.04 Anyone missing apart from windows server? Sure, I also think we do not need those other features. I will prepare a prototype. I have made these decisions for design: 1) Leases and config are stored in files placed in /etc/pve to accommodate sharing between nodes as well as HA, perhaps in /etc/pve/priv/dhcp. Because of the shared nature how should distribution be handled? 2) A new tab should be created in the cluster page named DHCP server. A simple checkbox to enable/disable the server. This config is saved in datacenter.cfg (dhcpd: 0|1) 3) When a node starts it will read the option dhcpd to deside whether to start dhcp service or not. 4) There should be some sort of monitoring of this config so that all nodes react properly to disabling or enabling dhcp service. 5) The new tab should present the user a drop-down with known interfaces for which dhcp services can be enabled. Choosing an interface will open a config block where the following options is available: - range in net - lease time - renew time - gateway - dns server - optional list of MAC's which will be allowed to request an IP - optional list of MAC's which will be assigned a 'static' IP - optional ntp server For each of the config blocks should be possible to disable/enable and delete - a checkbox for enable/disable and a button for delete. Anything else missing above? I will begin looking into the making the perl prototype others will in parallel could start implementing the tab and rpc part for configuration and control since I believe this part will be necessary even if the dnsmasq road is chosen. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Live within your income, even if you have to borrow to do so. -- Josh Billings signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
On Sat, 19 Jul 2014 05:07:58 + Dietmar Maurer diet...@proxmox.com wrote: Thanks for that link. But I have no idea how stable that is. And is it feature complete? ipv6 support? I found the answer to ipv6: As of perl 5.14 all needed to support ipv6 is to replace any instance of IO::Socket::INET with IO::Socket::IP like $handle = IO::Socket::INET-new(..) replaced with $handle = IO::Socket::IP-new(..) read http://www.perl.org/about/whitepapers/perl-ipv6.html https://metacpan.org/pod/IO::Socket::IP I have just tried it in the example server and client and everything works:-) From what I have read IO::Socket::IP is a high-level abstraction layer on-top IO::Socket::INET and IO::Socket::INET6 which deduces which kind of socket to use, eg. ipv4 or ipv6. And since Debian Wheezy provides perl 5.14 we are home free;-) $ dpkg -s perl Package: perl Status: install ok installed Priority: standard Section: perl Installed-Size: 16598 Maintainer: Niko Tyni nt...@debian.org Architecture: amd64 Version: 5.14.2-21+deb7u1 -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: Honi soit la vache qui rit. signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
Thanks for that link. But I have no idea how stable that is. And is it feature complete? ipv6 support? I found the answer to ipv6: As of perl 5.14 all needed to support ipv6 is to replace any instance of Perl is not the problem. I talk about DHCP features/extension for v6? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
On Sat, 19 Jul 2014 16:38:02 + Dietmar Maurer diet...@proxmox.com wrote: just lock the file before you write (or what is the question?) I was thinking of these scenarios: 1a) Client broadcast request for IP 2a) Each nodes listen so each could give a reply simultaneously! 1b) Several clients request for an IP simultaneously 2b) Each nodes listen so each could give a reply simultaneously and therefore the same IP could be distributed to different clients! The problem is that each node has its own copy of the lease file and that merging is done by corosync after a node has made changes to the file so we will need to implement some kind of two-phase commit among the nodes taking part in the cluster. Alternatively we deside that only one node is handling DHCP requests at a time but this will break the concept of multi master functionality in proxmox. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: The trouble with eating Italian food is that five or six days later you're hungry again. -- George Miller signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
On Sat, 19 Jul 2014 16:41:02 + Dietmar Maurer diet...@proxmox.com wrote: Thanks for that link. But I have no idea how stable that is. And is it feature complete? ipv6 support? I found the answer to ipv6: As of perl 5.14 all needed to support ipv6 is to replace any instance of Perl is not the problem. I talk about DHCP features/extension for v6? Easy: Get address of peer and if address parses to an ipv6 return an ipv6 address from the ipv6 address range. See also: https://metacpan.org/pod/IO::Socket::IP#host-port-IO::Socket::IP-split_addr-addr -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: This is the tomorrow you worried about yesterday. And now you know why. signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
On Sat, 19 Jul 2014 05:07:58 + Dietmar Maurer diet...@proxmox.com wrote: Thanks for that link. But I have no idea how stable that is. And is it feature complete? ipv6 support? I have done a number of tests with the client part of Net::DHCP which is very promissing. Test has been made against a dnsmasq server running on FreeBSD and against a isc-dhcp-server running on Debian. All tests run flawlessly and results were identical. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: For 20 dollars, I'll give you a good fortune next time ... signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] DHCP server
I was thinking of these scenarios: 1a) Client broadcast request for IP 2a) Each nodes listen so each could give a reply simultaneously! We know the MAC address of our VMs, so only the node where the VM resides can answer. 1b) Several clients request for an IP simultaneously 2b) Each nodes listen so each could give a reply simultaneously and therefore the same IP could be distributed to different clients! 1.) lock file (cluster wide lock) 2.) allocate IP 3.) release lock ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
