networkd artifically limits IPs per link to 2048

[ianling]

Component

systemd-networkd

Is your feature request related to a problem? Please describe

https://github.com/systemd/systemd/blob/main/src/network/networkd-address.c#L25

networkd has a hard-coded limit of 2048 addresses on a link. I have a need for >2048 IPs on a link and am hitting this limit.

Describe the solution you'd like

I would like a way to override this limit.

Describe alternatives you've considered

My work around is currently to create several links and assign each of them <2048 IPs.

The systemd version you checked that didn't have the feature you are asking for

249.11 (ubuntu jammy)

[poettering]

We put limits on all resources, we really have to. But these limits should really be larger than any real-life usecase needs them.

So let me ask, how high of a limit would work for you? If so, we should probably double that and make it the new limit, until the next person complains

[yuwata]

Background:
This was implemented in #3431. But soon after that we had similar issue #3922.
#3431 was prompted by that RA spam can consume much system resources.

Problem:
If an administrator really wants to configure many addresses, routes or so, then #3431 also prohibits that. I think the restriction introduced by #3431 is too strict, and we should replace the limit for the resource consumption based on the protocol, e.g. RA and LLDP, and possibly and additionally with more generic one, e.g. memory usage through CGroup.

@poettering The basic idea about setting a resource limit is good, but I think limiting the number of static configurations is not a good way. WDYT?

[ianling]

I need to put a /20, so about 4096 IPs. 8192 would work and allow me to have a management IP as well.

I also don't see any reason why this limit is hard-coded and not exposed to the administrator. I understand the need for a limit, and 99% of users will never hit this limit, but in the event that someone does hit the limit, they should be able to modify it without having to recompile systemd.

[poettering]

@poettering The basic idea about setting a resource limit is good, but I think limiting the number of static configurations is not a good way. WDYT?

I am in the camp that we really should put limits on most resources, but high enough so that they don#t catch valid uses, but only runaway uses.

[tchwpkgorg]

I'm unable to set the number of IPs to more than 1024 per interface - so hitting the next line:

https://github.com/systemd/systemd/blob/main/src/network/networkd-address.c#L26

# grep -c Address /run/systemd/network/10-netplan-eth0.network 
3533

# systemctl restart systemd-networkd
# systemctl status systemd-networkd
● systemd-networkd.service - Network Configuration
     Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
    Drop-In: /run/systemd/system/service.d
             └─zzz-lxc-service.conf
     Active: active (running) since Mon 2022-10-17 08:51:42 UTC; 1s ago
TriggeredBy: ● systemd-networkd.socket
       Docs: man:systemd-networkd.service(8)
   Main PID: 726 (systemd-network)
     Status: "Processing requests..."
      Tasks: 1 (limit: 38061)
     Memory: 3.6M
        CPU: 337ms
     CGroup: /system.slice/systemd-networkd.service
             └─726 /lib/systemd/systemd-networkd

Oct 17 08:51:42 ktone systemd-networkd[726]: /run/systemd/network/10-netplan-eth0.network:3535: Failed to allocate new address, ignoring assignment: Argument list too long
Oct 17 08:51:42 ktone systemd-networkd[726]: /run/systemd/network/10-netplan-eth0.network:3536: Failed to allocate new address, ignoring assignment: Argument list too long
Oct 17 08:51:42 ktone systemd-networkd[726]: /run/systemd/network/10-netplan-eth0.network:3537: Failed to allocate new address, ignoring assignment: Argument list too long

# ip addr|grep -c inet
1027

# grep -c "Argument list too long" /var/log/syslog
2232

What's more worrying, it sets these IPs up silently - i.e. the service starts, only adds 1024 IPs, exits with no apparent error, and the rest of IPs are simply missing.
We found out in a rather unpleasant way when trying to migrate from an old system (using /etc/network/interfaces) to a new one.

[ianling]

@tchwpkgorg -- in the meantime, one workaround is setting up bridge interfaces in netplan and assigning the IPs to the bridge interfaces. Kludgy, but it worked for my use case.

[tchwpkgorg]

@ianling I'm using netplan, it supports a different backend/renderer than systemd-networkd - NetworkManager. I've used it as a workaround, works well: https://bugs.launchpad.net/netplan/+bug/1993105

[samikroon]

Any progress on this? We're trying to add 1500+ IPs to a bond interface, which fails with the Argument list too long error as well...