[PATCH pve-docs v2 10/11] sdn: document IPv6 RA / SLAAC configuration

[Hannes Laimer <h.laimer@proxmox.com>]

Document the per-VNet and per-subnet RA configuration and how they
combine, so the typical SLAAC setup is one toggle on the VNet plus
the IPv6 subnets' default per-prefix settings.

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 pvesdn.adoc | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/pvesdn.adoc b/pvesdn.adoc
index 9501bd4..74ce953 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -422,6 +422,37 @@ xref:pvesdn_firewall_integration[VNET Firewall] to further isolate traffic in
 the VNET across nodes. For example, DROP by default and only allow traffic from
 the IP subnet to the gateway and vice versa.
 
+[[pvesdn_config_vnet_ipv6_ra]]
+IPv6 Router Advertisement (EVPN)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For VNets in an EVPN zone, the per-node anycast gateway can emit IPv6 Router
+Advertisements so guests configure addresses via SLAAC. Per-RA settings live on
+the VNet, per-prefix overrides on each subnet (see
+xref:pvesdn_config_subnet_nd_prefix[Per-prefix RA overrides]).
+
+Send Router Advertisements:: Master toggle. When enabled, the VNet bridge emits
+  RAs. Only valid in EVPN zones.
+
+DHCP Managed (M):: Set the managed-address configuration (M) flag in emitted
+  RAs. Hosts should obtain addresses via DHCPv6.
+
+DHCP Other (O):: Set the other-configuration (O) flag in emitted RAs. Hosts
+  should obtain non-address configuration (e.g. DNS) via DHCPv6.
+
+RDNSS:: Comma-separated list of IPv6 addresses advertised as Recursive DNS
+  Servers in RAs.
+
+Router Lifetime:: Default-router lifetime advertised in RAs (seconds). `0` tells
+  hosts not to use this gateway as a default router. Defaults to FRR's built-in
+  value (1800s) if unset.
+
+RA Interval:: Maximum interval between unsolicited RAs (seconds). Defaults to
+  FRR's built-in value (600s) if unset.
+
+Advertised MTU:: Optional MTU to advertise in the RA. Omit to suppress the MTU
+  option entirely.
+
 [[pvesdn_config_subnet]]
 Subnets
 -------
@@ -455,6 +486,31 @@ SNAT:: Enable Source NAT which allows VMs from inside a
 DNS Zone Prefix:: Add a prefix to the domain registration, like
   <hostname>.prefix.<domain>  Optional.
 
+[[pvesdn_config_subnet_nd_prefix]]
+Per-prefix RA overrides (EVPN)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For IPv6 subnets on a VNet that has
+xref:pvesdn_config_vnet_ipv6_ra[Router Advertisements] enabled, each subnet
+contributes a prefix to the RA. The defaults (advertise the prefix with the
+autonomous and on-link flags set, FRR's default lifetimes) cover the typical
+SLAAC case. The options below let you override per prefix.
+
+SLAAC (A):: Set the autonomous configuration (A) flag for this prefix, enabling
+  SLAAC. Defaults to enabled. Only valid on `/64` prefixes
+  footnote:[RFC-4862 https://datatracker.ietf.org/doc/html/rfc4862].
+  Uncheck it for non-/64 prefixes (e.g. `/96`) so the prefix is announced
+  without autoconfig.
+
+On-link (L):: Set the on-link (L) flag for this prefix. Defaults to on-link.
+  Uncheck for off-link prefixes hosts should reach only via the router.
+
+Valid Lifetime:: Valid lifetime for the prefix advertised in RAs, in seconds.
+  Defaults to 30 days (2592000s).
+
+Preferred Lifetime:: Preferred lifetime for the prefix advertised in RAs, in
+  seconds. Defaults to 7 days (604800s).
+
 
 [[pvesdn_config_controllers]]
 Controllers
@@ -1495,7 +1551,6 @@ can reply back.
 If you have configured an external BGP router, the BGP-EVPN routes (10.0.1.0/24
 and 10.0.2.0/24 in this example), will be announced dynamically.
 
-
 [[pvesdn_notes]]
 Notes
 -----
-- 
2.47.3