<div dir="ltr"><div><div>Hmm, one correction here - I just discovered that it is not true that "Linux does not allow overlapping CIDRs to be defined on multiple interfaces (in the same namespace)".<br><br></div>So perhaps --interface=tap* on its own could work after all...<br><br></div> Neil<br><br></div><br><div class="gmail_quote"><div dir="ltr">On Mon, May 30, 2016 at 7:48 PM Neil Jerram <<a href="mailto:neil@tigera.io">neil@tigera.io</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Vasiliy, <br>
<br>
My understanding is that Dnsmasq requires each IP allocation to be associated with a Linux interface, and that the allocated IP must be contained within one of the CIDRs on that Linux interface (e.g. as shown by ifconfig <interface>). In Dnsmasq terminology, a 'DHCP context' is defined on the interface, and the IP allocation comes from the DHCP context. I believe this is true even when all the allocations are static, i.e. defined explicitly in the host file, as well as when allocations are from a dynamic range. <br>
<br>
Therefore --interface=tap* does not work on its own - because Linux does not allow overlapping CIDRs to be defined on multiple interfaces (in the same namespace).<br>
<br>
(I would also be interested to hear the outcome of your libvirt discussions about unbridged Ethernet interfaces. I believe libvirt currently regards that scenario as deprecated and possibly insecure, but it is the scenario that networking-calico uses too.)<br>
<br>
Regards, <br>
Neil <br>
<br>
<br>
Original Message <br>
From: Vasiliy Tolstov<br>
Sent: Friday, 27 May 2016 22:50<br>
To: Neil Jerram<br>
Cc: dnsmasq-discuss<br>
Subject: Re: [Dnsmasq-discuss] many tap devices, provide dhcp and ipv6 slaac<br>
<br>
2016-05-27 17:56 GMT+03:00 Neil Jerram <<a href="mailto:neil@tigera.io" target="_blank">neil@tigera.io</a>>:<br>
> Hi Vasiliy,<br>
><br>
> I assume your TAP devices are _not_ bridged on the host?<br>
><br>
> If so, you can use the same approach as we use for Calico networking in<br>
> OpenStack -<br>
> <a href="http://docs.openstack.org/developer/networking-calico/implementation-notes.html#dhcp" rel="noreferrer" target="_blank">http://docs.openstack.org/developer/networking-calico/implementation-notes.html#dhcp</a><br>
><br>
> You'll need:<br>
><br>
> a dummy interface, with an address in the 85.143.220/24 CIDR<br>
> to populate the dnsmasq hosts file with the IP/MAC mappings for your VMs<br>
> to tell dnsmasq to listen on the dummy interface and all the TAPs, and treat<br>
> the TAPs as aliases of the dummy interface (using --bridge-interfaces).<br>
><br>
> Hope that helps - happy to provide more detail if you need.<br>
><br>
> Neil<br>
><br>
><br>
<br>
<br>
Thanks! Does i need on dummy interface address with corresponding<br>
netmask or i can use /32 address that acts like gateway for vm?<br>
I have some discussion on libvirt mailing list about plain ethernet<br>
devices and my next plans add ability to configure dnsmasq via libvirt<br>
for this networks.<br>
So in case of libvirt i have running dnsmasq on virtbr0 for example<br>
and on each vm start i need to reconfigure dnsmasq to add needed tap<br>
device to it? Why i can't use --interface=tap* ? DOes dnsmasq monitors<br>
network intnerfaces via netlink and automatic listen it when it added<br>
to the host?<br>
<br>
--<br>
Vasiliy Tolstov,<br>
e-mail: <a href="mailto:v.tolstov@yoctocloud.net" target="_blank">v.tolstov@yoctocloud.net</a><br>
</blockquote></div>