[pve-devel] [PATCH manager/network 0/3] add IPv6 SLAAC for vnets in evpn zones

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH manager/network 0/3] add IPv6 SLAAC for vnets in evpn zones
@ 2026-01-14 14:52 Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support for vnets in an evpn zone Hannes Laimer
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-14 14:52 UTC (permalink / raw)
  To: pve-devel

FRR natively supports sending RAs, if configured to do so, dnsmasq also
doesn't seem to correctly send RAs in a VRF context. Both DHCPv4 and v6
worked fine when running on a VNet, but RAs just wouldn't be send
correctly. From a quick look it may have to the with dnsmasq not using
the link-local address of the interface, or not sending it if the
interface also has another address attached. [1][2] I did try building
it myself with some changes, but could not get the RA packets to "hit
the wire", they never showed up in tcpdump. So either they were not sent
or the kernel dropped them cause they didn't have a ll source address.
Regardless, these are the two reasons why I went with using FRR directly
rather than using dnsmasq like we aleardy do for DHCPv4.

This series adds a `ipv6-nd-prefix`-option for vnets that is than used by
client on the vnet to perform SLAAC. Without a prefix specified, SLAAC
is not enabled.

[1] https://thekelleys.org.uk/gitweb1/?p=dnsmasq.git;a=blob;f=src/radv.c;h=aaf6b71e27ba392d7517c68fa90f251eccbf4641;hb=d8f66f4fda02ca50616f428d9c161c8ca1a0cb70#l308
[2] https://thekelleys.org.uk/gitweb1/?p=dnsmasq.git;a=blob;f=src/dhcp6.c;h=482caf7dd492849f5a454316d86e759677c0072a;hb=d8f66f4fda02ca50616f428d9c161c8ca1a0cb70#l138

pve-network:

Hannes Laimer (2):
  evpn: add ipv6 slaac support for vnets in an evpn zone
  evpn: add test for vnets with a `ipv6-nd-prefix` set

 src/PVE/API2/Network/SDN/Vnets.pm             |  7 +++
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 15 ++++++
 src/PVE/Network/SDN/VnetPlugin.pm             |  8 +++
 .../expected_controller_config                | 49 +++++++++++++++++++
 .../ipv6_slaacprefix/expected_sdn_interfaces  | 42 ++++++++++++++++
 .../zones/evpn/ipv6_slaacprefix/interfaces    |  7 +++
 .../zones/evpn/ipv6_slaacprefix/sdn_config    | 39 +++++++++++++++
 7 files changed, 167 insertions(+)
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/expected_controller_config
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/expected_sdn_interfaces
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/interfaces
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/sdn_config


pve-manager:

Hannes Laimer (1):
  ui: sdn: add `ipv6-nd-prefix` field to vnet form

 www/manager6/sdn/VnetEdit.js | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)


Summary over all repositories:
  8 files changed, 188 insertions(+), 0 deletions(-)

-- 
Generated by git-murpp 0.8.1


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support for vnets in an evpn zone
  2026-01-14 14:52 [pve-devel] [PATCH manager/network 0/3] add IPv6 SLAAC for vnets in evpn zones Hannes Laimer
@ 2026-01-14 14:52 ` Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 2/2] evpn: add test for vnets with a `ipv6-nd-prefix` set Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-manager 1/1] ui: sdn: add `ipv6-nd-prefix` field to vnet form Hannes Laimer
  2 siblings, 0 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-14 14:52 UTC (permalink / raw)
  To: pve-devel

With this we allow to configure a `ipv6-nd-prefix` for vnets in a evpn
zone. If set, RAs with this prefix will be sent regularly so clients on
the vnet can perform SLAAC. Currently we don't set any of the available
(in RFC5175 specified) flags.

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 src/PVE/API2/Network/SDN/Vnets.pm             |  7 +++++++
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 15 +++++++++++++++
 src/PVE/Network/SDN/VnetPlugin.pm             |  8 ++++++++
 3 files changed, 30 insertions(+)

diff --git a/src/PVE/API2/Network/SDN/Vnets.pm b/src/PVE/API2/Network/SDN/Vnets.pm
index b8faeac..c767d55 100644
--- a/src/PVE/API2/Network/SDN/Vnets.pm
+++ b/src/PVE/API2/Network/SDN/Vnets.pm
@@ -82,6 +82,13 @@ my $VNET_PROPERTIES = {
         maxLength => 256,
         optional => 1,
     },
+    'ipv6-nd-prefix' => {
+        type => 'string',
+        format => 'CIDR',
+        description =>
+            'IPv6 prefix to announce via Router Advertisements (SLAAC) on this VNet (EVPN).',
+        optional => 1,
+    },
     'isolate-ports' => {
         type => 'boolean',
         description =>
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index e53000a..7db620b 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -447,6 +447,21 @@ sub generate_zone_frr_config {
 sub generate_vnet_frr_config {
     my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_;
 
+    # SLAAC EVPN VNet
+    my $nd_prefix = $plugin_config->{'ipv6-nd-prefix'};
+    if (defined($nd_prefix) && length($nd_prefix)) {
+        my ($net) = split(/\//, $nd_prefix);
+        $nd_prefix = undef if !Net::IP::ip_is_ipv6($net);
+    } else {
+        $nd_prefix = undef;
+    }
+
+    if ($nd_prefix) {
+        my $iface_rules = ($config->{frr_interfaces}->{$vnetid} //= []);
+        push @$iface_rules, "ipv6 nd prefix $nd_prefix";
+        push @$iface_rules, "no ipv6 nd suppress-ra";
+    }
+
     my $exitnodes = $zone->{'exitnodes'};
     my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'};
 
diff --git a/src/PVE/Network/SDN/VnetPlugin.pm b/src/PVE/Network/SDN/VnetPlugin.pm
index 717438c..3505f6e 100644
--- a/src/PVE/Network/SDN/VnetPlugin.pm
+++ b/src/PVE/Network/SDN/VnetPlugin.pm
@@ -62,6 +62,13 @@ sub properties {
             type => 'string',
             description => 'Name of the zone this VNet belongs to.',
         },
+        'ipv6-nd-prefix' => {
+            type => 'string',
+            format => 'CIDR',
+            description =>
+                'IPv6 prefix to announce via Router Advertisements (SLAAC) on this VNet (EVPN).',
+            optional => 1,
+        },
         type => {
             type => 'string',
             enum => ['vnet'],
@@ -104,6 +111,7 @@ sub options {
         alias => { optional => 1 },
         vlanaware => { optional => 1 },
         'isolate-ports' => { optional => 1 },
+        'ipv6-nd-prefix' => { optional => 1 },
     };
 }
 
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH pve-network 2/2] evpn: add test for vnets with a `ipv6-nd-prefix` set
  2026-01-14 14:52 [pve-devel] [PATCH manager/network 0/3] add IPv6 SLAAC for vnets in evpn zones Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support for vnets in an evpn zone Hannes Laimer
@ 2026-01-14 14:52 ` Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-manager 1/1] ui: sdn: add `ipv6-nd-prefix` field to vnet form Hannes Laimer
  2 siblings, 0 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-14 14:52 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 .../expected_controller_config                | 49 +++++++++++++++++++
 .../ipv6_slaacprefix/expected_sdn_interfaces  | 42 ++++++++++++++++
 .../zones/evpn/ipv6_slaacprefix/interfaces    |  7 +++
 .../zones/evpn/ipv6_slaacprefix/sdn_config    | 39 +++++++++++++++
 4 files changed, 137 insertions(+)
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/expected_controller_config
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/expected_sdn_interfaces
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/interfaces
 create mode 100644 src/test/zones/evpn/ipv6_slaacprefix/sdn_config

diff --git a/src/test/zones/evpn/ipv6_slaacprefix/expected_controller_config b/src/test/zones/evpn/ipv6_slaacprefix/expected_controller_config
new file mode 100644
index 0000000..8936e36
--- /dev/null
+++ b/src/test/zones/evpn/ipv6_slaacprefix/expected_controller_config
@@ -0,0 +1,49 @@
+frr version 10.4.1
+frr defaults datacenter
+hostname localhost
+log syslog informational
+service integrated-vtysh-config
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+interface myvnet
+ ipv6 nd prefix 2001:db8:1234::/64
+ no ipv6 nd suppress-ra
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp hard-administrative-reset
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ no bgp graceful-restart notification
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+  neighbor VTEP activate
+  neighbor VTEP route-map MAP_VTEP_IN in
+  neighbor VTEP route-map MAP_VTEP_OUT out
+  advertise-all-vni
+ exit-address-family
+exit
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
+ no bgp hard-administrative-reset
+ no bgp graceful-restart notification
+exit
+!
+route-map MAP_VTEP_IN permit 1
+exit
+!
+route-map MAP_VTEP_OUT permit 1
+exit
+!
+line vty
+!
\ No newline at end of file
diff --git a/src/test/zones/evpn/ipv6_slaacprefix/expected_sdn_interfaces b/src/test/zones/evpn/ipv6_slaacprefix/expected_sdn_interfaces
new file mode 100644
index 0000000..b2bdbfe
--- /dev/null
+++ b/src/test/zones/evpn/ipv6_slaacprefix/expected_sdn_interfaces
@@ -0,0 +1,42 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 2a08:2142:302:3::1/64
+	hwaddress A2:1D:CB:1A:C0:8B
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	ip6-forward on
+	arp-accept on
+	vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+	vrf-table auto
+	post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+	bridge-ports vrfvx_myzone
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+	vxlan-id 1000
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
diff --git a/src/test/zones/evpn/ipv6_slaacprefix/interfaces b/src/test/zones/evpn/ipv6_slaacprefix/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/evpn/ipv6_slaacprefix/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
diff --git a/src/test/zones/evpn/ipv6_slaacprefix/sdn_config b/src/test/zones/evpn/ipv6_slaacprefix/sdn_config
new file mode 100644
index 0000000..410c88a
--- /dev/null
+++ b/src/test/zones/evpn/ipv6_slaacprefix/sdn_config
@@ -0,0 +1,39 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => {
+                            tag => "100",
+                            type => "vnet",
+                            zone => "myzone",
+                            'ipv6-nd-prefix' => '2001:db8:1234::/64',
+                        },
+                      },
+             },
+
+  zones   => {
+               ids => {
+                   myzone => {
+                       ipam => "pve",
+                       type => "evpn",
+                       controller => "evpnctl",
+                       'vrf-vxlan' => 1000,
+                       'mac' => 'A2:1D:CB:1A:C0:8B'
+                   }
+               },
+             },
+  controllers  => {
+               ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+             },
+
+  subnets => {
+              ids => {
+		        'myzone-2a08:2142:302:3::-64' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '2a08:2142:302:3::1',
+						  }
+		     }
+	     }
+}
+
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH pve-manager 1/1] ui: sdn: add `ipv6-nd-prefix` field to vnet form
  2026-01-14 14:52 [pve-devel] [PATCH manager/network 0/3] add IPv6 SLAAC for vnets in evpn zones Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support for vnets in an evpn zone Hannes Laimer
  2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 2/2] evpn: add test for vnets with a `ipv6-nd-prefix` set Hannes Laimer
@ 2026-01-14 14:52 ` Hannes Laimer
  2 siblings, 0 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-14 14:52 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 www/manager6/sdn/VnetEdit.js | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/www/manager6/sdn/VnetEdit.js b/www/manager6/sdn/VnetEdit.js
index 34e382c7..05ba879b 100644
--- a/www/manager6/sdn/VnetEdit.js
+++ b/www/manager6/sdn/VnetEdit.js
@@ -83,6 +83,19 @@ Ext.define('PVE.sdn.VnetInputPanel', {
                 deleteEmpty: '{!isCreate}',
             },
         },
+        {
+            xtype: 'proxmoxtextfield',
+            itemId: 'sdnVnetIpv6NdPrefixField',
+            name: 'ipv6-nd-prefix',
+            fieldLabel: gettext('SLAAC Prefix'),
+            emptyText: gettext('disabled'),
+            allowBlank: true,
+            skipEmptyText: true,
+            vtype: 'IP6CIDRAddress',
+            cbind: {
+                deleteEmpty: '{!isCreate}',
+            },
+        },
         {
             xtype: 'proxmoxcheckbox',
             itemId: 'sdnVnetVlanAwareField',
@@ -114,6 +127,14 @@ Ext.define('PVE.sdn.VnetInputPanel', {
         } else {
             vlanField.setVisible(true);
         }
+
+        let ndPrefixField = me.down('#sdnVnetIpv6NdPrefixField');
+        if (!zoneType || zoneType !== 'evpn') {
+            ndPrefixField.setVisible(false);
+            ndPrefixField.setValue('');
+        } else {
+            ndPrefixField.setVisible(true);
+        }
     },
 });
 
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-01-14 14:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-14 14:52 [pve-devel] [PATCH manager/network 0/3] add IPv6 SLAAC for vnets in evpn zones Hannes Laimer
2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support for vnets in an evpn zone Hannes Laimer
2026-01-14 14:52 ` [pve-devel] [PATCH pve-network 2/2] evpn: add test for vnets with a `ipv6-nd-prefix` set Hannes Laimer
2026-01-14 14:52 ` [pve-devel] [PATCH pve-manager 1/1] ui: sdn: add `ipv6-nd-prefix` field to vnet form Hannes Laimer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal