Tracking issue for operator control over IP Pools reserved for Oxide services #8945
Description
Today, we have exactly two IP Pools reserved for Oxide services, one for IPv4 and one for IPv6. These are identified by well-known names. Operators can add ranges to the pools today only at RSS time, in the configuration file uploaded to wicket. These ranges are pushed added to these internal pools, and while we have APIs for viewing the pools and listing the ranges, there's no control over them.
This issue tracks expanding this control in a number of important ways. Rather than providing ranges to fixed, builtin pools, operators need the ability to mark existing IP Pools as reserved for Oxide's use. IP Pools are intended to map to the notion of reachability, e.g., one pool contains addresses reachable from a corporate VPN, while another might have addresses reachable from the Internet. An API where operators mark pools this way let's them control which networks the public services on the rack are a part of.
I'll make subissues to track the individual pieces of work.