From 71f7e85c1fbe06608e35452f43dd587da566117e Mon Sep 17 00:00:00 2001 From: Milan Lenco Date: Thu, 14 Dec 2023 16:04:20 +0100 Subject: [PATCH 1/2] Clarification on default route propagation Signed-off-by: Milan Lenco --- proto/config/netinst.proto | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/proto/config/netinst.proto b/proto/config/netinst.proto index 716555f9..54de1ea7 100644 --- a/proto/config/netinst.proto +++ b/proto/config/netinst.proto @@ -113,6 +113,12 @@ message NetworkInstanceConfig { AddressType ipType = 39; // network ip specification + // If ip.gateway is set to all-zeroes IP, default route will not be propagated + // to applications for interfaces connected to this network instance. + // Default route propagation is also automatically suppressed when the network + // instance is air-gapped or when the uplink is app-shared without default route + // configured. This behaviour can be further customized using static_routes + // (see below). ipspec ip = 40; // static DNS entry, if we are running DNS/DHCP service @@ -137,11 +143,14 @@ message NetworkInstanceConfig { // routes can be propagated at the same time, there are no restrictions for using both. // // Note that the default route (with the bridge IP as the gateway) is automatically - // propagated to connected applications unless explicitly disabled by setting - // NetworkInstanceConfig.ip.gateway to an all-zeroes IP or when the uplink is app-shared - // (not management) and does not have a default route of its own. In the latter case, - // it is possible to enforce default route propagation by configuring a static default - // route for the network instance. + // propagated to connected applications with these exceptions: + // a) default route propagation is explicitly disabled by setting + // NetworkInstanceConfig.ip.gateway to an all-zeroes IP + // b) network instance is air-gapped (without uplink) + // c) the uplink is app-shared (not management) and does not have a default route + // of its own + // In the b) and c) cases, it is possible to enforce default route propagation + // by configuring a static default route for the network instance. // // This option is only valid for local network instances. For other types // of network instances, it will be ignored. From 2fbc357175caf94ae2fef3ae1ce44fbaee6c201b Mon Sep 17 00:00:00 2001 From: Milan Lenco Date: Thu, 14 Dec 2023 16:05:04 +0100 Subject: [PATCH 2/2] Generate proto files Signed-off-by: Milan Lenco --- go/config/netinst.pb.go | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/go/config/netinst.pb.go b/go/config/netinst.pb.go index 8cdb535d..65996c39 100644 --- a/go/config/netinst.pb.go +++ b/go/config/netinst.pb.go @@ -559,6 +559,12 @@ type NetworkInstanceConfig struct { // type of ipSpec IpType AddressType `protobuf:"varint,39,opt,name=ipType,proto3,enum=org.lfedge.eve.config.AddressType" json:"ipType,omitempty"` // network ip specification + // If ip.gateway is set to all-zeroes IP, default route will not be propagated + // to applications for interfaces connected to this network instance. + // Default route propagation is also automatically suppressed when the network + // instance is air-gapped or when the uplink is app-shared without default route + // configured. This behaviour can be further customized using static_routes + // (see below). Ip *Ipspec `protobuf:"bytes,40,opt,name=ip,proto3" json:"ip,omitempty"` // static DNS entry, if we are running DNS/DHCP service Dns []*ZnetStaticDNSEntry `protobuf:"bytes,41,rep,name=dns,proto3" json:"dns,omitempty"` @@ -582,11 +588,16 @@ type NetworkInstanceConfig struct { // routes can be propagated at the same time, there are no restrictions for using both. // // Note that the default route (with the bridge IP as the gateway) is automatically - // propagated to connected applications unless explicitly disabled by setting - // NetworkInstanceConfig.ip.gateway to an all-zeroes IP or when the uplink is app-shared - // (not management) and does not have a default route of its own. In the latter case, - // it is possible to enforce default route propagation by configuring a static default - // route for the network instance. + // propagated to connected applications with these exceptions: + // + // a) default route propagation is explicitly disabled by setting + // NetworkInstanceConfig.ip.gateway to an all-zeroes IP + // b) network instance is air-gapped (without uplink) + // c) the uplink is app-shared (not management) and does not have a default route + // of its own + // + // In the b) and c) cases, it is possible to enforce default route propagation + // by configuring a static default route for the network instance. // // This option is only valid for local network instances. For other types // of network instances, it will be ignored.