From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 511F01FF13A for ; Wed, 01 Apr 2026 16:42:17 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 212CB31F68; Wed, 1 Apr 2026 16:40:57 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH pve-network v2 27/34] evpn controller: add route_map_{in,out} parameter Date: Wed, 1 Apr 2026 16:39:36 +0200 Message-ID: <20260401143957.386809-28-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260401143957.386809-1-s.hanreich@proxmox.com> References: <20260401143957.386809-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775054349653 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.706 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: N7FMXAZLU67VGLKCEIQMOR5NRQNDCRBV X-Message-ID-Hash: N7FMXAZLU67VGLKCEIQMOR5NRQNDCRBV X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This parameter allows extending the default MAP_VTEP_{IN,OUT} route maps by specifying a custom route map configured in route-maps.cfg. This can be used for filtering incoming and outgoing routes, e.g. for only advertising type-5 routes to external peers or only allow importing routes with specific route targets. The old default route maps are kept around in order to support the exit nodes directive of the EVPN zone. They're still used for filtering the default routes from other exit nodes and for setting the metric of non-primary default routes. If a route map override is configured, an additional call action gets inserted into the auto-generated route map that jumps into the user-supplied route map, after the entries handling the default routes are created. Signed-off-by: Stefan Hanreich --- src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 18 ++++++++++++++---- src/PVE/Network/SDN/Controllers/Plugin.pm | 14 ++++++++++++++ 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm index 3e643b1..055a75f 100644 --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -45,6 +45,8 @@ sub options { 'asn' => { optional => 0 }, 'peers' => { optional => 1 }, 'fabric' => { optional => 1 }, + 'route-map-in' => { optional => 1 }, + 'route-map-out' => { optional => 1 }, }; } @@ -165,11 +167,19 @@ sub generate_frr_config { $bgp_router->{address_families}->{l2vpn_evpn}->{autort_as} = $autortas if $autortas; - my $routemap_in = { seq => 1, action => "permit" }; - my $routemap_out = { seq => 1, action => "permit" }; + if (!$config->{frr}->{routemaps}->{'MAP_VTEP_IN'}) { + my $entry = { seq => 1, action => "permit" }; + $entry->{call} = $plugin_config->{'route-map-in'} if $plugin_config->{'route-map-in'}; - push($config->{frr}->{routemaps}->{'MAP_VTEP_IN'}->@*, $routemap_in); - push($config->{frr}->{routemaps}->{'MAP_VTEP_OUT'}->@*, $routemap_out); + push($config->{frr}->{routemaps}->{'MAP_VTEP_IN'}->@*, $entry); + } + + if (!$config->{frr}->{routemaps}->{'MAP_VTEP_OUT'}) { + my $entry = { seq => 1, action => "permit" }; + $entry->{call} = $plugin_config->{'route-map-out'} if $plugin_config->{'route-map-out'}; + + push($config->{frr}->{routemaps}->{'MAP_VTEP_OUT'}->@*, $entry); + } return $config; } diff --git a/src/PVE/Network/SDN/Controllers/Plugin.pm b/src/PVE/Network/SDN/Controllers/Plugin.pm index d70e518..5f9f1ef 100644 --- a/src/PVE/Network/SDN/Controllers/Plugin.pm +++ b/src/PVE/Network/SDN/Controllers/Plugin.pm @@ -7,6 +7,8 @@ use PVE::Tools; use PVE::JSONSchema; use PVE::Cluster; +use PVE::Network::SDN::RouteMaps; + use PVE::JSONSchema qw(get_standard_option); use base qw(PVE::SectionConfig); @@ -51,6 +53,18 @@ my $defaultData = { 'pve-sdn-controller-id', { completion => \&PVE::Network::SDN::complete_sdn_controller }, ), + 'route-map-in' => { + description => "Route Map that should be applied for incoming routes", + type => 'string', + format => 'pve-sdn-route-map-id', + optional => 1, + }, + 'route-map-out' => { + description => "Route Map that should be applied for outgoing routes", + type => 'string', + format => 'pve-sdn-route-map-id', + optional => 1, + }, }, }; -- 2.47.3