[libvirt-users] Network hooks for ethernet interfaces
Hi all, I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet: <interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface> https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)". While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong? Kind regards, Ruben Kerkhof
On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
Hi all,
I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet:
<interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface>
https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)".
While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook script. If you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it? But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve? Michal
On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
Hi all,
I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet:
<interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface>
https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)".
While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook script. If you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it?
No not in the libvirt sense there isn't, you're right.
But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve?
I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner.
Michal
Kind regards, Ruben
On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
Hi all,
I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet:
<interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface>
https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)".
While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook script. If you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it?
No not in the libvirt sense there isn't, you're right.
But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve?
I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner.
Also keep in mind that the hook scripts aren't an officially supported part of the API, and are thus liable to change without warning. As an example, danpb has proposed changing the network hook: https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html Once this goes in, any network hook script that uses the plugged and unplugged hooks will no longer work; you would instead need to use the port-created and port-deleted hooks.
On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com> wrote:
On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
Hi all,
I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet:
<interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface>
https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)".
While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook script. If you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it?
No not in the libvirt sense there isn't, you're right.
But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve?
I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner.
Also keep in mind that the hook scripts aren't an officially supported part of the API, and are thus liable to change without warning. As an example, danpb has proposed changing the network hook:
https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
Once this goes in, any network hook script that uses the plugged and unplugged hooks will no longer work; you would instead need to use the port-created and port-deleted hooks.
That's good to know, thank you Laine. In that case perhaps adding this functionality to libvirt itself would make more sense? Some background, I'm implementing https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so announcing /32 host routes to our vms with BGP. Our existing vms use /24 network addressing, and to keep that working, I need to set proxy_arp on the interface. Kind regards, Ruben
ср, 10 апр. 2019 г. в 19:46, Ruben Kerkhof <ruben@rubenkerkhof.com>:
On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com> wrote:
On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
Hi all,
I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet:
<interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface>
https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)".
While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook script. If you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it?
No not in the libvirt sense there isn't, you're right.
But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve?
I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner.
Also keep in mind that the hook scripts aren't an officially supported part of the API, and are thus liable to change without warning. As an example, danpb has proposed changing the network hook:
https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
Once this goes in, any network hook script that uses the plugged and unplugged hooks will no longer work; you would instead need to use the port-created and port-deleted hooks.
That's good to know, thank you Laine.
In that case perhaps adding this functionality to libvirt itself would make more sense?
Some background, I'm implementing https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so announcing /32 host routes to our vms with BGP. Our existing vms use /24 network addressing, and to keep that working, I need to set proxy_arp on the interface.
I done something like this in some Russian Cloud hosting provider, but we use OSPF to redistribute routes in DC, and sync their via bgp between dc. I don't recommend hooks, write small netlink based program that listens events about interface up, check it names and set proxy arp for it. This is not blocking and easy to modify/test/write. Or set proxy_arp globally (but this is not recommended) -- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru
On Thu, Apr 11, 2019 at 10:43 PM Vasiliy Tolstov <v.tolstov@selfip.ru> wrote: Hi Vasiliy,
ср, 10 апр. 2019 г. в 19:46, Ruben Kerkhof <ruben@rubenkerkhof.com>:
On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com> wrote:
On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 4/9/19 4:38 PM, Ruben Kerkhof wrote:
Hi all,
I have a hook script, /etc/libvirt/hooks/network, that doesn't seem to be called when I attach an interface with type 'ethernet' with this xml snippet:
<interface type='ethernet'> <model type="virtio"/> <source> <ip address="10.100.0.1" prefix="24" peer="10.100.0.10"/> </source> </interface>
https://www.libvirt.org/hooks.html#intro says "A network is started or stopped or an interface is plugged/unplugged to/from the network (since 1.2.2)".
While I don't have a network defined in xml, I'd expect this to work just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook script. If you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it?
No not in the libvirt sense there isn't, you're right.
But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying to solve?
I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner.
Also keep in mind that the hook scripts aren't an officially supported part of the API, and are thus liable to change without warning. As an example, danpb has proposed changing the network hook:
https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
Once this goes in, any network hook script that uses the plugged and unplugged hooks will no longer work; you would instead need to use the port-created and port-deleted hooks.
That's good to know, thank you Laine.
In that case perhaps adding this functionality to libvirt itself would make more sense?
Some background, I'm implementing https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so announcing /32 host routes to our vms with BGP. Our existing vms use /24 network addressing, and to keep that working, I need to set proxy_arp on the interface.
I done something like this in some Russian Cloud hosting provider, but we use OSPF to redistribute routes in DC, and sync their via bgp between dc.
Thanks, it's good to know that more people do this and I'm on the right path :)
I don't recommend hooks, write small netlink based program that listens events about interface up, check it names and set proxy arp for it. This is not blocking and easy to modify/test/write. Or set proxy_arp globally (but this is not recommended)
That's a good tip, thanks. I do want to set proxy_arp before the interface is admin up and passing traffic, is that possible with netlink? Writing an udev rule might work as well now that I think of it. But seeing that multiple people have implemented this in their own way, wouldn't it make more sense to add support for this to libvirt? Something like <interface type='ethernet' proxy_arp='on' />
-- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru
Kind regards, Ruben
пт, 12 апр. 2019 г., 12:10 Ruben Kerkhof <ruben@rubenkerkhof.com>:
On Thu, Apr 11, 2019 at 10:43 PM Vasiliy Tolstov <v.tolstov@selfip.ru> wrote:
Hi Vasiliy,
ср, 10 апр. 2019 г. в 19:46, Ruben Kerkhof <ruben@rubenkerkhof.com>:
On Wed, Apr 10, 2019 at 1:44 PM Laine Stump <laine@redhat.com> wrote:
On 4/9/19 11:35 AM, Ruben Kerkhof wrote:
On Tue, Apr 9, 2019 at 5:10 PM Michal Privoznik <
On 4/9/19 4:38 PM, Ruben Kerkhof wrote: > Hi all, > > I have a hook script, /etc/libvirt/hooks/network, that doesn't
seem to
> be called when I attach an interface with type 'ethernet' with
> xml snippet: > > <interface type='ethernet'> > <model type="virtio"/> > <source> > <ip address="10.100.0.1" prefix="24"
> </source> > </interface> > > https://www.libvirt.org/hooks.html#intro says > "A network is started or stopped or an interface is
> to/from the network (since 1.2.2)". > > While I don't have a network defined in xml, I'd expect this to work > just as well for 'ethernet' type interfaces. Am I wrong?
Hotplugging an 'ethernet' type of interface doesn't really relate to any libvirt network. Hence libvirt doesn't call 'network' hook
you'd continue reading you'll see what is the 'network' hook fed with (on stdin): info on domain in question AND network where the event ocurred. But there is no network, is it?
No not in the libvirt sense there isn't, you're right.
But maybe you can work around this by waiting for DEVICE_ADDED/DEVICE_REMOVED events? What is it that you're trying
to solve?
I'd like to enable proxy_arp on the interface among other things. I can easily do this from the same script that adds the interface though, so I have a workaround, but a hook that triggers on all interface events felt cleaner.
Also keep in mind that the hook scripts aren't an officially supported part of the API, and are thus liable to change without warning. As an example, danpb has proposed changing the network hook:
https://www.redhat.com/archives/libvir-list/2019-March/msg01280.html
Once this goes in, any network hook script that uses the plugged and unplugged hooks will no longer work; you would instead need to use
mprivozn@redhat.com> wrote: this peer="10.100.0.10"/> plugged/unplugged script. If the
port-created and port-deleted hooks.
That's good to know, thank you Laine.
In that case perhaps adding this functionality to libvirt itself would make more sense?
Some background, I'm implementing https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor, so announcing /32 host routes to our vms with BGP. Our existing vms use /24 network addressing, and to keep that working, I need to set proxy_arp on the interface.
I done something like this in some Russian Cloud hosting provider, but we use OSPF to redistribute routes in DC, and sync their via bgp between dc.
Thanks, it's good to know that more people do this and I'm on the right path :)
I don't recommend hooks, write small netlink based program that listens events about interface up, check it names and set proxy arp for it. This is not blocking and easy to modify/test/write. Or set proxy_arp globally (but this is not recommended)
That's a good tip, thanks. I do want to set proxy_arp before the interface is admin up and passing traffic, is that possible with netlink?
Writing an udev rule might work as well now that I think of it.
But seeing that multiple people have implemented this in their own way, wouldn't it make more sense to add support for this to libvirt? Something like <interface type='ethernet' proxy_arp='on' />
This is not one option that can be setted, so i think this is not generic variant. And yes,if this is only one option,udev is sufficiently.
--
Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru
Kind regards,
Ruben
participants (4)
-
Laine Stump -
Michal Privoznik -
Ruben Kerkhof -
Vasiliy Tolstov