Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dualstack Network Support #549

Open
wants to merge 49 commits into
base: master
Choose a base branch
from
Open

Dualstack Network Support #549

wants to merge 49 commits into from
+1,449 −325

Conversation

majst01
Copy link
Contributor

@majst01 majst01 commented Jul 17, 2024
edited
Loading

Closes #164

Actions Required

The ChildPrefixLength property was removed from the Partition Entity. Every TenantSupernetwork must now be configured with ChildPrefixLength accordingly.
This is done during startup in the database migration step and set to the same value as in the `Partition`.

It is required to add a defaultchildprefixlength property to the tenant super network in you configuration because otherwise the initial network creation will fail:
Sample:
  defaultchildprefixlength:
    IPv4: 22

Also ensure that all firewall-controllers are up-to-date in all firewalls before adding ipv6 prefixes to any of the exiting networks.

Depends on:

replaces #544

TODO:

  • add possibility to create machines in different networks like internet and tenant-network, but only from tenant-network IPs from both AF are acquired, but only ipv4 is possible from internet even if dualstack

@majst01 majst01 force-pushed the dualstack-support branch 4 times, most recently from 5919c8f to 0c53831 Compare July 23, 2024 07:47
@majst01 majst01 force-pushed the dualstack-support branch from 0c53831 to 2389965 Compare July 23, 2024 11:48
@Gerrit91 Gerrit91 mentioned this pull request Jul 23, 2024
Draft
8 tasks
@majst01 majst01 force-pushed the dualstack-support branch 7 times, most recently from d49d2c0 to b65c835 Compare July 25, 2024 09:50
@majst01 majst01 force-pushed the dualstack-support branch 3 times, most recently from 23a3d1e to 89096c0 Compare August 2, 2024 12:40
@majst01 majst01 mentioned this pull request Aug 2, 2024
Merged
@majst01 majst01 force-pushed the dualstack-support branch 2 times, most recently from a3571a2 to d9667d3 Compare August 5, 2024 07:13
majst01
majst01 commented Jan 9, 2025
View reviewed changes
cmd/metal-api/internal/service/v1/network.go
Vrf *uint `json:"vrf" description:"the vrf this network is associated with" optional:"true"`
VrfShared *bool `json:"vrfshared" description:"if set to true, given vrf can be used by multiple networks, which is sometimes useful for network partitioning (default: false)" optional:"true"`
ParentNetworkID *string `json:"parentnetworkid" description:"the id of the parent network" optional:"true"`
AddressFamilies metal.AddressFamilies `json:"addressfamilies" description:"the addressfamilies in this network, either IPv4 or IPv6 or both"`
Copy link
Contributor Author

@majst01 majst01 Jan 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better introduce a map from AF:Struct which contains defaultchildprefixlenght and usage, deprecate usage.

type FamilyInfo struct {
   defaultchildprefixlength uint8
   usage metal.NetworkUsage
} 

type FamilyInfos map[AddressFamily]FamilyInfo

@majst01
Copy link
Contributor Author

majst01 commented Jan 9, 2025 


⌁60% 1d [stefan:~/dev/github.com/metal-stack/mini-lab]└2 <⎈kind-metal-control-plane> master(+36/-5) 1 ± m network ip create --network 5a84db02-265a-4f79-ae42-bbb77bebf4cd  --project 00000000-0000-0000-0000-0000000
00000                                                                                                                                                                                                                
Error: [POST /v1/ip/allocate][500] allocateIP default "{\"statuscode\":500,\"message\":\"Internal cannot allocate free ip in ipam, no ips left\"}"

Check for available AFs is missing here

@majst01
Copy link
Contributor Author

majst01 commented Jan 10, 2025

Also for invalid CIDRs in firewall rules we actually return:

Error: [POST /v1/firewall/allocate][400] allocateFirewall default "{\"statuscode\":400,\"message\":\"invalid cidr: netip.ParsePrefix(\\\"2001:db8::1\\\"): no '/'\"}"

@majst01
Copy link
Contributor Author

majst01 commented Jan 10, 2025

Firewall installation fails with ingress rules with to and from specified

panic: exit status 1: /etc/metal/networker/nftrules_673841649:36:20-35: Error: Could not resolve hostname: Address family for hostname not supported
                ip daddr { 2001:db8:0:113::/64 } ip6 saddr 2001:db8::1/128 tcp dport { 22 } counter accept comment "allow incoming ssh"
                           ^^^^^^^^^^^^^^^^


goroutine 1 [running]:
github.com/metal-stack/metal-networker/pkg/netconf.mustApply({0xb16780, 0xc0003a6ba0}, {0xc0003bc000, 0x1742}, {0xc00037a720, 0x27}, {0xa1baca, 0x13}, 0x1)
        github.com/metal-stack/metal-networker@v0.45.2/pkg/netconf/configurator.go:282 +0x27f
github.com/metal-stack/metal-networker/pkg/netconf.applyAndCleanUp(0xc0002833c0, {0xb16780, 0xc0003a6ba0}, {0xa17f90, 0xc}, {0xc00037a720, 0x27}, {0xa1baca, 0x13}, 0x180, ...)
        github.com/metal-stack/metal-networker@v0.45.2/pkg/netconf/configurator.go:256 +0x1e9
github.com/metal-stack/metal-networker/pkg/netconf.firewallConfigurator.ConfigureNftables({{{{0xc0002632b8, 0x2}, {0xc000010fa8, 0x3, 0x3}, {0xc000026c90, 0x24}, {0xc000144300, 0x2dd}, {0xc000263770, ...}, ...}, ...}, ...}, ...)
        github.com/metal-stack/metal-networker@v0.45.2/pkg/netconf/configurator.go:162 +0x125
github.com/metal-stack/metal-networker/pkg/netconf.firewallConfigurator.Configure({{{{0xc0002632b8, 0x2}, {0xc000010fa8, 0x3, 0x3}, {0xc000026c90, 0x24}, {0xc000144300, 0x2dd}, {0xc000263770, ...}, ...}, ...}, ...}, ...)
        github.com/metal-stack/metal-networker@v0.45.2/pkg/netconf/configurator.go:108 +0xc8
main.(*installer).configureNetwork(0xc00022fe18)
        github.com/metal-stack/metal-images/cmd/install.go:415 +0x1ee
main.(*installer).do(0xc00022fe18)
        github.com/metal-stack/metal-images/cmd/install.go:84 +0x2d6
main.main()
        github.com/metal-stack/metal-images/cmd/main.go:45 +0x4ab

rules:

  - comment: allow incoming ssh
    ports:
      - 22
    protocol: TCP
    from:
      - 2001:db8::1/128
    to:
      - 2001:db8:0:113::/64

@majst01
Copy link
Contributor Author

majst01 commented Jan 10, 2025 


⌁60% 1d [stefan:~/dev/github.com/metal-stack/mini-lab]└2 <⎈kind-metal-control-plane> master(+36/-5) 1 ± m network ip create --network 5a84db02-265a-4f79-ae42-bbb77bebf4cd  --project 00000000-0000-0000-0000-0000000
00000                                                                                                                                                                                                                
Error: [POST /v1/ip/allocate][500] allocateIP default "{\"statuscode\":500,\"message\":\"Internal cannot allocate free ip in ipam, no ips left\"}"

Check for available AFs is missing here

Done

@majst01
Copy link
Contributor Author

majst01 commented Jan 10, 2025

"2001:db8::1

Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gerrit91 Gerrit91 Awaiting requested review from Gerrit91 Gerrit91 is a code owner automatically assigned from metal-stack/metal-api-maintainers

@iljarotar iljarotar Awaiting requested review from iljarotar

@mwennrich mwennrich Awaiting requested review from mwennrich

@mreiger mreiger Awaiting requested review from mreiger

At least 1 approving review is required to merge this pull request.

Assignees

@majst01 majst01

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

☂️-Issue IPv6 Support
1 participant
@majst01