Merge pull request #89 from BarbarossaTM/feature/vxlan

Add support for VXLAN interface
This commit is contained in:
Maximilian Wilhelm 2020-10-02 22:36:22 +02:00 committed by GitHub
commit 68e08cae7e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 251 additions and 2 deletions

100
doc/interfaces-vxlan.scd Normal file
View file

@ -0,0 +1,100 @@
interfaces-vxlan(5)
# NAME
*interfaces-vxlan* - VXLAN extensions for the interfaces(5) file format
# DESCRIPTION
Virtual eXtensible LAN (VXLAN) is an overlay network to carry Layer 2 over
an IP network while accommodating a very large number of tenants. It is
defined in RFC7348.
Be aware that VXLAN encapsulation adds 50 bytes of overhead to the IP packet
header (inner Ethernet header + VXLAN + UDP + IP). This should be taken into
consideration when setting up overlay networks, particularly on underlay
networks with a conventional 1500 byte MTU.
The following options set up VXLAN Tunnel EndPoints (VTEP) interfaces with
ifupdown-ng.
See https://www.kernel.org/doc/Documentation/networking/vxlan.rst and
https://vincent.bernat.ch/en/blog/2017-vxlan-linux for more information.
# VXLAN-RELATED OPTIONS
A VXLAN Virtual Tunnel Endpoint (VTEP) interface must an ID set. All
other options are optional.
*vxlan-id* _VNI ID_
Denotes the VXLAN Network Identifier (VNI) ID for this interface.
This parameter is required for VTEP interfaces.
*vxlan-physdev* _interface_
Specifies the physical ("underlay") device to use for tunnel
endpoint communication.
*vxlan-local-ip* _address_
Specifies the source IP address to use in outgoing packets.
For compatiblity with ifupdown2 _vxlan-local-tunnelip_ is an
alias for this parameter.
*vxlan-remote-ip* _address_
Specifies the unicast destination IP address to use in outgoing
packets when the destination link layer address is not known in
the VXLAN device forwarding database. This parameter cannot be
specified with the _vxlan-remote-group_ parameter.
For compatiblity with ifupdown2 _vxlan-remoteip_ is an alias for
this parameter.
*vxlan-remote-group* _multicast group_
Specifies the multicast group IP address to join. This parameter
cannot be specified with the _vxlan-remote-ip_ parameter.
For compatibility with ifupdown2 _vxlan-svcnodeip_ is an alias for
this parameter.
*vxlan-learning* _on/off_
Specifies if unknown source link layer addresses and IP addresses
are entered into the VXLAN device forwarding database.
*vxlan-ageing* _seconds_
Specifies the lifetime in seconds of FDB entries learnt by the kernel.
*vxlan-dstport* _port_
Specifies the UDP destination port of the remote VXLAN tunnel endpoint.
The default is 4789.
# EXAMPLES
A VTEP with multiple peers addressed via a multicast group:
...
auto vx_v1001_padcty
iface vx_v1001_padcty
vxlan-id 655617
vxlan-physdev vlan1001
vxlan-remote-group 225.10.1.1
#
hwaddress f2:00:c1:01:10:01
mtu 1560
...
Note that the underlay must have an MTU of at least 1610 to
carry the encapsulated packets.
A VTEP with one peer (point-to-point configuration):
...
auto vx_ptp1
iface vx_ptp1
vxlan-id 2342
vxlan-local-ip 192.0.2.42
vxlan-remote-ip 198.51.100.23
#
hwaddress f2:00:c1:01:10:01
...
# AUTHORS
Maximilian Wilhelm <max@sdn.clinic>

View file

@ -110,8 +110,8 @@ the system will only respond to certain keywords by default:
*post-up* _command_
Runs _command_ after bringing the interface up.
Additional packages such as *bonding*, *bridge*, *tunnel* and
*vrf* add additional keywords to this vocabulary.
Additional packages such as *bonding*, *bridge*, *tunnel*, *vrf* and
*vxlan* add additional keywords to this vocabulary.
# OPTIONS
@ -144,6 +144,10 @@ most common options are:
The interface is a VRF. Configuration of VRFs requires
the *vrf* package to be installed.
*vxlan*
The interface is a Virtual Extensible LAN (VXLAN) tunnel
endpoint.
# EXAMPLES
Configure a bridge interface *br0* with *bond0* attached to it,
@ -174,6 +178,10 @@ iface eth0
use dhcp
```
# SEE ALSO
*interfaces-vxlan*(5)
# AUTHORS
Ariadne Conill <ariadne@dereferenced.org>

82
executor-scripts/linux/vxlan Executable file
View file

@ -0,0 +1,82 @@
#!/bin/sh
#
# This executor is responsible for setting up the Virtual Extensible LAN (VXLAN) overlay interfaces.
#
# Fri, 02 Oct 2020 01:10:29 +0200
# -- Maximilian Wilhelm <max@sdn.clinic>
#
# Known options for the main interface are:
#
# IF_VXLAN_ID The VXLAN Network Identifier (VNI)
# IF_VXLAN_PHYSDEV Specifies the physical device to use for tunnel endpoint communication
# IF_VXLAN_LOCAL_IP Specifies the source IP address to use in outgoing packets
# IF_VXLAN_REMOTE_IP IP of the remote VTEP endpoint (for ptp mode)
# IF_VXLAN_REMOTE_GROUP Multicast group to use for this VNI (for ptmp mode)
# IF_VXLAN_LEARNING Wether to activate MAC learning on this instance (on/off)
# IF_VXLAN_AGEING Specifies the lifetime in seconds of FDB entries learnt by the kernel
# IF_VXLAN_DSTPORT UDP destination port to communicate to the remote VXLAN tunnel endpoint (default 4789)
#
set -e
[ -n "$VERBOSE" ] && set -x
# No VNI, nuthin' to do for us
if [ ! "${IF_VXLAN_ID}" ]; then
exit 0
fi
case "$PHASE" in
depend)
if [ "${IF_VXLAN_PHYSDEV}" ]; then
echo "${IF_VXLAN_PHYSDEV}"
fi
;;
create)
if [ -d "/sys/class/net/${IFACE}" ]; then
exit 0
fi
# Input validation
if [ "${IF_VXLAN_REMOTE_IP}" -a "${IF_VXLAN_REMOTE_GROUP}" ]; then
echo "Error on ${IFACE} (vxlan): Only one of 'remote' and 'group' can be given!" >&2
exit 1
fi
# Gather arguments
ARGS=""
[ "${IF_VXLAN_PHYSDEV}" ] && ARGS="${ARGS} dev ${IF_VXLAN_PHYSDEV}"
[ "${IF_VXLAN_LOCAL_IP}" ] && ARGS="${ARGS} local ${IF_VXLAN_LOCAL_IP}"
[ "${IF_VXLAN_REMOTE_IP}" ] && ARGS="${ARGS} remote ${IF_VXLAN_REMOTE_IP}"
[ "${IF_VXLAN_REMOTE_GROUP}" ] && ARGS="${ARGS} group ${IF_VXLAN_REMOTE_GROUP}"
[ "${IF_VXLAN_AGEING}" ] && ARGS="${ARGS} ageing ${IF_VXLAN_AGEING}"
# Linux uses non-standard default port - WTF?
if [ "${IF_VXLAN_DSTPORT}" ]; then
ARGS="${ARGS} dstport ${IF_VXLAN_DSTPORT}"
else
ARGS="${ARGS} dstport 4789"
fi
case "${IF_VXLAN_LEARNING}" in
on|yes)
ARGS="${ARGS} learning"
;;
off|no)
ARGS="${ARGS} nolearning"
;;
esac
${MOCK} ip link add "${IFACE}" type vxlan id "${IF_VXLAN_ID}" ${ARGS}
;;
destroy)
if [ -z "${MOCK}" -a ! -d "/sys/class/net/${IFACE}" ]; then
exit 0
fi
${MOCK} ip link del "${IFACE}"
;;
esac

View file

@ -88,6 +88,9 @@ static const struct remap_token tokens[] = {
{"tx-offload", "ethtool-offload-tx"}, /* ifupdown2 */
{"ufo-offload", "ethtool-offload-ufo"}, /* ifupdown2 */
{"vrf", "vrf-member"}, /* ifupdown2 */
{"vxlan-local-tunnelip", "vxlan-local-ip"}, /* ifupdown2 */
{"vxlan-remoteip", "vxlan-remote-ip"}, /* ifupdown2 */
{"vxlan-svcnodeip", "vxlan-remote-group"}, /* ifupdown2 */
};
static int

View file

@ -12,3 +12,4 @@ atf_test_program{name='tunnel_test'}
atf_test_program{name='gre_test'}
atf_test_program{name='wireguard_test'}
atf_test_program{name='ethtool_test'}
atf_test_program{name='vxlan_test'}

55
tests/linux/vxlan_test Executable file
View file

@ -0,0 +1,55 @@
#!/usr/bin/env atf-sh
. $(atf_get_srcdir)/../test_env.sh
EXECUTOR="$(atf_get_srcdir)/../../executor-scripts/linux/vxlan"
tests_init \
create_simple \
create_ucast \
create_mcast \
create_physdev \
create_dstport \
create_nolearning \
destroy \
create_simple_body() {
export IFACE=vx_foo PHASE=create MOCK=echo IF_VXLAN_ID=2342
atf_check -s exit:0 -o match:'ip link add vx_foo type vxlan id 2342 dstport 4789' \
${EXECUTOR}
}
create_ucast_body() {
export IFACE=vx_foo PHASE=create MOCK=echo IF_VXLAN_ID=2342 IF_VXLAN_REMOTE_IP=192.2.0.42
atf_check -s exit:0 -o match:'ip link add vx_foo type vxlan id 2342 remote 192.2.0.42' \
${EXECUTOR}
}
create_mcast_body() {
export IFACE=vx_foo PHASE=create MOCK=echo IF_VXLAN_ID=2342 IF_VXLAN_REMOTE_GROUP=225.0.8.15
atf_check -s exit:0 -o match:'ip link add vx_foo type vxlan id 2342 group 225.0.8.15' \
${EXECUTOR}
}
create_physdev_body() {
export IFACE=vx_foo PHASE=create MOCK=echo IF_VXLAN_ID=2342 IF_VXLAN_PHYSDEV=eth0
atf_check -s exit:0 -o match:'ip link add vx_foo type vxlan id 2342 dev eth0' \
${EXECUTOR}
}
create_dstport_body() {
export IFACE=vx_foo PHASE=create MOCK=echo IF_VXLAN_ID=2342 IF_VXLAN_DSTPORT=1234
atf_check -s exit:0 -o match:'ip link add vx_foo type vxlan id 2342 dstport 1234' \
${EXECUTOR}
}
create_nolearning_body() {
export IFACE=vx_foo PHASE=create MOCK=echo IF_VXLAN_ID=2342 IF_VXLAN_LEARNING=no
atf_check -s exit:0 -o match:'ip link add vx_foo type vxlan id 2342 dstport 4789 nolearning' \
${EXECUTOR}
}
destroy_body() {
export IFACE=vx_foo PHASE=destroy MOCK=echo IF_VXLAN_ID=2342
atf_check -s exit:0 -o match:'ip link del vx_foo' \
${EXECUTOR}
}