proxmox 6.2 sdn beta test

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
ok, I'll wait for the next version.

We are using EfficientIP as IPam, so as soon as it will be available,
I'll surely take some time to make this IPam available for proxmox.
I just send a poc for lxc to the dev mailing list.
The ipam management itself is already done, with internal ipam but also external ipam like netbox,phpipam,... We just need to implement it for lxc/qemu.

BTW, if you have special needs for ipam, you can contact me directly to my email : aderumier@odiso.com. (I'm French ;)
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
We are using EfficientIP as IPam, so as soon as it will be available,
is it an opensource ipam ? I don't have added yet support for custom plugin (like for storage), but it could be easy to add.

currently, ipam plugins are really simple to implement, with 5 functions:

add_subnet($subnet)
del_subnet($subnet)
add_ip($ip)
del_ip($ip)
add_next_freeip()
 
Apr 18, 2016
19
1
23
Nantes - France
Unfortunately EfficientIP it's not opensource.

I've checked your code and it should be rather easy to add EfficientIP support as they have a REST API.
Event for DNS support this should not be difficult.

My idea is : when creating a VM, IPam should provide an IP within the correct subnet and register DNS with the provided VM name.
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
Unfortunately EfficientIP it's not opensource.

I've checked your code and it should be rather easy to add EfficientIP support as they have a REST API.
Event for DNS support this should not be difficult.
ok, so no problem here.

My idea is : when creating a VM, IPam should provide an IP within the correct subnet and register DNS with the provided VM name.
Yes, this is how I have implemented it for lxc.

It'll try to find first available ip in subnet(s) defined on a vnet where the nic is plugged.
and register dns, with the hostname of the vm. (it's also possible to add dns prefix by vnet (like myhostname.proxmox.mydomain.com), if you have multiple ip by vms)

for dns, I have implemented powerdns plugin currently.
the proxmox dns plugin is optionnal too ( maybe EfficientIP can manage dns directly ? )
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
Yes EfficientIP is also handling DNSrecords.

In fact this can be done in a single operation :
Unfortunately no perl native support but see python example :https://www.efficientip.com/python-library/
ok, seem that api have all features needed, and it's 100% restfull, so almost the same than other plugins.
looking at this page:
https://www.efficientip.com/solidserver-api-for-it-automation/

I don't have found the doc about the api, but I'm seeing compatibility with openapi && swagger:
https://www.efficientip.com/wp-cont...for-IT-Swagger-2020-06-02-154006-1024x492.png

so, calling the rest server directly with a browser, should give the api endpoints && params.
 

cyruspy

Active Member
Jul 2, 2013
30
0
26
mmm, ok, I think I understand.
Why not simply do , instead your conf:

Code:
auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp5s4f0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.100
iface vmbr0.100 inet manual
    vlan-id 100


auto vmbr1
iface vmbr1 inet static
    address 10.2.0.223/24
    gateway 10.2.0.1
    bridge-ports enp6s5f0 enp6s5f1 vmbr0.100
    bridge-stp off
    bridge-fd 0
#Downlink para gest

this (tagging vlan on physical interfaces)

Code:
auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp5s4f0  enp6s5f0.100 enp6s5f1.100
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.100
iface vmbr0.100 inet static
    address 10.2.0.223/24
    gateway 10.2.0.1

or using vlan-aware feature (with ifupdown2 package)

Code:
auto enp6s5f0
iface enp6s5f0
    bridge-access 100

auto enp6s5f1
iface enp6s5f1
    bridge-access 100

auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp5s4f0  enp6s5f0 enp6s5f1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.100
iface vmbr0.100 inet static
    address 10.2.0.223/24
    gateway 10.2.0.1

OK, had the opportunity to test. Applied the second option "bridge-access" because the first proposal seemed to cover a trunk scenario (tagged vlan). Checking it seems to configure the proper access mode in the required vlan:

Code:
root@bigiron:~# bridge vlan show dev enp6s5f1
port    vlan ids
enp6s5f1         100 PVID Egress Untagged

root@bigiron:~# bridge vlan show dev enp6s5f0
port    vlan ids
enp6s5f0         100 PVID Egress Untagged

Now, on the web interface I cannot see that configuration (access mode for those ports), and it makes me wonder:

1- Could I have configured that through the web interface?
2- Will it break next time I change something with the web interface?.
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
Now, on the web interface I cannot see that configuration (access mode for those ports), and it makes me wonder:

1- Could I have configured that through the web interface?
2- Will it break next time I change something with the web interface?.
1) yes, bridge-access is not yet supported in the web interface. so you cant see it.
2) I'm not sure, try to do a change on any interface, the configuration should be rewriten in /etc/network/interfaces.new (and not apply), and the diff is displayed in the gui.
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
Hi,

is there any news on the SDN side ?
Is there something I can do to help ?
I have published almost all patches to pve-devel mailing list,
but they are not yet all applied.
Maybe ask to proxmox dev on pve-devel mailing list ;)

(The last missing thing is auto ip attribution for qemu machines, I should have finished for the end of the month).
 
Feb 22, 2021
1
0
1
(The last missing thing is auto ip attribution for qemu machines, I should have finished for the end of the month).
Does this mean SDN would be moving towards production after that point or do you have some guess on what timescale it is going to production?

Also big thanks for all the effort you've done for SDN and Proxmox otherwise :)
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
Does this mean SDN would be moving towards production after that point or do you have some guess on what timescale it is going to production?

Also big thanks for all the effort you've done for SDN and Proxmox otherwise :)
I really don't known the roadmap, maybe ask to proxmox devs directly ;)

I'm still working on qemu ip allocation and cloudinit. Some part of the dev has already been applied to git, but not yet released because of other needed change.

I'm not sure, but maybe it'll be production ready for proxmox7 when debian11 will be released, but I'm hoping a new beta soon to test subnet/ipam management.
 
  • Like
Reactions: cville and guletz

t.lamprecht

Proxmox Staff Member
Staff member
Jul 28, 2015
3,658
738
133
South Tyrol/Italy
shop.maurer-it.com
Hi,

I have some bigger clean-ups still planned, especially merging a few related config files to avoid to many of those.
I plan to get that done until the next point release, if I had to guess that could be at the start of Q2.
Further (educated) guessing would be first switch from opt-in to always installed (but still a tech preview -> no enterprise support) and one or two releases after that, when all seems stable and a bit more polished we could release it as stable.

That's my current view, SDN is a complex feature, so it always needs a bit of time to get into it to have a full picture, that and the fact that is not out as stable yet is why it gets a bit more easily showed to the back burner (at least for me, which has done the main review work up until now) and I hate that a bit as I find it a really cool feature. Many thanks here to @spirit which continues to pour in lots of good effort in such enterprise class features!
 

spirit

Famous Member
Apr 2, 2010
4,583
348
103
www.odiso.com
Hi,

I have some bigger clean-ups still planned, especially merging a few related config files to avoid to many of those.
I plan to get that done until the next point release, if I had to guess that could be at the start of Q2.
Don't hesitate to ask me if it need some rework, or if I can help.

Further (educated) guessing would be first switch from opt-in to always installed (but still a tech preview -> no enterprise support) and one or two releases after that, when all seems stable and a bit more polished we could release it as stable.

That's my current view, SDN is a complex feature, so it always needs a bit of time to get into it to have a full picture, that and the fact that is not out as stable yet is why it gets a bit more easily showed to the back burner (at least for me, which has done the main review work up until now) and I hate that a bit as I find it a really cool feature.
Yes, better to have something stable and polished first.

Many thanks here to @spirit which continues to pour in lots of good effort in such enterprise class features!
thanks to you for the reviews and your time ;)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!