* [PATCH pve-network] sdn: evpn: support eBGP VTEPs over BGP fabric underlays
@ 2026-05-12 15:50 Hannes Laimer
2026-05-13 18:43 ` superseded: " Hannes Laimer
0 siblings, 1 reply; 2+ messages in thread
From: Hannes Laimer @ 2026-05-12 15:50 UTC (permalink / raw)
To: pve-devel
When the EVPN underlay is a BGP fabric, every node already has a unique
per-node ASN for eBGP unnumbered peering. Reuse that ASN for the EVPN
overlay too when the user picks bgp-mode=external, so VTEP sessions
naturally form as eBGP between different ASNs without needing a separate
overlay-ASN scheme. The existing local-as plumbing handles the resulting
mismatch with the router's main ASN.
The EVPN controller's own ASN is still used for autoderived route-target
values, keeping route-targets consistent across the fabric even though
each VTEP advertises under its own per-node ASN.
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
this should have been part of [1], but since I forgot to include it,
sending it as a follow-up. For this+the main bgp-fabric series
pre-built packages are available on sani. should make testing a little
easier :P
[1] https://lore.proxmox.com/pve-devel/20260512141305.199664-1-h.laimer@proxmox.com/T/#t
src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 +++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 3264cf5..4c7fb46 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -114,6 +114,7 @@ sub generate_frr_config {
my $ifaceip = undef;
my $routerid = undef;
my $bgp_mode = $plugin_config->{'bgp-mode'} // 'legacy';
+ my $use_per_node_asn = 0;
my $bgp_controller = find_bgp_controller($local_node, $controller_cfg);
my $isis_controller = find_isis_controller($local_node, $controller_cfg);
@@ -152,6 +153,21 @@ sub generate_frr_config {
$ifaceip = $current_node->{ip};
$routerid = $current_node->{ip};
+ if ($fabric->{protocol} eq 'bgp' && $bgp_mode eq 'external') {
+ if (!$current_node->{asn}) {
+ log_warn(
+ "Node $local_node has no ASN in BGP fabric $fabric->{id};"
+ . " cannot configure eBGP VTEPs for EVPN controller"
+ . " $plugin_config->{id}"
+ );
+ return;
+ }
+ $asn = int($current_node->{asn});
+ $ebgp = 1;
+ $autortas = $plugin_config->{asn};
+ $use_per_node_asn = 1;
+ }
+
} elsif ($plugin_config->{'peers'}) {
@peers = PVE::Tools::split_list($plugin_config->{'peers'});
@@ -211,8 +227,14 @@ sub generate_frr_config {
if ($bgp_mode eq 'legacy') {
$neighbor_group->{ebgp_multihop} = 10 if $ebgp && $loopback;
} elsif ($bgp_mode eq 'external') {
- $neighbor_group->{ebgp_multihop} = int($plugin_config->{'ebgp-multihop'})
- if $ebgp && $plugin_config->{'ebgp-multihop'};
+ if ($ebgp && $plugin_config->{'ebgp-multihop'}) {
+ $neighbor_group->{ebgp_multihop} = int($plugin_config->{'ebgp-multihop'});
+ } elsif ($use_per_node_asn) {
+ # eBGP VTEPs over a BGP fabric reach each peer via the per-node
+ # fabric loopback. The peers are not directly connected, so the
+ # session needs multihop to form.
+ $neighbor_group->{ebgp_multihop} = 10;
+ }
}
if ($asn != int($bgp_router->{asn})) {
--
2.47.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* superseded: [PATCH pve-network] sdn: evpn: support eBGP VTEPs over BGP fabric underlays
2026-05-12 15:50 [PATCH pve-network] sdn: evpn: support eBGP VTEPs over BGP fabric underlays Hannes Laimer
@ 2026-05-13 18:43 ` Hannes Laimer
0 siblings, 0 replies; 2+ messages in thread
From: Hannes Laimer @ 2026-05-13 18:43 UTC (permalink / raw)
To: pve-devel
superseded:
https://lore.proxmox.com/pve-devel/20260513184213.506775-1-h.laimer@proxmox.com/T/#t
On 2026-05-12 17:49, Hannes Laimer wrote:
> When the EVPN underlay is a BGP fabric, every node already has a unique
> per-node ASN for eBGP unnumbered peering. Reuse that ASN for the EVPN
> overlay too when the user picks bgp-mode=external, so VTEP sessions
> naturally form as eBGP between different ASNs without needing a separate
> overlay-ASN scheme. The existing local-as plumbing handles the resulting
> mismatch with the router's main ASN.
>
> The EVPN controller's own ASN is still used for autoderived route-target
> values, keeping route-targets consistent across the fabric even though
> each VTEP advertises under its own per-node ASN.
>
> Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
> ---
> this should have been part of [1], but since I forgot to include it,
> sending it as a follow-up. For this+the main bgp-fabric series
> pre-built packages are available on sani. should make testing a little
> easier :P
>
> [1] https://lore.proxmox.com/pve-devel/20260512141305.199664-1-h.laimer@proxmox.com/T/#t
>
> src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 +++++++++++++++++--
> 1 file changed, 24 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> index 3264cf5..4c7fb46 100644
> --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> @@ -114,6 +114,7 @@ sub generate_frr_config {
> my $ifaceip = undef;
> my $routerid = undef;
> my $bgp_mode = $plugin_config->{'bgp-mode'} // 'legacy';
> + my $use_per_node_asn = 0;
>
> my $bgp_controller = find_bgp_controller($local_node, $controller_cfg);
> my $isis_controller = find_isis_controller($local_node, $controller_cfg);
> @@ -152,6 +153,21 @@ sub generate_frr_config {
> $ifaceip = $current_node->{ip};
> $routerid = $current_node->{ip};
>
> + if ($fabric->{protocol} eq 'bgp' && $bgp_mode eq 'external') {
> + if (!$current_node->{asn}) {
> + log_warn(
> + "Node $local_node has no ASN in BGP fabric $fabric->{id};"
> + . " cannot configure eBGP VTEPs for EVPN controller"
> + . " $plugin_config->{id}"
> + );
> + return;
> + }
> + $asn = int($current_node->{asn});
> + $ebgp = 1;
> + $autortas = $plugin_config->{asn};
> + $use_per_node_asn = 1;
> + }
> +
> } elsif ($plugin_config->{'peers'}) {
> @peers = PVE::Tools::split_list($plugin_config->{'peers'});
>
> @@ -211,8 +227,14 @@ sub generate_frr_config {
> if ($bgp_mode eq 'legacy') {
> $neighbor_group->{ebgp_multihop} = 10 if $ebgp && $loopback;
> } elsif ($bgp_mode eq 'external') {
> - $neighbor_group->{ebgp_multihop} = int($plugin_config->{'ebgp-multihop'})
> - if $ebgp && $plugin_config->{'ebgp-multihop'};
> + if ($ebgp && $plugin_config->{'ebgp-multihop'}) {
> + $neighbor_group->{ebgp_multihop} = int($plugin_config->{'ebgp-multihop'});
> + } elsif ($use_per_node_asn) {
> + # eBGP VTEPs over a BGP fabric reach each peer via the per-node
> + # fabric loopback. The peers are not directly connected, so the
> + # session needs multihop to form.
> + $neighbor_group->{ebgp_multihop} = 10;
> + }
> }
>
> if ($asn != int($bgp_router->{asn})) {
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-13 18:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-12 15:50 [PATCH pve-network] sdn: evpn: support eBGP VTEPs over BGP fabric underlays Hannes Laimer
2026-05-13 18:43 ` superseded: " Hannes Laimer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.