[Swan-dev] better name for {left,right}ifaceip?
Antony Antony
antony at phenome.org
Wed Jan 29 08:23:49 UTC 2020
summary s/iface-ip/interface-ip/
Disable the keyword until the functionality is added.
syntax interface-ip=1.2.3.3/24
Antony foresee new type ttipcider(), as there are objections to reuse
subnet(). We will see when we add the code. If the subnet is left alone
without port and protocol it can used for ttipcider().
Additionally:
suggests to leave subnet as without ports and protocol, and create
traffic_selectior() for parsing keyword subnet from our config.
On Mon, Jan 27, 2020 at 02:56:02PM -0500, Andrew Cagney wrote:
> On Mon, 27 Jan 2020 at 11:39, Antony Antony <antony at phenome.org> wrote:
> >
> > first quick answer to Hugh's follow up questions.
> >
> > On Mon, Jan 27, 2020 at 10:58:45AM -0500, D. Hugh Redelmeier wrote:
> > > Has iface-ip been advertised?
> >
> > no. code is incomplete. We can change at this point. I would be happy to.
> > Though Paul may have signoff. My recollection is, he want something similar to
> > leftvti=10.0.1.254/24 for ipsec-ineterface/xfrmi, so when we kill VTI this
> > new IP address can take leftvti's function. I argued it is also useful for
> > non ipsec-inetrface case.
>
> Perhaps the keyword should be disabled for now.
>
> > > Andrew's points all seem valid too. But I haven't thought deeply about
> > > this.
> >
> > There request was to add something like VTI usecase. We need an IP
> > address/mask (not same as subnet, no port and broadcast and network address
> > should be invalid).
> >
> > sourceip != iface-ip. Sourceip is only allowed with /32 or /128 prefix
> > length. With source ip there will be a route with that IP address as the
> > source, for source address selection based on route.
>
> Right. The limitation seems to be largely historic.
>
> If there's an option, perhaps called sourceip=, perhaps called
> something else that accepts any of (subnet, endpoint, address, see
> below, ...) does iface-ip and/or vti become redundant?
leftvti=192.0.1.254/24 will conflict with interface-ip=192.0.1.254
vti has its own lifecycle. Last I herd was, remove VTI completely, soon, as
soon as 3.31?
More information about the Swan-dev
mailing list