Wednesday, October 25, 2017
I would like to share a short but useful experience that I had a few days ago when I was running a project for a customer. The project consisted of installing and configuring a Synology NAS. The given NAS has some interesting capabilities such a virtualization through a QEMU engine, among others. So, I dedicated a NIC for the NAS's I/O, and the others for the I/O of the VMs. The challenge started when I was configuring the physical NICs for the VMs due to I wanted to configure those just as an ethernet-passthrough, without the presence of IP by the host (NAS). Synology DSM has a straightforward option for disabling IPv6 through the GUI. It is very intuitive, just follow the path "Control Panel -> Network -> Network Interface -> LAN X -> Edit -> IPv6 -> IPv6 setup = Off.", that is it. But, the behavior changes for IPv4. That is to say, when speaking of IPv4 on Synology DSM, it offers only two options through the GUI (getting an IPv4 by DHCP and static assignment). But, I didn’t want to set a static IPv4 address for the dedicated physical NICs for the VMs, nor getting an IP by DHCP. In addition, as expected if a NIC is placed in a VLAN without a DHCP server (DMZ, for instance), the given NIC sets an APIPA address (even when the interface is disconnected).
Refer to the following screen-shoots to get a better idea of it.
Therefore, after some researching without any positive results, I fixed this inconvenient through the following steps (DISCLAIMER: the procedure is NOT described by Synology)
My first attempt was setting up a script to flush any IPv4 address from the VM's dedicated NICs. The script was run during the NAS boot-up process. It worked, but only for a few seconds due to SDM sends a DHCP Discover every 60 secs.
ip addr flush dev ovs_eth1
ip addr flush dev ovs_eth2
ip addr flush dev ovs_eth3
Eventually, I was forced to disabling the DHCLIENT in a abrupt manner. I did it by removing the DHCLIENT “executable”.
cp /usr/sbin/dhclient /usr/sbin/dhclient-COPY && rm /usr/sbin/dhclient
In conclusion, it is working, but if somebody has a suggestion please share to improve it.