From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id BDC531FF18C
	for <inbox@lore.proxmox.com>; Tue, 14 Apr 2026 18:33:54 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 012D01F0C3;
	Tue, 14 Apr 2026 18:33:33 +0200 (CEST)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network 05/16] evpn controller: make nodes configurable
Date: Tue, 14 Apr 2026 18:33:02 +0200
Message-ID: <20260414163315.419384-6-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260414163315.419384-1-s.hanreich@proxmox.com>
References: <20260414163315.419384-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1776184326460
X-SPAM-LEVEL: Spam detection results:  0
	AWL                     0.695 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: WYH6FPHN4P2UJP2NM3MYL2M2JUDZ7PBH
X-Message-ID-Hash: WYH6FPHN4P2UJP2NM3MYL2M2JUDZ7PBH
X-MailFrom: s.hanreich@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

This patch allows restricting an EVPN controller only to specific
nodes in the cluster - similar to the BGP controller. This feature on
its own doesn't add a lot, but is very handy together with other
improvements to the EVPN controller that are implemented in subsequent
patches. Subsequent patches add the ability to define multiple EVPN
controllers, apply route maps to EVPN controllers as well as defining
the type of BGP sessions (all added in separate patches). Together
with this patch, this allows for setting up more complex EVPN setups,
e.g.:

Having an additional EVPN controller on the exit nodes that
communicates with an external EVPN BGP speaker. This allows for
utilizing iBGP internally, but eBGP externally - and only on the exit
nodes. With the addition of route maps, this could be used to
advertise type 2 routes internally, but only type-5 routes externally.

In setups with multiple racks, where the top-of-rack switches act as
route reflectors for the racks, this can be used to define EVPN
peering sessions for each rack independently.

It also allows for the specfic nodes to act as route servers for the
entire cluster that aggregate, modify and re-advertise routes to the
uplink without sitting in the datapath itself. Previously this
required an external route server that handles this outside of the
Promox VE SDN stack. In the future it is planned to implement
configuring EVPN controllers to act as route reflectors, which would
make this setup even better, by adding the ability to scale better for
large clusters.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/API2/Network/SDN/Controllers.pm       | 1 +
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/PVE/API2/Network/SDN/Controllers.pm b/src/PVE/API2/Network/SDN/Controllers.pm
index bc3ec09..8633e45 100644
--- a/src/PVE/API2/Network/SDN/Controllers.pm
+++ b/src/PVE/API2/Network/SDN/Controllers.pm
@@ -93,6 +93,7 @@ my $CONTROLLER_PROPERTIES = {
         type => 'string',
         format => 'pve-sdn-isis-net',
     },
+    nodes => get_standard_option('pve-node-list', { optional => 1 }),
 };
 
 __PACKAGE__->register_method({
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 055a75f..c13d08b 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -37,6 +37,7 @@ sub properties {
             type => 'string',
             format => 'ip-list',
         },
+        nodes => get_standard_option('pve-node-list', { optional => 1 }),
     };
 }
 
@@ -47,6 +48,7 @@ sub options {
         'fabric' => { optional => 1 },
         'route-map-in' => { optional => 1 },
         'route-map-out' => { optional => 1 },
+        'nodes' => { optional => 1 },
     };
 }
 
@@ -56,6 +58,11 @@ sub generate_frr_config {
 
     my $local_node = PVE::INotify::nodename();
 
+    if (defined($plugin_config->{nodes})) {
+        my @nodes = PVE::Tools::split_list($plugin_config->{nodes});
+        return if !grep { $_ eq $local_node } @nodes;
+    }
+
     my @peers;
     my $asn = int($plugin_config->{asn});
     my $ebgp = undef;
-- 
2.47.3