Allow to configure custom network adapter labels #53
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
milan-zededa
force-pushed
the
adapter-labels
branch
from
3646a66 to
8a9c011
Compare
|
@milan-zededa I think it makes sense generalizing what we have. However, for the connectivity testing we currently at least partially depend on them being management ports - we check connectivity to the controller. We also check connectivity to the default router. I wonder whether that default router check would be sufficient for non-manegement ports. (If not we have to expose the ability to configure probe target IPs and/or URLs to the controller, UI, etc.) |
proto/config/netinst.proto
Outdated
| // Network instance with no assigned port (empty port reference or label not matching | ||
| // any port) is air-gapped, i.e. completely isolated from external networks. | ||
| // With multiple ports assigned, the behaviour depends on the network instance type. | ||
| // Switch network instance will run Spanning Tree Protocol (STP) to avoid bridge loops |
There was a problem hiding this comment.
Don't we need STP plus BPDU guard? Or will STP catch the common loops?
( I know from experience that STP doesn't catch loops if a port or cable is defective and only passes traffic in one direction, but that is an uncommon case.)
There was a problem hiding this comment.
It probably make sense to automatically enable BPDU guard on every application VIF connected to the switch NI. These are effectively leaf (edge) ports and we do not expect them to participate in STP. It would also make sense if these ports were immediately set to the forwarding state. However, I do not see feature similar to CISCO's proprietary "Fast-Enabled port" being available on the Linux bridge.
Perhaps it also make sense to allow the user to select a subset of physical ports which are also expected to be leafs, or where the downstream bridges are not fully trusted. This can also be a string attribute expecting a port label (selecting zero or more ports). But in that case, we will also have to allow the user to re-enable ports that were previously blocked. Due to the declarative nature of the config, this would have to be a counter attribute.
milan-zededa
force-pushed
the
adapter-labels
branch
2 times, most recently
from
c35c9ec to
7624733
Compare
True, I will think about how to allow configuring probing endpoint for any port, and ideally also how to unify it with the cellular connectivity testing (https://github.com/milan-zededa/eve-api/blob/adapter-labels/proto/config/netconfig.proto#L91-L111), |
milan-zededa
force-pushed
the
adapter-labels
branch
5 times, most recently
from
d20da30 to
9fd4b8e
Compare
|
How will the static routing implementation be affected this change? |
Currently, NI routing table contains only routes corresponding to the single selected port (selected at the given moment by connectivity testing). This also applies to static IP routes, i.e. we do not install static routes that at the given moment do not point to the selected port. |
milan-zededa
force-pushed
the
adapter-labels
branch
4 times, most recently
from
af4b783 to
441d9e9
Compare
|
@milan-zededa I think this is fine. Only that all the ip routes can be applied onto various interfaces with gateway address matching their interface prefixes, and default route most likely will be propagated since there is mix of mgmt and app-shared, all the connected routes can be propagated if the knob is selected. |
milan-zededa
force-pushed
the
adapter-labels
branch
4 times, most recently
from
b257236 to
f241ed3
Compare
milan-zededa
force-pushed
the
adapter-labels
branch
2 times, most recently
from
c4d5143 to
4a1451d
Compare
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Jul 29, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Jul 29, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Jul 29, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Jul 29, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Jul 29, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Jul 30, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
eriknordmark
pushed a commit
to lf-edge/eve
that referenced
this pull request
Jul 31, 2024
As we generalize the concept of NI port probing, which is currently limited to uplink & freeuplink shared labels and one port selected for all routes, into a multipath routing with probing-based port selection with user-defined shared labels, it is necessary to replace uplinkprober with a more advanced component (and preferrably avoid using "uplink" for the name). See: lf-edge/eve-api#53 This commit introduces portprober - a sucessor to uplinkprober. It will be used by zedrouter to probe port connectivity for multipath IP routes. These are routes that select multiple possible output ports using a shared label. This can be EVE-defined label, such as "uplink" matching all mgmt ports, or a user-defined label selecting a custom subset of ports. For now we will not support load-balancing and zedrouter will have to pick one output port at a time for each multipath route. This will be done by portprober. It will probe connectivity of each port (with possibly user-defined probing endpoint and probing method) and based on the results and some other criteria such as cost, wwan signal strength, etc., it will pick the best port. The probing algorithm is pretty much the same as implemented in uplinkprober, just extended to support user-defined shared labels, user-defined probing method, etc. Note that in this commit we just add the portprober package and make only minimal changes in the pillar/types package (e.g. introducing SharedLabels into DPC & DNS). In the follow-up commit(s), uplinkprober will be removed and zedrouter will be updated to support multipath routes and to use portprober instead. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 1, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 1, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 1, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 1, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 1, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 1, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 2, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 2, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eve
that referenced
this pull request
Aug 7, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
eriknordmark
pushed a commit
to lf-edge/eve
that referenced
this pull request
Aug 8, 2024
This commit implements support for Local NI with multiple ports attached. API changes with detailed description can be found here: lf-edge/eve-api#53 In summary, network instance can be now configured with "shared" port label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports. Shared labels can be also used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops). For every multipath route, zedrouter will use recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port looses connectivity. Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 16, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 16, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 16, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to milan-zededa/eden
that referenced
this pull request
Aug 21, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
milan-zededa
added a commit
to lf-edge/eden
that referenced
this pull request
Sep 2, 2024
This example demonstrates Local network instance with multiple ports and multipath static IP routes. EVE API changes were introduced and described here: lf-edge/eve-api#53 Signed-off-by: Milan Lenco <milan@zededa.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
EVE already offers adapter labels
uplinkandfreeuplinkto matcha specific group of ports to provide external connectivity for a network
instance.
We should allow users to define and assign their own adapter labels and
support the following new network instance use-cases:
select a group of ports, all of which will be bridged together under
one switch NI. EVE should then automatically run the STP protocol for
the bridge to avoid bridge loops and broadcast storms.
host (EVE) side will contain routes from all selected ports and will
be used to select output port for the given flow.
For (not only default) route we should:
a) allow the user to pick the output port(s). Can be more than one
for multipath routes.
b) periodically test port connectivity and failover between ports
when currently used one has broken connectivity
c) allow to enable cost-based port selection
d) allow to enable cellular signal strength based selection.
Applicable only among wwan ports.
a and b/c/d could be combined together to allow the user to select a
subset of NI ports for a route and then let EVE to pick one of them
based on the probing results and other selection criteria.
We should also allow to limit a port-forwarding rule to only a subset
of ports used by a local network instance. This can be done by
defining a new
ACEMatchtypeadapterwhere value is adapter labelto match.
Currently, EVE supports a variant of the second use-case for hard-coded
uplinkandfreeuplinklabels. It would make sense to unify the behaviourbetween these existing labels and the user-defined ones. This means that
we would make small change to the current implementation:
when
uplinkorfreeuplinkis selected for a local network instance,the NI routing table will have IP routes from all matching (mgmt)
ports and the default route will be selected by connectivity testing.
This is different to the present behaviour, where EVE installs only
routes of the port selected by connectivity testing into the NI routing
table. But lets say that there are 2 mgmt ports: eth0 and eth1, and
connectivity testing selected eth0. Then even if app is accessing hosts
which are directly inside the eth1 subnet, traffic will be routed via eth0,
which can be confusing. Also, user-defined static routes for eth1 are
not present in the routing table and therefore inactive when eth0 is
selected. The idea is to apply connectivity testing to only default
route selection.
Another change in behaviour is wrt. the inbound (port forwarding) rules.
Without the newly introduced
adapterlabel specified (e.g. when EVE isupgraded but config remains the same), the inbound rules will be applied
to all the ports used by a network instance. With
uplinklabels thismeans that port forwarding will be enabled on all the management ports,
not just on the one with the default route activated. However, this new
behaviour is actually more practical for the user. Accessing applications
will be possible through any of the mgmt ports, without having to know
which port is being used by the NI for the default route. After all,
NI with the
uplinklabel is configured to use whichever mgmt port isworking, meaning that the user should ensure that opening ports on any
of them is safe in their environment. It therefore makes no difference
if port forwarding rules are always activated on all the managment ports
vs. only on one of them.
Lastly, to allow cost-based port selection for routes with multiple
output ports, some of which are possibly app-shared and not enabled
for management, we should allow the controller to set cost to also
app-shared ports (this change only affects the controller, EVE API
already does not limit cost attribute to only mgmt ports).