mirror of
https://github.com/netbox-community/netbox.git
synced 2026-01-11 21:10:29 +01:00
Naïve / generic approach to tunnel interfaces #5668
Closed
opened 2025-12-29 19:31:06 +01:00 by adam
·
12 comments
No Branch/Tag Specified
main
update-changelog-comments-docs
feature-removal-issue-type
20911-dropdown
20239-plugin-menu-classes-mutable-state
21097-graphql-id-lookups
feature
fix_module_substitution
20923-dcim-templates
20044-elevation-stuck-lightmode
feature-ip-prefix-link
v4.5-beta1-release
20068-import-moduletype-attrs
20766-fix-german-translation-code-literals
20378-del-script
7604-filter-modifiers-v3
circuit-swap
12318-case-insensitive-uniqueness
20637-improve-device-q-filter
20660-script-load
19724-graphql
20614-update-ruff
14884-script
02496-max-page
19720-macaddress-interface-generic-relation
19408-circuit-terminations-export-templates
20203-openapi-check
fix-19669-api-image-download
7604-filter-modifiers
19275-fixes-interface-bulk-edit
fix-17794-get_field_value_return_list
11507-show-aggregate-and-rir-on-api
9583-add_column_specific_search_field_to_tables
v4.5.0
v4.4.10
v4.4.9
v4.5.0-beta1
v4.4.8
v4.4.7
v4.4.6
v4.4.5
v4.4.4
v4.4.3
v4.4.2
v4.4.1
v4.4.0
v4.3.7
v4.4.0-beta1
v4.3.6
v4.3.5
v4.3.4
v4.3.3
v4.3.2
v4.3.1
v4.3.0
v4.2.9
v4.3.0-beta2
v4.2.8
v4.3.0-beta1
v4.2.7
v4.2.6
v4.2.5
v4.2.4
v4.2.3
v4.2.2
v4.2.1
v4.2.0
v4.1.11
v4.1.10
v4.1.9
v4.1.8
v4.2-beta1
v4.1.7
v4.1.6
v4.1.5
v4.1.4
v4.1.3
v4.1.2
v4.1.1
v4.1.0
v4.0.11
v4.0.10
v4.0.9
v4.1-beta1
v4.0.8
v4.0.7
v4.0.6
v4.0.5
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.7.8
v3.7.7
v4.0-beta2
v3.7.6
v3.7.5
v4.0-beta1
v3.7.4
v3.7.3
v3.7.2
v3.7.1
v3.7.0
v3.6.9
v3.6.8
v3.6.7
v3.7-beta1
v3.6.6
v3.6.5
v3.6.4
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.9
v3.6-beta2
v3.5.8
v3.6-beta1
v3.5.7
v3.5.6
v3.5.5
v3.5.4
v3.5.3
v3.5.2
v3.5.1
v3.5.0
v3.4.10
v3.4.9
v3.5-beta2
v3.4.8
v3.5-beta1
v3.4.7
v3.4.6
v3.4.5
v3.4.4
v3.4.3
v3.4.2
v3.4.1
v3.4.0
v3.3.10
v3.3.9
v3.4-beta1
v3.3.8
v3.3.7
v3.3.6
v3.3.5
v3.3.4
v3.3.3
v3.3.2
v3.3.1
v3.3.0
v3.2.9
v3.2.8
v3.3-beta2
v3.2.7
v3.3-beta1
v3.2.6
v3.2.5
v3.2.4
v3.2.3
v3.2.2
v3.2.1
v3.2.0
v3.1.11
v3.1.10
v3.2-beta2
v3.1.9
v3.2-beta1
v3.1.8
v3.1.7
v3.1.6
v3.1.5
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.12
v3.0.11
v3.0.10
v3.1-beta1
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.11.12
v3.0-beta2
v2.11.11
v2.11.10
v3.0-beta1
v2.11.9
v2.11.8
v2.11.7
v2.11.6
v2.11.5
v2.11.4
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.10
v2.10.9
v2.11-beta1
v2.10.8
v2.10.7
v2.10.6
v2.10.5
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.11
v2.10-beta2
v2.9.10
v2.10-beta1
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.9-beta2
v2.8.9
v2.9-beta1
v2.8.8
v2.8.7
v2.8.6
v2.8.5
v2.8.4
v2.8.3
v2.8.2
v2.8.1
v2.8.0
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.7
v2.7.6
v2.7.5
v2.7.4
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.12
v2.6.11
v2.6.10
v2.6.9
v2.7-beta1
Solcon-2020-01-06
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.13
v2.5.12
v2.6-beta1
v2.5.11
v2.5.10
v2.5.9
v2.5.8
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.9
v2.5-beta2
v2.4.8
v2.5-beta1
v2.4.7
v2.4.6
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.7
v2.4-beta1
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.10
v2.3-beta2
v2.2.9
v2.3-beta1
v2.2.8
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.6
v2.2-beta2
v2.1.5
v2.2-beta1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.10
v2.1-beta1
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v2.0-beta3
v1.9.6
v1.9.5
v2.0-beta2
v1.9.4-r1
v1.9.3
v2.0-beta1
v1.9.2
v1.9.1
v1.9.0-r1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.3
v1.7.2-r1
v1.7.1
v1.7.0
v1.6.3
v1.6.2-r1
v1.6.1-r1
1.6.1
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.4.2
v1.4.1
v1.4.0
v1.3.2
v1.3.1
v1.3.0
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.7-r1
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3-r1
v1.0.3
1.0.0
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: starred/netbox#5668
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @BarbarossaTM on GitHub (Nov 16, 2021).
NetBox version
v3.0.3
Feature type
Data model extension
Proposed functionality
It would be great if it were possible to model tunnels between devices/VMs in Netbox. As the field of tunnel mechanisms (GRE, SIT, IPIP, IPsec, Wireguard, OpenVPN, Tinc, fastd, ...) is huge, there is no way to model all possibilities and attributes here.
While thinking about options to model this in Netbox I first arrived at "Let's build a plugin" and later boiled it down to "What I really need is much simpler". Therefore I propose the following naïve and generic approach:
Depending on whether to support PTMP setups the tunnel type would need to be created before making the connection. So I guess it would be something like a Provider Network but without circuits require for attachment.
One thing to consider is adding a Tunnel type field to the Tunnel model. If added it would be an extensive list and will require some iterations to be more or less complete. The alternatives obviously are to let the user add this a a custom field or add it as a field of type string. I would be in slight favor of the latter, as this field most likely will be required anyway.
Use case
The approach described above would allow to model
Which would suffice for GRE tunnels on Linux for example. If you were to use Wireguard or OpenVPN this would require to device at least on custom field on the tunnel and define the UDP port for example.
One could think about the ability to connect more than 2 endpoints to a tunnel. Allowing this should not fundamentally change the model and I would assume it wouldn't complicate things a lot, thereby offering support for more possible deployment scenarios like PTMP OpenVPN/Tinc setups etc.
Database changes
I guess this would require a new Tunnel type which allows to connect two (or more?) Interfaces of type tunnel.
External dependencies
None.
@ta-raider commented on GitHub (Nov 16, 2021):
Sounds perfect for my IPSec Gateways, to get the Tunnel stuff also into Netbox.
For that case I would want to distinguish between Route-based and Policy-based Tunnels, but that fits also into custom fields :)
@jeremystretch commented on GitHub (Nov 16, 2021):
It's pretty odd that this got ten upvotes within two hours of being opened, most from users I've never seen participate here. 🤔
@herbetom commented on GitHub (Nov 16, 2021):
@jeremystretch It was discussed in a DENOG (German Network Operators Group) chat group. Those Upvotes are indeed from actual distinct Users who are interested in this feature.
@DanSheps commented on GitHub (Nov 16, 2021):
I hate to say this, but this isn't as easy to model as adding a field and a new cable model. Something like this needs to be carefully considered. For example, on Cisco ASA's, policy based VPN's don't have a "interface", they are functions of the assigned interface. How do you display a L2 relationship between them? Use a bridge interface? Well that doesn't exactly follow the model.
It is a greate idea, I just think it isn't going to capture all the possible use cases that we need to think about and we can't be as generic as you are suggesting here, The data models generally should mimic real word models, so if you are modelling a P2P policy based VPN on a Cisco ASA you shouldn't need to create a tunnel interface to do it, when that isn't what you are doing on the ASA with a policy based VPN.
I think we could definitely look at giving this a go, based on how much interest there is, it just might need a re-write to capture all the possible use cases and be a little more encompassing.
Potentially related FR's:
@jeremystretch commented on GitHub (Nov 16, 2021):
I'll echo Dan's concerns somewhat. I think that, on its own, it's certainly a valid FR and worthy of exploration. But my primary concern would be avoiding making any design choices that would exclude (or greatly impede) other potential tunnel/virtual circuit-type features in the future. (For example, consider point-to-multipoint VPNs.)
That said I see a surprising degree of parallel with the wireless link and wireless LAN models; we might leverage lessons learned from those models in the coming months to inform development here.
@ta-raider commented on GitHub (Nov 17, 2021):
So maybe start with a less complicated scenario - like tunnel-generic ? with less dependencies - and see how it fits itself into 3.x ?
I run Netbox within AS28918 and AS49097 for a lot of our stuff in the meantime, but our IPSEC tunnels do not really fit into it and therefore are documented "somewhere else" :)
That generic approach would still help us a lot, as we could allocate these tunnels to Tenants and VRFs already added to our Netbox. With some few custom fields I think we could end up creating these tunnels only with Netbox and Ansible, as most of our IPSEC parameters are the same at the moment
@DanSheps commented on GitHub (Nov 17, 2021):
IMO, I think it would make sense to focus on the more requested scenario, vxlan and then branch out.
@jeremystretch commented on GitHub (Nov 18, 2021):
Per my comment above, this is exactly what we want to avoid. We should not be making any changes to the data model without first considering their potential impact on future work. Doing so is likely to create much more work for both developer and users. We should at least have some idea how we might want to tack future implementations that would inform or overlap with this proposal before proceeding.
@snowie-swe commented on GitHub (Dec 1, 2021):
support for a generic ipsec would go a long way,
@ossark commented on GitHub (Dec 1, 2021):
At least general tunneling to represent relationships between virtual interfaces. That would really cater for most use cases to large degree.
@github-actions[bot] commented on GitHub (Jan 31, 2022):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Please see our contributing guide.
@github-actions[bot] commented on GitHub (Mar 2, 2022):
This issue has been automatically closed due to lack of activity. In an effort to reduce noise, please do not comment any further. Note that the core maintainers may elect to reopen this issue at a later date if deemed necessary.