ERE-019-122-701 Opensync Requirement: Network Management

OpenSyncTM Network Management Requirements

Date: May 27, 2020 Document ID: ERE-019-122-701 Table of Contents Introduction 2

Prerequisites and requirements 2 Prerequisites 3 Prerequisite: OpenSync 1.2 or more 3 Requirements 3 Requirement: IPv4 3 Requirement: DNS 4 Requirement: DHCPv4 Client 4 Requirement: DHCPv4 Server 4 Requirement: IPv4 Routing 5 Requirement: IPv4 Firewall 5 Requirement: UPnP 5 Requirement: IPv6 5 Requirement: IPv6 Router Advertisement 6 Requirement: DHCPv6 Client 6 Requirement: DHCPv6 Server 6 IPv6 firewall [SOON OBSOLETE] 7 References

[1] ERE-020-011-301 OpenSync requirement: General.pdf

[2] https://www.opensync.io/s/OpenSync_12-fpht.pdf

[3] EUB-020-013-001 OpenSync Overview.pdf

1/7 Introduction

The OpenSync Network Manager (NM2) is responsible for managing and reporting the network configuration, and creation of interfaces. NM2 is one of the core OpenSync services – NM2 manages the device operation and guides the onboarding process.

Prerequisites

OpenSync versions

OpenSync 1.2 [2] is required for IPv4 support.

Support for IPv6 and WAN management requires OpenSync 1.4 [3].

Prerequisite: OpenSync 1.2 [2] for IPv4 support.

Prerequisite: OpenSync 1.4 [3] for IPv6 and WAN management.

Requirements

OpenSync network management requires the below listed APIs. The default backend exists in the core repository, which is targeting the generic Linux systems with a focus on the OpenWrt-like distributions. This implementation requires various external tools and utilities, which are typically present on the OpenWrt-based Linux distributions.

Component OpenSync API Default backends and external dependencies

IPv4 osn_inet.h Iproute2 utilities: ip addr / ip route NETLINK sockets

DNS osn_inet.h Libc that uses /etc/resolv.conf

DHCPv4 client osn_dhcp.h udhcpc

DHCPv4 server osn_dhcp.h dnsmasq

IPv4 route osn_inet.h Iproute 2 utilities: ip route NETLINK sockets

IPv4 firewall IPv4 firewall IPv4 firewall iptables iptables iptables

2/7 UPnP osn_upnp.h miniupnpd

IPv6 osn_inet6.h Iproute2 utilities: ip -6 addr / ip -6 route NETLINK sockets

IPv6 router osn_inet6.h dnsmasq advertisement

DHCPv6 client with osn_dhcp6.h odhcp6c SLAAC support

DHCPv6 server osn_dhcp6.h dnsmasq

IPv6 firewall [SOON / Iptables -6 OBSOLETE] to configure NAT

Table 1: OpenSync network tools and utilities

IPv4

NM2 configures IPv4 parameters:

● Static IPv4 address and netmask ● Default gateway

The API required for the IPv4 parameter configuration is in the osn_inet.h header file.

The core repository uses the default implementation of Iproute2 utilities. This is currently the de-facto standard for the majority of modern Linux distributions.

Requirement: IPv4: - working osn_inet.h API

DNS

OpenSync configures the currently used DNS server settings used by devices. The required API for this task is in the osn_inet.h header file. By default, the NM2 writes the values of the DNS servers to /etc/resolv.conf. The requirement for this is a libc implementation that can detect dynamic changes in the /etc/resolv.conf, and reload the configuration (e.g., uClibc).

3/7 Requirement: DNS: - working osn_inet.h API

DHCPv4 client

OpenSync uses the DHCP protocol for IPv4 auto-configuration. DHCPv4 client ensures “leaf pod” connectivity and general on-boarding. By default, the NM2 uses the udhcpc client.

Requirement: DHCPv4 client: - working osn_dhcp.h API

DHCPv4 server

OpenSync uses the DHCP protocol for IPv4 auto-configuration of the LAN network. DHCPv4 Server also ensures the “leaf pod” connectivity. By default, the NM2 uses the dnsmasq server.

Requirement: DHCPv4 server: - working osn_dhcp.h API

IPv4 routing

OpenSync configures the default routes, and reports the current route table status. By default, the Iproute2 configures the routes and reports about their statuses. However, the NETLINK sockets detect the route table changes.

Requirement: IPv4 routing: - working osn_inet.h API

IPv4 firewall

OpenSync configures NAT, port forwarding, and firewall rules. By default, the firewall on the device should be closed for all interfaces. The NM2 uses the iptables utility for firewall configuration. The majority of iptables commands executes using the /usr/plume/bin/iptables_cmd.sh script.

Requirement: IPv4 firewall: - working /usr/plume/bin/iptables_cmd.sh script

UPnP

OpenSync supports the UPnP on compatible platforms. By default, OpenSync uses the miniupnpd daemon.

4/7 Requirement: UPnP: - working osn_upnp.h

IPv6

OpenSync configures the following IPv6 parameters:

● Static IPv6 address and prefixes ● Router advertisement

The API required for IPv6 parameter configuration is in the osn_inet6.h header file. The core repository uses a default implementation that uses the Iproute2 suite of utilities and NETLINK sockets for detecting changes in the configuration.

Requirement: IPv6: - working osn_inet6.h API

IPv6 router advertisement

OpenSync configures and enables the router advertisement services to ensure proper IPv6 provisioning on LAN interfaces.

By default, the dnsmasq daemon serves this purpose, and provides stateful and stateless IPv6 modes.

Requirement: IPv6: - working osn_inet6.h API

DHCPv6 client

OpenSync acquires IPv6 addresses on the WAN link. To acquire the IP addresses, you need either SLAAC, stateless, or stateful DHCPv6. To support all 3 options, OpenSync requires a DHCPv6 client that also supports SLAAC. Additionally, the DHCPv6 client should report the assigned delegated prefix back to the NM2.

By default, OpenSync uses the odhcp6c for DHCPv6 client and SLAAC. All DHCP options, including the delegated prefix, are written to a file after link negotiation. The NM2 reads this file and transfers these options to the OVSDB.

5/7 Requirement: IPv6: - working osn_dhcp6.h API

DHCPv6 server

OpenSync runs stateless and stateful DHCPv6 server.

By default, the dnsmasq is used in the core repository. The NM2 spawns a separate instance of the dnsmasq daemon exclusively for IPv6 handling. Therefore, you can expect two dnsmasq processes if both – IPv6 and IPv4 stacks are active. However, all IPv6 interfaces share a common dnsmasq instance.

Requirement: IPv6: - working osn_dhcp6.h API

IPv6 firewall [SOON OBSOLETE]

OpenSync executes port forwarding and firewall rules. By default, the device firewall should be closed for all interfaces. The NM2 by default uses the iptables utility for firewall configuration, where the majority of commands execute using the /usr/plume/bin/iptables_cmd.sh script.

Note: The Netfilter Manager (NFM) capable of configuring the NAT is going to replace the IPv6 firewall.

6/7