[PATCH docs 0/2] Improve route map documentation

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH docs 0/2] Improve route map documentation
@ 2026-05-13 16:20 Stefan Hanreich
  2026-05-13 16:20 ` [PATCH pve-docs 1/2] sdn: route maps: mention implicit deny default explicitly Stefan Hanreich
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Stefan Hanreich @ 2026-05-13 16:20 UTC (permalink / raw)
  To: pve-devel

Removed the misleading note about having to create an explicit deny entry when
calling a route map and also added a small section mentioning that every route
map has an empty deny entry as its last entry.


pve-docs:

Stefan Hanreich (2):
  sdn: route maps: mention implicit deny default explicitly
  sdn: route map: delete note about creating an empty deny entry

 pvesdn.adoc | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)


Summary over all repositories:
  1 files changed, 2 insertions(+), 7 deletions(-)

-- 
Generated by murpp 0.11.0




^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH pve-docs 1/2] sdn: route maps: mention implicit deny default explicitly
  2026-05-13 16:20 [PATCH docs 0/2] Improve route map documentation Stefan Hanreich
@ 2026-05-13 16:20 ` Stefan Hanreich
  2026-05-13 16:20 ` [PATCH pve-docs 2/2] sdn: route map: delete note about creating an empty deny entry Stefan Hanreich
  2026-05-13 16:48 ` applied: [PATCH docs 0/2] Improve route map documentation Thomas Lamprecht
  2 siblings, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2026-05-13 16:20 UTC (permalink / raw)
  To: pve-devel

While mentioned in the examples, it is good to clarify this in the
route map section as well.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 pvesdn.adoc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pvesdn.adoc b/pvesdn.adoc
index 6bb4993..9a3b6b8 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -841,7 +841,8 @@ A route map is an ordered list of entries that match incoming or outgoing
 routes against criteria, optionally modify attributes such as the metric or
 local preference, and either `permit` (forward the route, possibly modified) or
 `deny` (drop the route). FRR evaluates entries in order; the first match
-controls the action.
+controls the action. Every route map implicitly has an otherwise empty `deny` as
+its last entry, denying all routes that did not match an entry explicitly.
 
 Route maps are managed under `Datacenter -> SDN -> Route Maps`. Each entry has
 the following properties:
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH pve-docs 2/2] sdn: route map: delete note about creating an empty deny entry
  2026-05-13 16:20 [PATCH docs 0/2] Improve route map documentation Stefan Hanreich
  2026-05-13 16:20 ` [PATCH pve-docs 1/2] sdn: route maps: mention implicit deny default explicitly Stefan Hanreich
@ 2026-05-13 16:20 ` Stefan Hanreich
  2026-05-13 16:48 ` applied: [PATCH docs 0/2] Improve route map documentation Thomas Lamprecht
  2 siblings, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2026-05-13 16:20 UTC (permalink / raw)
  To: pve-devel

When another route map is called from an entry, then the route is
denied if it the called route map returns deny, even if the calling
entry has permit as its matching policy. See FRR docs [1]:

If the route-map called returns deny then processing of the route-map
finishes and the route is denied, regardless of the Matching Policy or
the Exit Policy. If the called route-map returns permit, then Matching
Policy and Exit Policy govern further behaviour, as normal.

This means that, even though MAP_VTEP_IN has permit as its matching
policy, any route will be denied if the called route map denies it.

[1] https://docs.frrouting.org/en/latest/routemap.html#term-Call-Action

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 pvesdn.adoc | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/pvesdn.adoc b/pvesdn.adoc
index 9a3b6b8..3256e96 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -894,12 +894,6 @@ received from a peer before installing them; outgoing maps run against routes
 before announcing them. Both fields are optional and selected from the route
 maps configured in the SDN.
 
-NOTE: For the EVPN controller, the user-provided route maps are invoked via
-`call` from internal wrapper maps (`MAP_VTEP_IN` / `MAP_VTEP_OUT`) whose
-trailing action is `permit`. As a result, a deny-only user route map will not
-block routes that do not match any of its entries; finish such a map with an
-explicit catch-all `deny` entry if you want a closed default.
-
 The OSPF and OpenFabric xref:pvesdn_config_fabrics[fabrics] take a `Route
 Filter` option that references a prefix list. When set, only routes whose
 destinations pass the prefix list are installed in the kernel routing table.
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 4+ messages in thread

* applied: [PATCH docs 0/2] Improve route map documentation
  2026-05-13 16:20 [PATCH docs 0/2] Improve route map documentation Stefan Hanreich
  2026-05-13 16:20 ` [PATCH pve-docs 1/2] sdn: route maps: mention implicit deny default explicitly Stefan Hanreich
  2026-05-13 16:20 ` [PATCH pve-docs 2/2] sdn: route map: delete note about creating an empty deny entry Stefan Hanreich
@ 2026-05-13 16:48 ` Thomas Lamprecht
  2 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2026-05-13 16:48 UTC (permalink / raw)
  To: pve-devel, Stefan Hanreich

On Wed, 13 May 2026 18:20:09 +0200, Stefan Hanreich wrote:
> Removed the misleading note about having to create an explicit deny entry when
> calling a route map and also added a small section mentioning that every route
> map has an empty deny entry as its last entry.
> 
> 
> pve-docs:
> 
> [...]

Applied, thanks!

[1/2] sdn: route maps: mention implicit deny default explicitly
      commit: 8767063e577645d2f445329ec6711122f07a0fd0
[2/2] sdn: route map: delete note about creating an empty deny entry
      commit: dc6cbc20d4c466df1971eec7d9825cb733d46ff7




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-05-13 16:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-13 16:20 [PATCH docs 0/2] Improve route map documentation Stefan Hanreich
2026-05-13 16:20 ` [PATCH pve-docs 1/2] sdn: route maps: mention implicit deny default explicitly Stefan Hanreich
2026-05-13 16:20 ` [PATCH pve-docs 2/2] sdn: route map: delete note about creating an empty deny entry Stefan Hanreich
2026-05-13 16:48 ` applied: [PATCH docs 0/2] Improve route map documentation Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal