Discussion:
[Dnsmasq-discuss] many tap devices, provide dhcp and ipv6 slaac
Vasiliy Tolstov
2016-05-27 14:02:11 UTC
Permalink
Hi. I have such setup:

ip -4 a s tap37183
148: tap37183: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb
state UNKNOWN group default qlen 500
link/ether fe:54:00:00:58:9f brd ff:ff:ff:ff:ff:ff
inet 85.143.216.1/32 scope global tap37183
valid_lft forever preferred_lft forever
inet 192.168.240.110 peer 85.143.220.84/32 scope global tap37183
valid_lft forever preferred_lft forever

85.143.216.1/32 is gw address for vm

192.168.240.110 peer 85.143.220.84/32 scope global tap37183
this is host address with vm address added as peer (/32)

What i need to add to dnsmasq conf to serve for this vm for dhcp
request with mac 25:54:00:00:58:9f address 85.143.220.84 with netmask
/24?

Thanks!
--
Vasiliy Tolstov,
e-mail: ***@yoctocloud.net
Neil Jerram
2016-05-27 14:56:53 UTC
Permalink
Hi Vasiliy,

I assume your TAP devices are _not_ bridged on the host?

If so, you can use the same approach as we use for Calico networking in
OpenStack -
http://docs.openstack.org/developer/networking-calico/implementation-notes.html#dhcp

You'll need:

- a dummy interface, with an address in the 85.143.220/24 CIDR
- to populate the dnsmasq hosts file with the IP/MAC mappings for your
VMs
- to tell dnsmasq to listen on the dummy interface and all the TAPs, and
treat the TAPs as aliases of the dummy interface (using
--bridge-interfaces).

Hope that helps - happy to provide more detail if you need.

Neil
Post by Vasiliy Tolstov
ip -4 a s tap37183
148: tap37183: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb
state UNKNOWN group default qlen 500
link/ether fe:54:00:00:58:9f brd ff:ff:ff:ff:ff:ff
inet 85.143.216.1/32 scope global tap37183
valid_lft forever preferred_lft forever
inet 192.168.240.110 peer 85.143.220.84/32 scope global tap37183
valid_lft forever preferred_lft forever
85.143.216.1/32 is gw address for vm
192.168.240.110 peer 85.143.220.84/32 scope global tap37183
this is host address with vm address added as peer (/32)
What i need to add to dnsmasq conf to serve for this vm for dhcp
request with mac 25:54:00:00:58:9f address 85.143.220.84 with netmask
/24?
Thanks!
--
Vasiliy Tolstov,
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Vasiliy Tolstov
2016-05-27 21:50:35 UTC
Permalink
Post by Neil Jerram
Hi Vasiliy,
I assume your TAP devices are _not_ bridged on the host?
If so, you can use the same approach as we use for Calico networking in
OpenStack -
http://docs.openstack.org/developer/networking-calico/implementation-notes.html#dhcp
a dummy interface, with an address in the 85.143.220/24 CIDR
to populate the dnsmasq hosts file with the IP/MAC mappings for your VMs
to tell dnsmasq to listen on the dummy interface and all the TAPs, and treat
the TAPs as aliases of the dummy interface (using --bridge-interfaces).
Hope that helps - happy to provide more detail if you need.
Neil
Thanks! Does i need on dummy interface address with corresponding
netmask or i can use /32 address that acts like gateway for vm?
I have some discussion on libvirt mailing list about plain ethernet
devices and my next plans add ability to configure dnsmasq via libvirt
for this networks.
So in case of libvirt i have running dnsmasq on virtbr0 for example
and on each vm start i need to reconfigure dnsmasq to add needed tap
device to it? Why i can't use --interface=tap* ? DOes dnsmasq monitors
network intnerfaces via netlink and automatic listen it when it added
to the host?
--
Vasiliy Tolstov,
e-mail: ***@yoctocloud.net
Neil Jerram
2016-05-30 18:48:06 UTC
Permalink
Hi Vasiliy, 

My understanding is that Dnsmasq requires each IP allocation to be associated with a Linux interface, and that the allocated IP must be contained within one of the CIDRs on that Linux interface (e.g. as shown by ifconfig <interface>). In Dnsmasq terminology, a 'DHCP context' is defined on the interface, and the IP allocation comes from the DHCP context. I believe this is true even when all the allocations are static, i.e. defined explicitly in the host file, as well as when allocations are from a dynamic range. 

Therefore --interface=tap* does not work on its own - because Linux does not allow overlapping CIDRs to be defined on multiple interfaces (in the same namespace).

(I would also be interested to hear the outcome of your libvirt discussions about unbridged Ethernet interfaces. I believe libvirt currently regards that scenario as deprecated and possibly insecure, but it is the scenario that networking-calico uses too.)

Regards, 
    Neil 


  Original Message  
From: Vasiliy Tolstov
Sent: Friday, 27 May 2016 22:50
To: Neil Jerram
Cc: dnsmasq-discuss
Subject: Re: [Dnsmasq-discuss] many tap devices, provide dhcp and ipv6 slaac
Post by Neil Jerram
Hi Vasiliy,
I assume your TAP devices are _not_ bridged on the host?
If so, you can use the same approach as we use for Calico networking in
OpenStack -
http://docs.openstack.org/developer/networking-calico/implementation-notes.html#dhcp
a dummy interface, with an address in the 85.143.220/24 CIDR
to populate the dnsmasq hosts file with the IP/MAC mappings for your VMs
to tell dnsmasq to listen on the dummy interface and all the TAPs, and treat
the TAPs as aliases of the dummy interface (using --bridge-interfaces).
Hope that helps - happy to provide more detail if you need.
Neil
Thanks! Does i need on dummy interface address with corresponding
netmask or i can use /32 address that acts like gateway for vm?
I have some discussion on libvirt mailing list about plain ethernet
devices and my next plans add ability to configure dnsmasq via libvirt
for this networks.
So in case of libvirt i have running dnsmasq on virtbr0 for example
and on each vm start i need to reconfigure dnsmasq to add needed tap
device to it? Why i can't use --interface=tap* ? DOes dnsmasq monitors
network intnerfaces via netlink and automatic listen it when it added
to the host?
--
Vasiliy Tolstov,
e-mail: ***@yoctocloud.net
Neil Jerram
2016-06-01 12:21:37 UTC
Permalink
Hmm, one correction here - I just discovered that it is not true that
"Linux does not allow overlapping CIDRs to be defined on multiple
interfaces (in the same namespace)".

So perhaps --interface=tap* on its own could work after all...

Neil
Post by Neil Jerram
Hi Vasiliy,
My understanding is that Dnsmasq requires each IP allocation to be
associated with a Linux interface, and that the allocated IP must be
contained within one of the CIDRs on that Linux interface (e.g. as shown by
ifconfig <interface>). In Dnsmasq terminology, a 'DHCP context' is defined
on the interface, and the IP allocation comes from the DHCP context. I
believe this is true even when all the allocations are static, i.e. defined
explicitly in the host file, as well as when allocations are from a dynamic
range.
Therefore --interface=tap* does not work on its own - because Linux does
not allow overlapping CIDRs to be defined on multiple interfaces (in the
same namespace).
‎
(I would also be interested to hear the outcome of your libvirt
discussions about unbridged Ethernet interfaces. I believe libvirt
currently regards that scenario as deprecated and possibly insecure, but it
is the scenario that networking-calico uses too.)
‎
Regards,
Neil
Original Message
From: Vasiliy Tolstov
Sent: Friday, 27 May 2016 22:50
To: Neil Jerram
Cc: dnsmasq-discuss
Subject: Re: [Dnsmasq-discuss] many tap devices, provide dhcp and ipv6 slaac
Post by Neil Jerram
Hi Vasiliy,
I assume your TAP devices are _not_ bridged on the host?
If so, you can use the same approach as we use for Calico networking in
OpenStack -
http://docs.openstack.org/developer/networking-calico/implementation-notes.html#dhcp
Post by Neil Jerram
a dummy interface, with an address in the 85.143.220/24 CIDR
to populate the dnsmasq hosts file with the IP/MAC mappings for your VMs
to tell dnsmasq to listen on the dummy interface and all the TAPs, and
treat
Post by Neil Jerram
the TAPs as aliases of the dummy interface (using --bridge-interfaces).
Hope that helps - happy to provide more detail if you need.
Neil
Thanks! Does i need on dummy interface address with corresponding
netmask or i can use /32 address that acts like gateway for vm?
I have some discussion on libvirt mailing list about plain ethernet
devices and my next plans add ability to configure dnsmasq via libvirt
for this networks.
So in case of libvirt i have running dnsmasq on virtbr0 for example
and on each vm start i need to reconfigure dnsmasq to add needed tap
device to it? Why i can't use --interface=tap* ? DOes dnsmasq monitors
network intnerfaces via netlink and automatic listen it when it added
to the host?
--
Vasiliy Tolstov,
Loading...