OS-8196: Native zone support for link-local routes

Details

Issue Type:Improvement
Priority:4 - Normal
Status:Resolved
Created at:2020-07-09T16:28:23.927Z
Updated at:2020-07-09T19:18:35.231Z

People

Created by:Former user
Reported by:Former user

Resolution

Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2020-07-09T19:18:35.216Z)

Fix Versions

2020-07-16 Wizard Tip Calculator (Release Date: 2020-07-16)

Related Links

Description

Community contributed enhancement:

From #244:

I have a set of hosts on networks (at OVH, in particular) where zones are created with networking over the admin interface but with IP subnets different than the global zone. The default route for these zones is through the default router on the admin network. In the zone, this means that there is a link-local route to the router on the admin IP subnet, and the default route is this address.

Example:

GZ admin IP: 1.2.3.4/24 default router: 1.2.3.254

Zone:
"nics": [
{
"mac": "00:01:02:03:04:05",
"nic_tag": "admin",
"netmask": "255.255.255.255",
"gateways": ["1.2.3.254"],
"ips": [
2.3.4.5/32"
],
"primary": true
}
],
"routes": {
"1.2.3.254": "nics[0]"
}

Unfortunately, this doesn't work out of the box: net-routing-setup sets up the default route before any static routes. When the default route is on a network accessible via a link-local route, adding the default route fails.

Creating link-local routes before the default or other static routes should prevent this problem. It would seem that always creating link-local routes first should not cause problems, as they should always be directly accessible without a next-hop.

I have a patch for this (as well as for lx_init and dockerinit) and can create PRs for them, assuming this theory isn't fatally flawed.

The fix is to allow link local routes to be added prior to the default route when booting a zone.

Comments

Comment by Former user
Created at 2020-07-09T16:29:54.523Z

From the PR:

I have a few nodes at OVH that use "failover" ip addresses. These addresses are handed out on a CIDR subnet different than the admin network. The default route, however, is that of the default network. So a link-local route needs to be created before the default route. That's the rationale for this change.

I've been using this patch on 10-15 native zones across multiple hosts for the past year. These zones require the link local route to be created first as the default route is on the link-local network (that isn't the same as the IP address of the interface.) Without the patch, creating the default route fails with a "no route to host" error, but is successful with the patch.

I've also been running platform images with this fix on multiple systems that don't have static routes at all, and these all work as expected with the the patch.

I created a few (3 or 4) zones with a static (but not default) route in a lab setup. These all seemed to work just fine, in that the static routes were added as expected in the "non link-local" path.


Comment by Jira Bot
Created at 2020-07-09T19:05:12.902Z

illumos-joyent commit 34dbf837d26183ca5c517b4884793d87f3283a5a (branch master, by Bill Welliver)

OS-8196 Native zone support for link-local routes (#281)

Reviewed by: Jason King <jason.king@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>