Network infra: Declare bridges

[vanrein]

In internetwide/CMakeLists.txt, declare a number of bridge names. They are optional until one of the underlying scripts requires their name (because they want to inject interfaces into it, of course).

Presumed useful levels are (with iwo0 as a default scope, more could be imagined on the same machine if so desired).

• iwo0pub as a public interface
• iwo0dmz as a demilitarised zone
• iwo0bck for backend connectivity
• iwo0plg for plugin services
• iwo0ngb for crossover to neighbouring nodes (same realm)
• iwo0sit for remote sites (same realm)
• iwo0ctl for automated control connections
• iwo0adm for administrative connections

There is no reason why all these interfaces have to be different bridges, but the ability to declare them separately is useful. Bridges are cheap! It makes sense to split these into separate network name spaces too, except that this makes them difficult to review by network administrators.

Each interface is described with

• a description
• a bridge name (not necessarily unique)
• an IPv4 range (optional, we want to be backward compatible)
• an IPv6 range (required)
• a network namespace (optional, attached to the bridge name and so possibly shared)

[vanrein]

When constructing networking scripts, avoid the name conflict risk of the local name creation,

... &&
ip link add kip0if0 type veth peer name kip0eth0 &&
ip link set kip0eth0 netns kip0ns &&
...

instead create the name directly in the target netns,

... &&
ip link add kip0if0 type veth peer name kip0eth0 netns kip0ns &&
...

[vanrein]

Currently using deprecated prestart hook. Move to new ones and hope to create the netns for the KIP Service.

[vanrein]

The prestart hook is the only option that seems to work, createContainer is not invoked at all.

[vanrein]

This is how far we can get now. Cannot create bridges (duh) or network namespace (pitty) because prestart is the only hook, and it won't accept such statements. So, no cleanup either.

[vanrein]

News alert! It is possible to set the netns on both interfaces when creating a pair,

ip link add test0 netns test type veth peer name test1 netns kip0ns

This is still missing functionality, so go for it!

[vanrein]

Finally resolved, with the bridges appearing in their own netns, using the trick above, in 023e2c13e347ea5e9b6429659f270f5e992d28aa in branch master. We now have a really flexible engine.