Skip to content

Simplify shared external IP configuration type #10148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bnaecker merged 4 commits into from
Mar 26, 2026
Merged

Simplify shared external IP configuration type #10148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0dfd2da
Simplify shared external IP configuration type
bnaecker Mar 25, 2026
c390700
Review feedback
bnaecker Mar 26, 2026
0ea7a8e
Fixup illumos tests
bnaecker Mar 26, 2026
4733eb8
fixup
bnaecker Mar 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
599 changes: 87 additions & 512 deletions common/src/api/internal/shared/external_ip/mod.rs
View file
Open in desktop

Large diffs are not rendered by default.

218 changes: 218 additions & 0 deletions common/src/api/internal/shared/external_ip/v1.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,14 @@
use super::SourceNatConfigError;
use crate::address::NUM_SOURCE_NAT_PORTS;
use daft::Diffable;
use itertools::Either;
use itertools::Itertools as _;
use schemars::JsonSchema;
use serde::Deserialize;
use serde::Serialize;
use std::net::IpAddr;
use std::net::Ipv4Addr;
use std::net::Ipv6Addr;

/// An IP address and port range used for source NAT, i.e., making
/// outbound network connections from guests or services.
Expand Down Expand Up @@ -107,3 +111,217 @@ impl SourceNatConfig {
self.port_range().into_inner()
}
}

/// Frozen v1 IPv4 external IP configuration.
///
/// Preserved for compatibility with older sled-agent API versions.
/// New code should use `ExternalIpv4Config` from the parent module.
#[derive(
Clone, Debug, Default, Deserialize, JsonSchema, PartialEq, Serialize,
)]
pub struct ExternalIpv4Config {
/// Source NAT configuration, for outbound-only connectivity.
pub source_nat: Option<super::SourceNatConfigV4>,
/// An Ephemeral address for in- and outbound connectivity.
pub ephemeral_ip: Option<Ipv4Addr>,
/// Additional Floating IPs for in- and outbound connectivity.
pub floating_ips: Vec<Ipv4Addr>,
}

/// Frozen v1 IPv6 external IP configuration.
///
/// Preserved for compatibility with older sled-agent API versions.
/// New code should use `ExternalIpv6Config` from the parent module.
#[derive(
Clone, Debug, Default, Deserialize, JsonSchema, PartialEq, Serialize,
)]
pub struct ExternalIpv6Config {
/// Source NAT configuration, for outbound-only connectivity.
pub source_nat: Option<super::SourceNatConfigV6>,
/// An Ephemeral address for in- and outbound connectivity.
pub ephemeral_ip: Option<Ipv6Addr>,
/// Additional Floating IPs for in- and outbound connectivity.
pub floating_ips: Vec<Ipv6Addr>,
}

/// A single- or dual-stack external IP configuration.
// This is version 1 of `ExternalIpConfig`, kept for compatibility with
// older versions of the sled-agent API which used this format. New code
// should use `ExternalIpConfig` from the parent module.
#[derive(Clone, Debug, Deserialize, JsonSchema, PartialEq, Serialize)]
#[serde(rename_all = "snake_case", tag = "type", content = "value")]
pub enum ExternalIpConfig {
/// Single-stack IPv4 external IP configuration.
V4(ExternalIpv4Config),
/// Single-stack IPv6 external IP configuration.
V6(ExternalIpv6Config),
/// Both IPv4 and IPv6 external IP configuration.
DualStack { v4: ExternalIpv4Config, v6: ExternalIpv6Config },
}

impl From<ExternalIpv4Config> for ExternalIpConfig {
fn from(cfg: ExternalIpv4Config) -> Self {
Self::V4(cfg)
}
}

impl From<ExternalIpv6Config> for ExternalIpConfig {
fn from(cfg: ExternalIpv6Config) -> Self {
Self::V6(cfg)
}
}

impl ExternalIpConfig {
Comment thread
bnaecker marked this conversation as resolved.
/// Attempt to convert from generic IP addressing information.
///
/// This is used to convert older API versions which used version-agnostic
/// IP address types (`IpAddr`) rather than concrete `Ipv4Addr`/`Ipv6Addr`.
///
/// Returns an error if there are no addresses at all, or if there are
/// mixed IP versions.
pub fn try_from_generic(
source_nat: Option<SourceNatConfig>,
ephemeral_ip: Option<IpAddr>,
floating_ips: Vec<IpAddr>,
) -> Result<Self, ExternalIpsError> {
let snat_v4;
let snat_v6;
match source_nat {
Some(snat) => {
let (first_port, last_port) = snat.port_range_raw();
match snat.ip {
IpAddr::V4(ipv4) => {
snat_v6 = None;
snat_v4 = Some(super::SourceNatConfig::new(
ipv4, first_port, last_port,
)?);
}
IpAddr::V6(ipv6) => {
snat_v6 = Some(super::SourceNatConfig::new(
ipv6, first_port, last_port,
)?);
snat_v4 = None;
}
}
}
None => {
snat_v4 = None;
snat_v6 = None;
}
};

let (fips_v4, fips_v6): (Vec<_>, Vec<_>) =
floating_ips.into_iter().partition_map(|fip| match fip {
IpAddr::V4(v4) => Either::Left(v4),
IpAddr::V6(v6) => Either::Right(v6),
});

match (snat_v4, snat_v6, ephemeral_ip) {
(None, None, None) => {
match (fips_v4.is_empty(), fips_v6.is_empty()) {
(true, true) => Err(ExternalIpsError::NoIps),
(true, false) => Ok(ExternalIpv6Config {
source_nat: None,
ephemeral_ip: None,
floating_ips: fips_v6,
}
.into()),
(false, true) => Ok(ExternalIpv4Config {
source_nat: None,
ephemeral_ip: None,
floating_ips: fips_v4,
}
.into()),
(false, false) => Err(ExternalIpsError::MixedIpVersions),
}
}
(None, None, Some(IpAddr::V4(v4))) => {
if !fips_v6.is_empty() {
return Err(ExternalIpsError::MixedIpVersions);
}
Ok(ExternalIpv4Config {
source_nat: None,
ephemeral_ip: Some(v4),
floating_ips: fips_v4,
}
.into())
}
(None, None, Some(IpAddr::V6(v6))) => {
if !fips_v4.is_empty() {
return Err(ExternalIpsError::MixedIpVersions);
}
Ok(ExternalIpv6Config {
source_nat: None,
ephemeral_ip: Some(v6),
floating_ips: fips_v6,
}
.into())
}
(None, Some(snat_v6), None) => {
if !fips_v4.is_empty() {
return Err(ExternalIpsError::MixedIpVersions);
}
Ok(ExternalIpv6Config {
source_nat: Some(snat_v6),
ephemeral_ip: None,
floating_ips: fips_v6,
}
.into())
}
(None, Some(snat_v6), Some(IpAddr::V6(eip_v6))) => {
if !fips_v4.is_empty() {
return Err(ExternalIpsError::MixedIpVersions);
}
Ok(ExternalIpv6Config {
source_nat: Some(snat_v6),
ephemeral_ip: Some(eip_v6),
floating_ips: fips_v6,
}
.into())
}
(Some(snat_v4), None, None) => {
if !fips_v6.is_empty() {
return Err(ExternalIpsError::MixedIpVersions);
}
Ok(ExternalIpv4Config {
source_nat: Some(snat_v4),
ephemeral_ip: None,
floating_ips: fips_v4,
}
.into())
}
(Some(snat_v4), None, Some(IpAddr::V4(eip_v4))) => {
if !fips_v6.is_empty() {
return Err(ExternalIpsError::MixedIpVersions);
}
Ok(ExternalIpv4Config {
source_nat: Some(snat_v4),
ephemeral_ip: Some(eip_v4),
floating_ips: fips_v4,
}
.into())
}
(Some(_), None, Some(IpAddr::V6(_)))
| (None, Some(_), Some(IpAddr::V4(_))) => {
Err(ExternalIpsError::MixedIpVersions)
}
(Some(_), Some(_), None) | (Some(_), Some(_), Some(_)) => {
Err(ExternalIpsError::MixedIpVersions)
}
}
}
}

#[derive(Debug, thiserror::Error)]
pub enum ExternalIpsError {
#[error(
"Must specify at least one SNAT, ephemeral, or floating IP address"
)]
NoIps,
#[error(
"SNAT, ephemeral, and floating IPs must all be of the same IP version"
)]
MixedIpVersions,
#[error(transparent)]
SourceNat(#[from] super::SourceNatConfigError),
}
1 change: 0 additions & 1 deletion common/src/api/internal/shared/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ pub use network_interface::*;

// Re-export latest version of the external IP types.
pub use external_ip::ExternalIpConfig;
pub use external_ip::ExternalIpConfigBuilder;
pub use external_ip::ExternalIps;
pub use external_ip::ExternalIpv4Config;
pub use external_ip::ExternalIpv6Config;
Expand Down
Loading
Loading