From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 700E71FF13A for ; Wed, 13 May 2026 20:44:24 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 43C931A88A; Wed, 13 May 2026 20:44:24 +0200 (CEST) Message-ID: <176777cf-52fd-4628-afca-1abc4fecaece@proxmox.com> Date: Wed, 13 May 2026 20:43:35 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: superseded: [PATCH pve-network] sdn: evpn: support eBGP VTEPs over BGP fabric underlays To: pve-devel@lists.proxmox.com References: <20260512155024.311919-1-h.laimer@proxmox.com> From: Hannes Laimer Content-Language: en-US In-Reply-To: <20260512155024.311919-1-h.laimer@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778697812326 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.919 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_MAILER 2 Automated Mailer Tag Left in Email SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: KF2HZFHO7IYFA5H4RF5JOTEFGZENXANE X-Message-ID-Hash: KF2HZFHO7IYFA5H4RF5JOTEFGZENXANE X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: superseded: https://lore.proxmox.com/pve-devel/20260513184213.506775-1-h.laimer@proxmox.com/T/#t On 2026-05-12 17:49, Hannes Laimer wrote: > When the EVPN underlay is a BGP fabric, every node already has a unique > per-node ASN for eBGP unnumbered peering. Reuse that ASN for the EVPN > overlay too when the user picks bgp-mode=external, so VTEP sessions > naturally form as eBGP between different ASNs without needing a separate > overlay-ASN scheme. The existing local-as plumbing handles the resulting > mismatch with the router's main ASN. > > The EVPN controller's own ASN is still used for autoderived route-target > values, keeping route-targets consistent across the fabric even though > each VTEP advertises under its own per-node ASN. > > Signed-off-by: Hannes Laimer > --- > this should have been part of [1], but since I forgot to include it, > sending it as a follow-up. For this+the main bgp-fabric series > pre-built packages are available on sani. should make testing a little > easier :P > > [1] https://lore.proxmox.com/pve-devel/20260512141305.199664-1-h.laimer@proxmox.com/T/#t > > src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 +++++++++++++++++-- > 1 file changed, 24 insertions(+), 2 deletions(-) > > diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm > index 3264cf5..4c7fb46 100644 > --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm > +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm > @@ -114,6 +114,7 @@ sub generate_frr_config { > my $ifaceip = undef; > my $routerid = undef; > my $bgp_mode = $plugin_config->{'bgp-mode'} // 'legacy'; > + my $use_per_node_asn = 0; > > my $bgp_controller = find_bgp_controller($local_node, $controller_cfg); > my $isis_controller = find_isis_controller($local_node, $controller_cfg); > @@ -152,6 +153,21 @@ sub generate_frr_config { > $ifaceip = $current_node->{ip}; > $routerid = $current_node->{ip}; > > + if ($fabric->{protocol} eq 'bgp' && $bgp_mode eq 'external') { > + if (!$current_node->{asn}) { > + log_warn( > + "Node $local_node has no ASN in BGP fabric $fabric->{id};" > + . " cannot configure eBGP VTEPs for EVPN controller" > + . " $plugin_config->{id}" > + ); > + return; > + } > + $asn = int($current_node->{asn}); > + $ebgp = 1; > + $autortas = $plugin_config->{asn}; > + $use_per_node_asn = 1; > + } > + > } elsif ($plugin_config->{'peers'}) { > @peers = PVE::Tools::split_list($plugin_config->{'peers'}); > > @@ -211,8 +227,14 @@ sub generate_frr_config { > if ($bgp_mode eq 'legacy') { > $neighbor_group->{ebgp_multihop} = 10 if $ebgp && $loopback; > } elsif ($bgp_mode eq 'external') { > - $neighbor_group->{ebgp_multihop} = int($plugin_config->{'ebgp-multihop'}) > - if $ebgp && $plugin_config->{'ebgp-multihop'}; > + if ($ebgp && $plugin_config->{'ebgp-multihop'}) { > + $neighbor_group->{ebgp_multihop} = int($plugin_config->{'ebgp-multihop'}); > + } elsif ($use_per_node_asn) { > + # eBGP VTEPs over a BGP fabric reach each peer via the per-node > + # fabric loopback. The peers are not directly connected, so the > + # session needs multihop to form. > + $neighbor_group->{ebgp_multihop} = 10; > + } > } > > if ($asn != int($bgp_router->{asn})) {