Skip to content

public IP space

we need a way to keep track of which public subnets we are allowed to use and how we should access them. I assume this will look like a WAN interface on a different physical NIC that gets passed through to the openwrt VM.

we need to track allocation of the individual IPs in those subnets. It seems like there are a few different things to think about here:

  • so far the model has mostly been port forwarding. IMO this works well. This means no individual VM owns a given IP, just gets to request a port be forwarded
  • we could also consider allowing IPs to be assigned to VMs. if we do this there are two options:
    • route the public IP all the way to the VM, so the VM is configured with a public IP (like DigitalOcean does)
    • route traffic that comes to the public IP to the VM, but only give the VM an internal IP (like AWS does)
  • default routes for outbound traffic: ideally VMs in a particular VPC can share a public IP address for outbound traffic, maybe an egress IP gets assigned to a VPC when it's created, not necessarily exclusively assigned (ie. multiple VPCs could egress from the same public IP)

IPv6 will make all of this even weirder, i'm focusing on v4 for now.

The current WAN interface expects to be able to get an IP address from DHCP, and neither the NIC nor it's IP is tracked in the DB at all. The nic is slapped on at the last minute by rhyzome-libvirt when special case ROUTER is set, and then auto-configured as a default WAN device by openwrt. IMO this is fine for the first time the router boots so it can automatically boot up and talk to the control server. Eventually it'd probably be good to track and delete after initial provisioning is completed.