From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id B9EDA1FF13F
	for <inbox@lore.proxmox.com>; Wed, 14 Jan 2026 15:53:05 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 8A7FE158CC;
	Wed, 14 Jan 2026 15:53:03 +0100 (CET)
From: Hannes Laimer <h.laimer@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 14 Jan 2026 15:52:55 +0100
Message-ID: <20260114145257.47587-2-h.laimer@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260114145257.47587-1-h.laimer@proxmox.com>
References: <20260114145257.47587-1-h.laimer@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1768402335404
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.057 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support
 for vnets in an evpn zone
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

With this we allow to configure a `ipv6-nd-prefix` for vnets in a evpn
zone. If set, RAs with this prefix will be sent regularly so clients on
the vnet can perform SLAAC. Currently we don't set any of the available
(in RFC5175 specified) flags.

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 src/PVE/API2/Network/SDN/Vnets.pm             |  7 +++++++
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 15 +++++++++++++++
 src/PVE/Network/SDN/VnetPlugin.pm             |  8 ++++++++
 3 files changed, 30 insertions(+)

diff --git a/src/PVE/API2/Network/SDN/Vnets.pm b/src/PVE/API2/Network/SDN/Vnets.pm
index b8faeac..c767d55 100644
--- a/src/PVE/API2/Network/SDN/Vnets.pm
+++ b/src/PVE/API2/Network/SDN/Vnets.pm
@@ -82,6 +82,13 @@ my $VNET_PROPERTIES = {
         maxLength => 256,
         optional => 1,
     },
+    'ipv6-nd-prefix' => {
+        type => 'string',
+        format => 'CIDR',
+        description =>
+            'IPv6 prefix to announce via Router Advertisements (SLAAC) on this VNet (EVPN).',
+        optional => 1,
+    },
     'isolate-ports' => {
         type => 'boolean',
         description =>
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index e53000a..7db620b 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -447,6 +447,21 @@ sub generate_zone_frr_config {
 sub generate_vnet_frr_config {
     my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_;
 
+    # SLAAC EVPN VNet
+    my $nd_prefix = $plugin_config->{'ipv6-nd-prefix'};
+    if (defined($nd_prefix) && length($nd_prefix)) {
+        my ($net) = split(/\//, $nd_prefix);
+        $nd_prefix = undef if !Net::IP::ip_is_ipv6($net);
+    } else {
+        $nd_prefix = undef;
+    }
+
+    if ($nd_prefix) {
+        my $iface_rules = ($config->{frr_interfaces}->{$vnetid} //= []);
+        push @$iface_rules, "ipv6 nd prefix $nd_prefix";
+        push @$iface_rules, "no ipv6 nd suppress-ra";
+    }
+
     my $exitnodes = $zone->{'exitnodes'};
     my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'};
 
diff --git a/src/PVE/Network/SDN/VnetPlugin.pm b/src/PVE/Network/SDN/VnetPlugin.pm
index 717438c..3505f6e 100644
--- a/src/PVE/Network/SDN/VnetPlugin.pm
+++ b/src/PVE/Network/SDN/VnetPlugin.pm
@@ -62,6 +62,13 @@ sub properties {
             type => 'string',
             description => 'Name of the zone this VNet belongs to.',
         },
+        'ipv6-nd-prefix' => {
+            type => 'string',
+            format => 'CIDR',
+            description =>
+                'IPv6 prefix to announce via Router Advertisements (SLAAC) on this VNet (EVPN).',
+            optional => 1,
+        },
         type => {
             type => 'string',
             enum => ['vnet'],
@@ -104,6 +111,7 @@ sub options {
         alias => { optional => 1 },
         vlanaware => { optional => 1 },
         'isolate-ports' => { optional => 1 },
+        'ipv6-nd-prefix' => { optional => 1 },
     };
 }
 
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel