starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Assign service to FHRP groups #5985

New Issue
Closed
opened 2025-12-29 19:35:10 +01:00 by adam · 11 comments
adam commented 2025-12-29 19:35:10 +01:00
Owner
Copy Link

Originally created by @topical on GitHub (Jan 21, 2022).

Originally assigned to: @jnovinger on GitHub.

NetBox version

v3.1.6

Feature type

New functionality

Proposed functionality

Be able to assign services to a FHRP group.

This can be done by either:

  • assign service to FHRP group (not supported right now)
  • assign service to one of the member hosts, selecting IP address of FHRP group (not possible, as these IP addresses are not shown on member hosts)

Use case

You have a service (e.g. HTTP) that is redundantly provided by 2 servers (e.g. web1, web2). For this, you define a FHRP group (e.g. "1"), add an IP address to it (say 192.168.100.100) and assign this group to both servers. Servers may be devices or virtual machines.

Now, you want to define the service somehow. Assigning it directly to a server is impossible, as the shared IP address is not shown (this is another topic). Assigning a service to the FHRP group is impossible too.

In my case, my monitoring system reads service definitions from NetBox, which is sadly impossible.

Workaround is to not use FHRP groups in NetBox but assign CARP IP addresses directly to server interfaces, but that's a step backwards.

Database changes

No response

External dependencies

No response

Originally created by @topical on GitHub (Jan 21, 2022). Originally assigned to: @jnovinger on GitHub. ### NetBox version v3.1.6 ### Feature type New functionality ### Proposed functionality Be able to assign services to a FHRP group. This can be done by either: - assign service to FHRP group (not supported right now) - assign service to one of the member hosts, selecting IP address of FHRP group (not possible, as these IP addresses are not shown on member hosts) ### Use case You have a service (e.g. HTTP) that is redundantly provided by 2 servers (e.g. web1, web2). For this, you define a FHRP group (e.g. "1"), add an IP address to it (say 192.168.100.100) and assign this group to both servers. Servers may be devices or virtual machines. Now, you want to define the service somehow. Assigning it directly to a server is impossible, as the shared IP address is not shown (this is another topic). Assigning a service to the FHRP group is impossible too. In my case, my monitoring system reads service definitions from NetBox, which is sadly impossible. Workaround is to not use FHRP groups in NetBox but assign CARP IP addresses directly to server interfaces, but that's a step backwards. ### Database changes _No response_ ### External dependencies _No response_
adam closed this issue 2025-12-29 19:35:10 +01:00
adam commented 2025-12-29 19:35:15 +01:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Mar 23, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Please see our contributing guide.

@github-actions[bot] commented on GitHub (Mar 23, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Please see our [contributing guide](https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md).
adam commented 2025-12-29 19:35:20 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Apr 6, 2022):

This will require ditching the current device and virtual_machine fields on the Service model in favor of a generic foreign key.

@jeremystretch commented on GitHub (Apr 6, 2022): This will require ditching the current `device` and `virtual_machine` fields on the Service model in favor of a generic foreign key.
adam commented 2025-12-29 19:35:20 +01:00
Author
Owner
Copy Link

@topical commented on GitHub (Apr 7, 2022):

I don't know how much has to be changed for this, but I would be really happy if this could be done. As described in my request, I cannot use FHRP yet because of this restriction.

@topical commented on GitHub (Apr 7, 2022): I don't know how much has to be changed for this, but I would be really happy if this could be done. As described in my request, I cannot use FHRP yet because of this restriction.
adam commented 2025-12-29 19:35:20 +01:00
Author
Owner
Copy Link

@neuro42 commented on GitHub (Jul 6, 2022):

Service definitely needs some way to describe load balanced services, both layer 3/4 like LVS and layer 7. One ends up with two types of nodes involved in the service, however. The load balancer (where the IP gets bound/answers ARP/VRRP), and the service nodes (where the service actually runs, which are either NAT'd or don't answer ARP/VRRP). This is very similar to FHRP, but not quite the same. The gateway protocols FHRP covers are typically only on the LB, with the LB either having multiple NAT targets for the VIP (layer 7/LVS NAT), or the same IP configured, but not answering arp (LVS DR).

@neuro42 commented on GitHub (Jul 6, 2022): Service definitely needs some way to describe load balanced services, both layer 3/4 like LVS and layer 7. One ends up with two types of nodes involved in the service, however. The load balancer (where the IP gets bound/answers ARP/VRRP), and the service nodes (where the service actually runs, which are either NAT'd or don't answer ARP/VRRP). This is very similar to FHRP, but not quite the same. The gateway protocols FHRP covers are typically only on the LB, with the LB either having multiple NAT targets for the VIP (layer 7/LVS NAT), or the same IP configured, but not answering arp (LVS DR).
adam commented 2025-12-29 19:35:21 +01:00
Author
Owner
Copy Link

@thscma commented on GitHub (Aug 29, 2022):

I run into the same problem when I try to document exposed kubernetes services.
From my point of view, it make sense to assign a service only to an ip address and never direct to a device or vm.
The ip address could then assigned to an interface of a device or vm or via FHRP to interfaces at multiple devices/vm`s.

@thscma commented on GitHub (Aug 29, 2022): I run into the same problem when I try to document exposed kubernetes services. From my point of view, it make sense to assign a service only to an ip address and never direct to a device or vm. The ip address could then assigned to an interface of a device or vm or via FHRP to interfaces at multiple devices/vm`s.
adam commented 2025-12-29 19:35:21 +01:00
Author
Owner
Copy Link

@topical commented on GitHub (Aug 31, 2022):

I run into the same problem when I try to document exposed kubernetes services.
From my point of view, it make sense to assign a service only to an ip address and never direct to a device or vm.
The ip address could then assigned to an interface of a device or vm or via FHRP to interfaces at multiple devices/vm`s.

For me, this sounds like a perfect solution. Support of FHRP would be just a "side effect" of the change.

Apart from the work and the breaking changes there is one thing to consider: if a device/VM has multiple IP addresses, you need multiple service definitions. Especially with dual stack setups, this isn't really funny.

BTW: the way services are defined is not perfect in general. Services usually depend on the role of the device. E.g. with icinga this can be defined automagically, but this is far beyond this issue :)

@topical commented on GitHub (Aug 31, 2022): > I run into the same problem when I try to document exposed kubernetes services. > From my point of view, it make sense to assign a service only to an ip address and never direct to a device or vm. > The ip address could then assigned to an interface of a device or vm or via FHRP to interfaces at multiple devices/vm`s. For me, this sounds like a perfect solution. Support of FHRP would be just a "side effect" of the change. Apart from the work and the breaking changes there is one thing to consider: if a device/VM has multiple IP addresses, you need multiple service definitions. Especially with dual stack setups, this isn't really funny. BTW: the way services are defined is not perfect in general. Services usually depend on the role of the device. E.g. with icinga this can be defined automagically, but this is far beyond this issue :)
adam commented 2025-12-29 19:35:22 +01:00
Author
Owner
Copy Link

@engageant commented on GitHub (Nov 17, 2022):

We're in need of this as well, and I'd also like to suggest that however this gets implemented that the services are still visible on the device or VM's main page.

@engageant commented on GitHub (Nov 17, 2022): We're in need of this as well, and I'd also like to suggest that however this gets implemented that the services are still visible on the device or VM's main page.
adam commented 2025-12-29 19:35:22 +01:00
Author
Owner
Copy Link

@kfox1111 commented on GitHub (Nov 30, 2022):

We've also hit this, trying to roughly map k8s pods as netbox vm's.

@kfox1111 commented on GitHub (Nov 30, 2022): We've also hit this, trying to roughly map k8s pods as netbox vm's.
adam commented 2025-12-29 19:35:22 +01:00
Author
Owner
Copy Link

@Yarli commented on GitHub (Dec 30, 2022):

I also hit this issue too.
We have 2 HA firewalls using CARP/FHRP groups for our public IP addresses which are shared across the 2 units.
Trying to assign an open port on a public IP address seem to only allow when the public IP is directly assigned to the device, therefore we can see the single CARP public ip per firewall, but not hte remaining shared (virtual IP's) assigned onthe FHRP group.
Oddly the "Service" section shows on the FHRP group, but i'm unsure how you would ever populate it when the requirement is there to specify a device of virtual machine. I feel a 3rd tab is needed for FHRP groups as well.

Having said all that, if you don't specify anything in the device/VM drop down, and then type your Public IP into the IP address box, it does let you select it, then if you go back up to the device box and type in the device and select it, you can then save the form and it then does show up against the FHRP group and on the device as well.
Maybe the filter on the IP address dropdown jsut needs extending to include any associated IP's via the FHRP groups as well ??

@Yarli commented on GitHub (Dec 30, 2022): I also hit this issue too. We have 2 HA firewalls using CARP/FHRP groups for our public IP addresses which are shared across the 2 units. Trying to assign an open port on a public IP address seem to only allow when the public IP is directly assigned to the device, therefore we can see the single CARP public ip per firewall, but not hte remaining shared (virtual IP's) assigned onthe FHRP group. Oddly the "Service" section shows on the FHRP group, but i'm unsure how you would ever populate it when the requirement is there to specify a device of virtual machine. I feel a 3rd tab is needed for FHRP groups as well. Having said all that, if you don't specify anything in the device/VM drop down, and then type your Public IP into the IP address box, it does let you select it, then if you go back up to the device box and type in the device and select it, you can then save the form and it then does show up against the FHRP group and on the device as well. Maybe the filter on the IP address dropdown jsut needs extending to include any associated IP's via the FHRP groups as well ??
adam commented 2025-12-29 19:35:22 +01:00
Author
Owner
Copy Link

@mmfreitas commented on GitHub (Mar 24, 2023):

I also have the need to record the service on a FHRP Group IP Address, would love to see this in the next implementation of 3.5 or 3.6 if it's not too much of a hustle.

@mmfreitas commented on GitHub (Mar 24, 2023): I also have the need to record the service on a FHRP Group IP Address, would love to see this in the next implementation of 3.5 or 3.6 if it's not too much of a hustle.
adam commented 2025-12-29 19:35:23 +01:00
Author
Owner
Copy Link

@Omripresent commented on GitHub (May 16, 2023):

I run into the same problem when I try to document exposed kubernetes services. From my point of view, it make sense to assign a service only to an ip address and never direct to a device or vm. The ip address could then assigned to an interface of a device or vm or via FHRP to interfaces at multiple devices/vm`s.

I see it differently, in case of F5 and other highly available deployments, the actual used IP is never attached to a given interface, it would respond to ARP requests if the virtual address is on the same subnet as one of its vlan interfaces, or if the prefix is routed to the F5.

In those cases it would make more sense to be able to attach a server to a set of devices, physical or virtual, and associate an address to it (not restricted to ones attached to the devices).

This would more accurately represent the "real world" deployment.

In cases of HA Proxy and Keepalived for example, the same process can be used, the service address would be the same as of teh FHRP group and the associated devices would be the number of HA Proxy servers, this way there's flexibility to allow both use cases.

@Omripresent commented on GitHub (May 16, 2023): > I run into the same problem when I try to document exposed kubernetes services. From my point of view, it make sense to assign a service only to an ip address and never direct to a device or vm. The ip address could then assigned to an interface of a device or vm or via FHRP to interfaces at multiple devices/vm`s. I see it differently, in case of F5 and other highly available deployments, the actual used IP is never attached to a given interface, it would respond to ARP requests if the virtual address is on the same subnet as one of its vlan interfaces, or if the prefix is routed to the F5. In those cases it would make more sense to be able to attach a server to a set of devices, physical or virtual, and associate an address to it (not restricted to ones attached to the devices). This would more accurately represent the "real world" deployment. In cases of HA Proxy and Keepalived for example, the same process can be used, the service address would be the same as of teh FHRP group and the associated devices would be the number of HA Proxy servers, this way there's flexibility to allow both use cases.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label breaking change complexity: medium netbox status: accepted type: feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#5985
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?