OpenSyncTM Network Management Requirements
Date: May 27, 2020 Document ID: ERE-019-122-701 Table of Contents Introduction 2
Prerequisites and requirements 2 Prerequisites 3 Prerequisite: OpenSync 1.2 or more 3 Requirements 3 Requirement: IPv4 3 Requirement: DNS 4 Requirement: DHCPv4 Client 4 Requirement: DHCPv4 Server 4 Requirement: IPv4 Routing 5 Requirement: IPv4 Firewall 5 Requirement: UPnP 5 Requirement: IPv6 5 Requirement: IPv6 Router Advertisement 6 Requirement: DHCPv6 Client 6 Requirement: DHCPv6 Server 6 IPv6 firewall [SOON OBSOLETE] 7 References
[1] ERE-020-011-301 OpenSync requirement: General.pdf
[2] https://www.opensync.io/s/OpenSync_12-fpht.pdf
[3] EUB-020-013-001 OpenSync Overview.pdf
1/7 Introduction
The OpenSync Network Manager (NM2) is responsible for managing and reporting the network configuration, and creation of interfaces. NM2 is one of the core OpenSync services – NM2 manages the device operation and guides the onboarding process.
Prerequisites
OpenSync versions
OpenSync 1.2 [2] is required for IPv4 support.
Support for IPv6 and WAN management requires OpenSync 1.4 [3].
Prerequisite: OpenSync 1.2 [2] for IPv4 support.
Prerequisite: OpenSync 1.4 [3] for IPv6 and WAN management.
Requirements
OpenSync network management requires the below listed APIs. The default backend exists in the core repository, which is targeting the generic Linux systems with a focus on the OpenWrt-like distributions. This implementation requires various external tools and utilities, which are typically present on the OpenWrt-based Linux distributions.
Component OpenSync API Default backends and external dependencies
IPv4 osn_inet.h Iproute2 utilities: ip addr / ip route NETLINK sockets
DNS osn_inet.h Libc that uses /etc/resolv.conf
DHCPv4 client osn_dhcp.h udhcpc
DHCPv4 server osn_dhcp.h dnsmasq
IPv4 route osn_inet.h Iproute 2 utilities: ip route NETLINK sockets
IPv4 firewall IPv4 firewall IPv4 firewall iptables iptables iptables
2/7 UPnP osn_upnp.h miniupnpd
IPv6 osn_inet6.h Iproute2 utilities: ip -6 addr / ip -6 route NETLINK sockets
IPv6 router osn_inet6.h dnsmasq advertisement
DHCPv6 client with osn_dhcp6.h odhcp6c SLAAC support
DHCPv6 server osn_dhcp6.h dnsmasq
IPv6 firewall [SOON / Iptables -6 OBSOLETE] to configure NAT
Table 1: OpenSync network tools and utilities
IPv4
NM2 configures IPv4 parameters:
● Static IPv4 address and netmask ● Default gateway
The API required for the IPv4 parameter configuration is in the osn_inet.h header file.
The core repository uses the default implementation of Iproute2 utilities. This is currently the de-facto standard for the majority of modern Linux distributions.
Requirement: IPv4: - working osn_inet.h API
DNS
OpenSync configures the currently used DNS server settings used by devices. The required API for this task is in the osn_inet.h header file. By default, the NM2 writes the values of the DNS servers to /etc/resolv.conf. The requirement for this is a libc implementation that can detect dynamic changes in the /etc/resolv.conf, and reload the configuration (e.g., uClibc).
3/7 Requirement: DNS: - working osn_inet.h API
DHCPv4 client
OpenSync uses the DHCP protocol for IPv4 auto-configuration. DHCPv4 client ensures “leaf pod” connectivity and general on-boarding. By default, the NM2 uses the udhcpc client.
Requirement: DHCPv4 client: - working osn_dhcp.h API
DHCPv4 server
OpenSync uses the DHCP protocol for IPv4 auto-configuration of the LAN network. DHCPv4 Server also ensures the “leaf pod” connectivity. By default, the NM2 uses the dnsmasq server.
Requirement: DHCPv4 server: - working osn_dhcp.h API
IPv4 routing
OpenSync configures the default routes, and reports the current route table status. By default, the Iproute2 configures the routes and reports about their statuses. However, the NETLINK sockets detect the route table changes.
Requirement: IPv4 routing: - working osn_inet.h API
IPv4 firewall
OpenSync configures NAT, port forwarding, and firewall rules. By default, the firewall on the device should be closed for all interfaces. The NM2 uses the iptables utility for firewall configuration. The majority of iptables commands executes using the /usr/plume/bin/iptables_cmd.sh script.
Requirement: IPv4 firewall: - working /usr/plume/bin/iptables_cmd.sh script
UPnP
OpenSync supports the UPnP on compatible platforms. By default, OpenSync uses the miniupnpd daemon.
4/7 Requirement: UPnP: - working osn_upnp.h
IPv6
OpenSync configures the following IPv6 parameters:
● Static IPv6 address and prefixes ● Router advertisement
The API required for IPv6 parameter configuration is in the osn_inet6.h header file. The core repository uses a default implementation that uses the Iproute2 suite of utilities and NETLINK sockets for detecting changes in the configuration.
Requirement: IPv6: - working osn_inet6.h API
IPv6 router advertisement
OpenSync configures and enables the router advertisement services to ensure proper IPv6 provisioning on LAN interfaces.
By default, the dnsmasq daemon serves this purpose, and provides stateful and stateless IPv6 modes.
Requirement: IPv6: - working osn_inet6.h API
DHCPv6 client
OpenSync acquires IPv6 addresses on the WAN link. To acquire the IP addresses, you need either SLAAC, stateless, or stateful DHCPv6. To support all 3 options, OpenSync requires a DHCPv6 client that also supports SLAAC. Additionally, the DHCPv6 client should report the assigned delegated prefix back to the NM2.
By default, OpenSync uses the odhcp6c for DHCPv6 client and SLAAC. All DHCP options, including the delegated prefix, are written to a file after link negotiation. The NM2 reads this file and transfers these options to the OVSDB.
5/7 Requirement: IPv6: - working osn_dhcp6.h API
DHCPv6 server
OpenSync runs stateless and stateful DHCPv6 server.
By default, the dnsmasq is used in the core repository. The NM2 spawns a separate instance of the dnsmasq daemon exclusively for IPv6 handling. Therefore, you can expect two dnsmasq processes if both – IPv6 and IPv4 stacks are active. However, all IPv6 interfaces share a common dnsmasq instance.
Requirement: IPv6: - working osn_dhcp6.h API
IPv6 firewall [SOON OBSOLETE]
OpenSync executes port forwarding and firewall rules. By default, the device firewall should be closed for all interfaces. The NM2 by default uses the iptables utility for firewall configuration, where the majority of commands execute using the /usr/plume/bin/iptables_cmd.sh script.
Note: The Netfilter Manager (NFM) capable of configuring the NAT is going to replace the IPv6 firewall.
6/7