From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 7226D1FF14C
	for <inbox@lore.proxmox.com>; Fri, 15 May 2026 12:25:41 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 51768189B7;
	Fri, 15 May 2026 12:25:41 +0200 (CEST)
From: Hannes Laimer <h.laimer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network v6 5/9] sdn: forbid BGP controller and BGP fabric
 coexistence
Date: Fri, 15 May 2026 12:24:56 +0200
Message-ID: <20260515102500.216264-6-h.laimer@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260515102500.216264-1-h.laimer@proxmox.com>
References: <20260515102500.216264-1-h.laimer@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1778840699597
X-SPAM-LEVEL: Spam detection results:  0
	AWL                     0.082 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: DCIDQ6LNWYLL6JISLJSEGG5AFS2BGM3R
X-Message-ID-Hash: DCIDQ6LNWYLL6JISLJSEGG5AFS2BGM3R
X-MailFrom: h.laimer@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

The BGP controller and the BGP fabric both populate the default-VRF
BGP router. The merge in proxmox-frr was designed for the
EVPN-controller + fabric overlap, not for two BGP underlays in one
router: the resulting router-level ASN is order-dependent, the two
source-correction route-maps fight for the single 'ip protocol bgp'
binding, and loopback prefixes get advertised over two sessions with
differing path attributes.

Reject the combination when creating either side while the other exists.

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 src/PVE/API2/Network/SDN/Fabrics/Fabric.pm   | 10 ++++++++++
 src/PVE/Network/SDN/Controllers/BgpPlugin.pm |  9 +++++++++
 2 files changed, 19 insertions(+)

diff --git a/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm b/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm
index 1201654..4695a6e 100644
--- a/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm
+++ b/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm
@@ -4,6 +4,7 @@ use strict;
 use warnings;
 
 use PVE::Network::SDN;
+use PVE::Network::SDN::Controllers;
 use PVE::Network::SDN::Fabrics;
 
 use PVE::JSONSchema qw(get_standard_option);
@@ -147,6 +148,15 @@ __PACKAGE__->register_method({
                 my $digest = extract_param($param, 'digest');
                 PVE::Tools::assert_if_modified($config->digest(), $digest) if $digest;
 
+                if (($param->{protocol} // '') eq 'bgp') {
+                    my $controller_cfg = PVE::Network::SDN::Controllers::config();
+                    for my $id (keys %{ $controller_cfg->{ids} // {} }) {
+                        die "cannot add a BGP fabric while BGP controller '$id' exists:"
+                            . " both target the default-VRF BGP router\n"
+                            if $controller_cfg->{ids}->{$id}->{type} eq 'bgp';
+                    }
+                }
+
                 $config->add_fabric($param);
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
diff --git a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
index 43d97f0..ea2ba5a 100644
--- a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -8,6 +8,7 @@ use PVE::JSONSchema qw(get_standard_option);
 use PVE::Tools qw(run_command file_set_contents file_get_contents);
 
 use PVE::Network::SDN::Controllers::Plugin;
+use PVE::Network::SDN::Fabrics;
 use PVE::Network::SDN::Zones::Plugin;
 use Net::IP;
 
@@ -201,6 +202,14 @@ sub on_update_hook {
         die "only 1 bgp controller can be defined" if $controllernb > 1;
     }
 
+    my $fabric_config = PVE::Network::SDN::Fabrics::config();
+    my $fabrics = $fabric_config->list_fabrics();
+    for my $id (keys %$fabrics) {
+        die "cannot configure a BGP controller while BGP fabric '$id' exists:"
+            . " both target the default-VRF BGP router\n"
+            if $fabrics->{$id}->{protocol} eq 'bgp';
+    }
+
     my $controller = $controller_cfg->{ids}->{$controllerid};
     my $route_map_config = PVE::Network::SDN::RouteMaps::config(0);
 
-- 
2.47.3