libvirt users - Apr 2019 - Re: Network hooks for ethernet interfaces

On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com>
wrote:
>
> On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
> > On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik
<mprivozn@redhat.com> wrote:
> >>
> >> On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
> >>> Hi all,
> >>>
> >>> I have a hook script, /etc/libvirt/hooks/network, that
doesn't seem to
> >>> be called when I attach an interface with type
'ethernet' with this
> >>> xml snippet:
> >>>
> >>> <interface type='ethernet'>
> >>>       <model type="virtio"/>
> >>>       <source>
> >>>           <ip address="10.100.0.1"
prefix="24" peer="10.100.0.10"/>
> >>>       </source>
> >>> </interface>
> >>>
> >>> https://www.libvirt.org/hooks.html#intro says
> >>> "A network is started or stopped or an interface is
plugged/unplugged
> >>> to/from the network (since 1.2.2)".
> >>>
> >>> While I don't have a network defined in xml, I'd
expect this to work
> >>> just as well for 'ethernet' type interfaces. Am I
wrong?
> >>
> >>
> >> Hotplugging an 'ethernet' type of interface doesn't
really relate to any
> >> libvirt network. Hence libvirt doesn't call 'network'
hook script. If
> >> you'd continue reading you'll see what is the
'network' hook fed with
> >> (on stdin): info on domain in question AND network where the event
> >> ocurred. But there is no network, is it?
> >
> > No not in the libvirt sense there isn't, you're right.
> >>
> >> But maybe you can work around this by waiting for
> >> DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're
trying to solve?
> >
> > I'd like to enable proxy_arp on the interface among other things.
> > I can easily do this from the same script that adds the interface
> > though, so I have a workaround, but a hook that triggers on all
> > interface events felt cleaner.
>
> Also keep in mind that the hook scripts aren't an officially supported
> part of the API, and are thus liable to change without warning. As an
> example, danpb has proposed changing the network hook:
>
>   https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
>
> Once this goes in, any network hook script that uses the plugged and
> unplugged hooks will no longer work; you would instead need to use the
> port-created and port-deleted hooks.
That's good to know, thank you Laine.

In that case perhaps adding this functionality to libvirt itself would
make more sense?

Some background, I'm implementing
https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so
announcing /32 host routes to our vms with BGP.
Our existing vms use /24 network addressing, and to keep that working,
I need to set proxy_arp on the interface.

Kind regards,

Ruben

ср, 10 апр. 2019 г. в 19:46, Ruben Kerkhof
<ruben@rubenkerkhof.com>:
>
> On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com> wrote:
> >
> > On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
> > > On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik
<mprivozn@redhat.com> wrote:
> > >>
> > >> On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
> > >>> Hi all,
> > >>>
> > >>> I have a hook script, /etc/libvirt/hooks/network, that
doesn't seem to
> > >>> be called when I attach an interface with type
'ethernet' with this
> > >>> xml snippet:
> > >>>
> > >>> <interface type='ethernet'>
> > >>>       <model type="virtio"/>
> > >>>       <source>
> > >>>           <ip address="10.100.0.1"
prefix="24" peer="10.100.0.10"/>
> > >>>       </source>
> > >>> </interface>
> > >>>
> > >>> https://www.libvirt.org/hooks.html#intro says
> > >>> "A network is started or stopped or an interface is
plugged/unplugged
> > >>> to/from the network (since 1.2.2)".
> > >>>
> > >>> While I don't have a network defined in xml, I'd
expect this to work
> > >>> just as well for 'ethernet' type interfaces. Am I
wrong?
> > >>
> > >>
> > >> Hotplugging an 'ethernet' type of interface
doesn't really relate to any
> > >> libvirt network. Hence libvirt doesn't call
'network' hook script. If
> > >> you'd continue reading you'll see what is the
'network' hook fed with
> > >> (on stdin): info on domain in question AND network where the
event
> > >> ocurred. But there is no network, is it?
> > >
> > > No not in the libvirt sense there isn't, you're right.
> > >>
> > >> But maybe you can work around this by waiting for
> > >> DEVICE_ADDED/DEVICE_REMOVED events? What is it that
you're trying to solve?
> > >
> > > I'd like to enable proxy_arp on the interface among other
things.
> > > I can easily do this from the same script that adds the interface
> > > though, so I have a workaround, but a hook that triggers on all
> > > interface events felt cleaner.
> >
> > Also keep in mind that the hook scripts aren't an officially
supported
> > part of the API, and are thus liable to change without warning. As an
> > example, danpb has proposed changing the network hook:
> >
> >   https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
> >
> > Once this goes in, any network hook script that uses the plugged and
> > unplugged hooks will no longer work; you would instead need to use the
> > port-created and port-deleted hooks.
>
> That's good to know, thank you Laine.
>
> In that case perhaps adding this functionality to libvirt itself would
> make more sense?
>
> Some background, I'm implementing
> https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so
> announcing /32 host routes to our vms with BGP.
> Our existing vms use /24 network addressing, and to keep that working,
> I need to set proxy_arp on the interface.
>
I done something like this in some Russian Cloud hosting provider, but
we use OSPF to redistribute routes in DC, and sync their via bgp
between dc.
I don't recommend hooks, write small netlink based program that
listens events about interface up, check it names and set proxy arp
for it.
This is not blocking and easy to modify/test/write. Or set proxy_arp
globally (but this is not recommended)

-- 
Vasiliy Tolstov,
e-mail: v.tolstov@selfip.ru

On Thu, Apr 11, 2019 at 10:43 PM Vasiliy Tolstov <v.tolstov@selfip.ru>
wrote:

Hi Vasiliy,
>
> ср, 10 апр. 2019 г. в 19:46, Ruben Kerkhof <ruben@rubenkerkhof.com>:
> >
> > On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com>
wrote:
> > >
> > > On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
> > > > On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik
<mprivozn@redhat.com> wrote:
> > > >>
> > > >> On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
> > > >>> Hi all,
> > > >>>
> > > >>> I have a hook script, /etc/libvirt/hooks/network,
that doesn't seem to
> > > >>> be called when I attach an interface with type
'ethernet' with this
> > > >>> xml snippet:
> > > >>>
> > > >>> <interface type='ethernet'>
> > > >>>       <model type="virtio"/>
> > > >>>       <source>
> > > >>>           <ip address="10.100.0.1"
prefix="24" peer="10.100.0.10"/>
> > > >>>       </source>
> > > >>> </interface>
> > > >>>
> > > >>> https://www.libvirt.org/hooks.html#intro says
> > > >>> "A network is started or stopped or an
interface is plugged/unplugged
> > > >>> to/from the network (since 1.2.2)".
> > > >>>
> > > >>> While I don't have a network defined in xml,
I'd expect this to work
> > > >>> just as well for 'ethernet' type interfaces.
Am I wrong?
> > > >>
> > > >>
> > > >> Hotplugging an 'ethernet' type of interface
doesn't really relate to any
> > > >> libvirt network. Hence libvirt doesn't call
'network' hook script. If
> > > >> you'd continue reading you'll see what is the
'network' hook fed with
> > > >> (on stdin): info on domain in question AND network where
the event
> > > >> ocurred. But there is no network, is it?
> > > >
> > > > No not in the libvirt sense there isn't, you're
right.
> > > >>
> > > >> But maybe you can work around this by waiting for
> > > >> DEVICE_ADDED/DEVICE_REMOVED events? What is it that
you're trying to solve?
> > > >
> > > > I'd like to enable proxy_arp on the interface among
other things.
> > > > I can easily do this from the same script that adds the
interface
> > > > though, so I have a workaround, but a hook that triggers on
all
> > > > interface events felt cleaner.
> > >
> > > Also keep in mind that the hook scripts aren't an officially
supported
> > > part of the API, and are thus liable to change without warning.
As an
> > > example, danpb has proposed changing the network hook:
> > >
> > >  
https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
> > >
> > > Once this goes in, any network hook script that uses the plugged
and
> > > unplugged hooks will no longer work; you would instead need to
use the
> > > port-created and port-deleted hooks.
> >
> > That's good to know, thank you Laine.
> >
> > In that case perhaps adding this functionality to libvirt itself would
> > make more sense?
> >
> > Some background, I'm implementing
> > https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so
> > announcing /32 host routes to our vms with BGP.
> > Our existing vms use /24 network addressing, and to keep that working,
> > I need to set proxy_arp on the interface.
> >
> I done something like this in some Russian Cloud hosting provider, but
> we use OSPF to redistribute routes in DC, and sync their via bgp
> between dc.
Thanks, it's good to know that more people do this and I'm on the right
path :)
> I don't recommend hooks, write small netlink based program that
> listens events about interface up, check it names and set proxy arp
> for it.
> This is not blocking and easy to modify/test/write. Or set proxy_arp
> globally (but this is not recommended)
That's a good tip, thanks.
I do want to set proxy_arp before the interface is admin up and
passing traffic, is that possible with netlink?

Writing an udev rule might work as well now that I think of it.

But seeing that multiple people have implemented this in their own
way, wouldn't it make more sense to add support for this to libvirt?
Something like <interface type='ethernet' proxy_arp='on'
/>
>
> --
> Vasiliy Tolstov,
> e-mail: v.tolstov@selfip.ru
Kind regards,

Ruben