From 8bc19725baa677ee8e1ff1d0a1c6ab66cdfbcf35 Mon Sep 17 00:00:00 2001
From: Alex Vanin <a.vanin@yadro.com>
Date: Tue, 22 Oct 2024 16:16:45 +0300
Subject: [PATCH] [#521] Add documentation for multinet settings

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
---
 CHANGELOG.md          |  1 +
 config/config.env     | 13 +++++++++++++
 config/config.yaml    | 17 +++++++++++++++++
 docs/configuration.md | 40 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fddb16d0..190fe95a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ This document outlines major changes between releases.
 - Support patch object method (#479)
 - Add `sign` command to `frostfs-s3-authmate` (#467)
 - Support custom aws credentials (#509)
+- Multinet dial support (#521)
 
 ### Changed
 - Update go version to go1.19 (#470)
diff --git a/config/config.env b/config/config.env
index 510dcd2e..3709bab2 100644
--- a/config/config.env
+++ b/config/config.env
@@ -246,3 +246,16 @@ S3_GW_RETRY_STRATEGY=exponential
 # Containers properties
 S3_GW_CONTAINERS_CORS=AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj
 S3_GW_CONTAINERS_LIFECYCLE=AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj
+
+# Multinet properties
+# Enable multinet support
+S3_GW_MULTINET_ENABLED=false
+# Strategy to pick source IP address
+S3_GW_MULTINET_BALANCER=roundrobin
+# Restrict requests with unknown destination subnet
+S3_GW_MULTINET_RESTRICT=false
+# Delay between ipv6 to ipv4 fallback switch
+S3_GW_MULTINET_FALLBACK_DELAY=300ms
+# List of subnets and IP addresses to use as source for those subnets
+S3_GW_MULTINET_SUBNETS_1_MASK=1.2.3.4/24
+S3_GW_MULTINET_SUBNETS_1_SOURCE_IPS=1.2.3.4 1.2.3.5
diff --git a/config/config.yaml b/config/config.yaml
index c3dccacd..1da14fc7 100644
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -289,3 +289,20 @@ retry:
 containers:
   cors: AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj
   lifecycle: AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj
+
+# Multinet properties
+multinet:
+  # Enable multinet support
+  enabled: false
+  # Strategy to pick source IP address
+  balancer: roundrobin
+  # Restrict requests with unknown destination subnet
+  restrict: false
+  # Delay between ipv6 to ipv4 fallback switch
+  fallback_delay: 300ms
+  # List of subnets and IP addresses to use as source for those subnets
+  subnets:
+    - mask: 1.2.3.4/24
+      source_ips:
+        - 1.2.3.4
+        - 1.2.3.5
diff --git a/docs/configuration.md b/docs/configuration.md
index 6ff92e72..089403f3 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -195,6 +195,7 @@ There are some custom types used for brevity:
 | `retry`            | [Retry configuration](#retry-section)                          |
 | `containers`       | [Containers configuration](#containers-section)                |
 | `vhs`              | [VHS configuration](#vhs-section)                              |
+| `multinet`         | [Multinet configuration](#multinet-section)                    |
 
 ### General section
 
@@ -790,3 +791,42 @@ vhs:
 | `vhs_header`        | `string`          | yes           | `X-Frostfs-S3-VHS`     | Header for determining whether VHS is enabled for the request.                                                                                                                                            |
 | `servername_header` | `string`          | yes           | `X-Frostfs-Servername` | Header for determining servername.                                                                                                                                                                        |
 | `namespaces`        | `map[string]bool` | yes           |                        | A map in which the keys are the name of the namespace, and the values are the flag responsible for enabling VHS for the specified namespace. Overrides global 'enabled' setting even when it is disabled. |
+
+# `multinet` section
+
+Configuration of multinet support.
+
+```yaml
+multinet:
+   enabled: false
+   balancer: roundrobin
+   restrict: false
+   fallback_delay: 300ms
+   subnets:
+      - mask: 1.2.3.4/24
+        source_ips:
+           - 1.2.3.4
+           - 1.2.3.5
+```
+
+| Parameter        | Type                           | SIGHUP reload | Default value | Description                                                                                |
+|------------------|--------------------------------|---------------|---------------|--------------------------------------------------------------------------------------------|
+| `enabled`        | `bool`                         | yes           | `false`       | Enables multinet setting to manage source ip of outcoming requests.                        |
+| `balancer`       | `string`                       | yes           | `""`          | Strategy to pick source IP. By default picks first address. Supports `roundrobin` setting. |
+| `restrict`       | `bool`                         | yes           | `false`       | Restricts requests to an undefined subnets.                                                |
+| `fallback_delay` | `duration`                     | yes           | `300ms`       | Delay between IPv6 and IPv4 fallback stack switch.                                         |
+| `subnets`        | [[]Subnet](#subnet-subsection) | yes           |               | Set of subnets to apply multinet dial settings.                                            |
+
+#### `subnet` subsection
+
+```yaml
+- mask: 1.2.3.4/24
+  source_ips:
+    - 1.2.3.4
+    - 1.2.3.5
+```
+
+| Parameter    | Type       | SIGHUP reload | Default value | Description                                                          |
+|--------------|------------|---------------|---------------|----------------------------------------------------------------------|
+| `mask`       | `string`   | yes           |               | Destination subnet.                                                  |
+| `source_ips` | `[]string` | yes           |               | Array of source IP addresses to use when dialing destination subnet. |