[OpenWrt-Devel] [PATCH 3/3] vxlan: add capability for multiple fdb entries
Matthias Schiffer
mschiffer at universe-factory.net
Sat Jul 18 11:33:51 EDT 2020
On 6/8/20 4:14 PM, Johannes Kimmel wrote:
> Similar to wireguard, vxlan can configure multiple peers or add specific
> entries to the fdb for a single mac address.
>
> While you can still use peeraddr/peer6addr option within the proto
> vxlan/vxlan6 section to not break existing configurations, this patch
> allows to add multiple sections that conigure fdb entries via the bridge
> command. As such, the bridge command is now a dependency of the vxlan
> package. (To be honest without the bridge command available, vxlan isn't
> very much fun to use or debug at all)
I have added two comments below; apart from this, the patch is looking good.
>
> Field names are taken direclty from the bridge command.
>
> Example with all supported parameters, since this hasn't been documented so
> far:
>
> config interface 'vx0'
> option proto 'vxlan6' # use vxlan over ipv6
>
> # main options
> option ip6addr '2001:db8::1' # listen address
> option tunlink 'wan6' # optional if listen address given
> option peer6addr '2001:db8::2' # now optional
> option port '8472' # this is the standard port under linux
> option vid '42' # VXLAN Network Identifier to use
> option mtu '1430' # vxlan6 has 70 bytes overhead
>
> # extra options
> option rxcsum '0' # allow receiving packets without checksum
> option txcsum '0' # send packets without checksum
> option ttl '16' # specifies the TTL value for outgoing packets
> option tos '0' # specifies the TOS value for outgoing packets
> option macaddr '11:22:33:44:55:66' # optional, manually specify mac
> # default is a random address
>
> Single peer with head-end replication. Corresponds to the following call
> to bridge:
>
> $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3
>
> config vxlan_vx0
We usually keep the UCI section name a constant string, and `vxlan_*` is
not very descriptive.
Let's call this 'vxlan_peer' or 'vxlan_dst'. The reference to the interface
should be specified as a separate option, for example:
option vxlan 'vx0'
> option dst '2001:db8::3' # always required
>
> It's possible to specify a multicast address as destination. Useful when
> multicast routing is available or within one lan segment:
>
> config vxlan_vx0
> option dst 'ff02::1337' # multicast group to join.
> # all bum traffic will be send there
> option via 'eth1' # for multicast, an outgoing interface needs
> # to be specified
>
> All available peer options for completeness:
>
> config vxlan_vx0
> option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac,
> option dst '2001:db8::4' # connected to this peer
> option via 'eth0.1' # use this interface only
> option port '4789' # use different port for this peer
> option vni '23' # override vni for this peer
> option src_vni '123' # see man 3 bridge
>
> Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>> ---
> package/network/config/vxlan/Makefile | 2 +-
> package/network/config/vxlan/files/vxlan.sh | 36 ++++++++++++++++++++-
> 2 files changed, 36 insertions(+), 2 deletions(-)
>
> diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
> index 5850c44..46970d9 100644
> --- a/package/network/config/vxlan/Makefile
> +++ b/package/network/config/vxlan/Makefile
> @@ -11,7 +11,7 @@ define Package/vxlan
> CATEGORY:=Network
> MAINTAINER:=Matthias Schiffer <mschiffer at universe-factory.net>
> TITLE:=Virtual eXtensible LAN config support
> - DEPENDS:=+kmod-vxlan
> + DEPENDS:=+kmod-vxlan +ip-bridge
I'd like to avoid making this dependency mandatory, as we're using the
vxlan package in Gluon on devices with small flash.
Let's just call proto_notify_error from proto_vxlan_setup_peer when
`bridge` is not available.
> PKGARCH:=all
> endef
>
> diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
> index bdcaa62..319d95c 100755
> --- a/package/network/config/vxlan/files/vxlan.sh
> +++ b/package/network/config/vxlan/files/vxlan.sh
> @@ -7,6 +7,38 @@
> init_proto "$@"
> }
>
> +proto_vxlan_setup_peer() {
> + local peer_config="$1"
> +
> + local lladdr
> + local dst
> + local src_vni
> + local vni
> + local port
> + local via
> +
> + config_get lladdr "${peer_config}" "lladdr"
> + config_get dst "${peer_config}" "dst"
> + config_get src_vni "${peer_config}" "src_vni"
> + config_get vni "${peer_config}" "vni"
> + config_get port "${peer_config}" "port"
> + config_get via "${peer_config}" "via"
> +
> + [ -z "${dst}" ] && {
> + proto_notify_error "$cfg" "MISSING_PEER_ADDRESS"
> + exit
> + }
> +
> + bridge fdb append \
> + ${lladdr:-00:00:00:00:00:00} \
> + dev ${cfg} \
> + ${dst:+dst $dst} \
> + ${src_vni:+src_vni $src_vni} \
> + ${vni:+vni $vni} \
> + ${port:+port $port} \
> + ${via:+via $via}
> +}
> +
> vxlan_generic_setup() {
> local cfg="$1"
> local mode="$2"
> @@ -18,7 +50,6 @@ vxlan_generic_setup() {
> local port vid ttl tos mtu macaddr zone rxcsum txcsum
> json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
>
> -
> proto_init_update "$link" 1
>
> proto_add_tunnel
> @@ -47,6 +78,9 @@ vxlan_generic_setup() {
> proto_close_data
>
> proto_send_update "$cfg"
> +
> + config_load network
> + config_foreach proto_vxlan_setup_peer "vxlan_${cfg}"
> }
>
> proto_vxlan_setup() {
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200718/e4024953/attachment.sig>
More information about the openwrt-devel
mailing list