From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 302D01FF187 for ; Mon, 3 Nov 2025 15:54:15 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 977FD20690; Mon, 3 Nov 2025 15:54:53 +0100 (CET) Message-ID: <2b4ff369-2f11-4876-b384-ce469315f79f@proxmox.com> Date: Mon, 3 Nov 2025 15:54:17 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox VE development discussion , Stefan Hanreich References: <20251030154851.540408-1-s.hanreich@proxmox.com> Content-Language: en-US From: Hannes Laimer In-Reply-To: <20251030154851.540408-1-s.hanreich@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762181640428 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.108 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH common/manager/network/proxmox{-ve-rs, -perl-rs} 00/35] Improve status reporting for SDN / networking X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Overall this LGTM! Some minor things inline, but nothing that would be a blocker. Especially given the size this is a very well put together series! Consider this Reviewed-by: Hannes Laimer On 10/30/25 16:51, Stefan Hanreich wrote: > This patch series builds upon and replaces the two patch series initially > submitted by Gabriel [1] [2]. Main reason for merging those is that some > additional refactoring to the status API module structure as well as the UI > widgets for the SDN browser has been done, which both series would need to > depend on. Additionally, the EVPN series depended on the fabric series already > as well, so submitting them as one seemed like the least complicated option for > both developers and maintainers with the additional changes introduced in this > iteration. > > > ## Rationale > > Currently, the SDN and PVE networking stack provide little insight into their > inner workings and can be a bit of a black box to users. Inspecting the current > state of networking resources, particularly for EVPN zones, requires dropping > into the CLI and invoking specific iproute2 / FRR commands. The current status > endpoint only provides very coarse and limited feedback on the current state of > SDN / networking resources. > > With this iteration, this patch series also adds status reporting for bridges / > vnets, which has been requested several times in forums / enterprise support / > trainings. > > Most of those endpoints could be interesting additions to the PDM UI as well, > particularly fabrics and evpn status. > > > ## New network resource type > > While the initial implementations extended the existing SDN resource type, this > iteration introduces a 'network' resource type. The pre-existing SDN resource > type utilized 'sdn/' as its id, which makes it hard to add additional > types that do not share that ID space. Changing the schema for the ID would also > break backwards-compatibility of API and UI between 9.0 and 9.1. > > With potential additional status reporting for other network entities (see > below), it would make sense to generalize the resource type to network in > particular, to avoid cluttering the top level with one type per SDN/networking > entity. If that is not a concern, the current state could be easily adapted to > have one top-level type per resource - simplifying the current implementation. > > The ID schema for this resource type is now as follow: > > network/{node}/{network_type}/{name} > > An example network resource: > > { > "id": "network/acolyte/fabric/underlay", > "type": "network", > "network_type": "fabric", > "network": "underlay" > "node": "acolyte", > "status": "ok", > "protocol": "ospf", > } > > The plan for migrating: > * The zones will still report their status as they did before (SDN resource > type) > * New networking entities (fabrics, for now) will utilize the network resource > type > * We will add support for parsing the new zone status reporting format in this > patch series (but it will not be sent by any node) > * When migrating from PVE 9 -> 10, status reporting for zones will move to the > new network resource type > * old nodes should be able to cope with the new format, since support for it has > been included for awhile > > I know this is a bit of a sledgehammer method of solving this problem, but imo > while this migration might be a bit painful now, it seems the best option to me > long-term. Any suggestions / opinions on this would be greatly appreciated. I > don't really see another way of implementing additional types of entities > without either breaking backwards-compatibility with PVE <= 9.0 or having > potential ID collisions in the SDN resource type or having one dedicated type > per networking resource. > > > ## Potential future work / extensions > > Add status reporting for the firewall, which currently acts a bit like a > black-box as well, without any easy way of checking the current (running) state > of the firewall. > > Other entities to consider adding to the resources: controllers, DNS, external > IPAM. > > The data from those endpoints could be used to provide a graphical overview of a > bridge in the UI, an idea which has been floating around internally for awhile. > > > ## New API endpoints > > /nodes/{node}/sdn/fabrics/{fabric}/routes > /nodes/{node}/sdn/fabrics/{fabric}/neighbors > /nodes/{node}/sdn/fabrics/{fabric}/interfaces > > /nodes/{node}/sdn/zones/{zone}/ip-vrf > /nodes/{node}/sdn/zones/{zone}/bridges > > /nodes/{node}/sdn/vnets/{vnet}/mac-vrf > > > ## New UI panels > > Those panels can all be reached via the resource tree and are found in the SDN > browser. > > For all zones: > * Bridges overview > > For EVPN zones: > * IP-VRF > * MAC-VRFs > > For Fabrics: > * Routes > * Neighbors > * Interfaces > > > ## Dependencies > > proxmox-perl-rs depends on proxmox-ve-rs > pve-network depends on proxmox-perl-rs > pve-network depends on pve-common > pve-manager depends on pve-network > > Changes from (v1, v4): > > * refactor the SDN status API module structure (no functional changes to > existing endpoints) > * move the fabrics API endpoints to the pre-existing /nodes/{node}/sdn subdir > * refactor the SDN content view panel, so it can be reused for the EVPN panels > (no functional changes to existing UI panels) > * add a completely new resource type, instead of trying to re-use the existing > SDN one (reasoning above). > * move the iproute2 and bridge helpers to pve-common > * improve JSONSchema of all API endpoints (descriptions mainly) > * return additional information in the fabric endpoints > * add full UI integration for EVPN status (IP-VRF + MAC-VRF panels) > * Use the installed, duplicate and bestpath properties of FRR to show only > routes that are actually installed into the kernel routing table for EVPN > zones > * filter for type 2 routes specifically when invoking vtysh > > [1] https://lore.proxmox.com/pve-devel/20250904114206.193052-1-g.goller@proxmox.com/ > [2] https://lore.proxmox.com/pve-devel/20250905114504.195110-1-g.goller@proxmox.com/ > > pve-common: > > Stefan Hanreich (2): > iproute2: add helper for detecting bridge members > iproute2: add helper for querying vlan information > > src/PVE/IPRoute2.pm | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > > > proxmox-ve-rs: > > Gabriel Goller (6): > frr: make room for deserialization structs > frr: add deserialization types for openfabric and ospf > ve-config: add helper function to iterate over all nodes in all > fabrics > ve-config: add optional tag property to vnet > frr: fix some route deserialization types > frr: add deserialization types for EVPN > > proxmox-frr/Cargo.toml | 2 + > proxmox-frr/debian/control | 6 + > proxmox-frr/src/de/evpn.rs | 165 ++++++++++++ > proxmox-frr/src/de/mod.rs | 49 ++++ > proxmox-frr/src/de/openfabric.rs | 101 ++++++++ > proxmox-frr/src/de/ospf.rs | 64 +++++ > proxmox-frr/src/lib.rs | 243 +----------------- > proxmox-frr/src/ser/mod.rs | 241 +++++++++++++++++ > proxmox-frr/src/{ => ser}/openfabric.rs | 4 +- > proxmox-frr/src/{ => ser}/ospf.rs | 2 +- > proxmox-frr/src/{ => ser}/route_map.rs | 0 > proxmox-frr/src/{ => ser}/serializer.rs | 2 +- > proxmox-ve-config/src/sdn/config.rs | 27 +- > proxmox-ve-config/src/sdn/fabric/frr.rs | 170 ++++++------ > proxmox-ve-config/src/sdn/fabric/mod.rs | 5 + > proxmox-ve-config/src/sdn/frr.rs | 2 +- > proxmox-ve-config/tests/fabric/main.rs | 2 +- > proxmox-ve-config/tests/sdn/main.rs | 5 +- > .../tests/sdn/resources/running-config.json | 1 + > 19 files changed, 761 insertions(+), 330 deletions(-) > create mode 100644 proxmox-frr/src/de/evpn.rs > create mode 100644 proxmox-frr/src/de/mod.rs > create mode 100644 proxmox-frr/src/de/openfabric.rs > create mode 100644 proxmox-frr/src/de/ospf.rs > create mode 100644 proxmox-frr/src/ser/mod.rs > rename proxmox-frr/src/{ => ser}/openfabric.rs (97%) > rename proxmox-frr/src/{ => ser}/ospf.rs (99%) > rename proxmox-frr/src/{ => ser}/route_map.rs (100%) > rename proxmox-frr/src/{ => ser}/serializer.rs (99%) > > > proxmox-perl-rs: > > Gabriel Goller (9): > pve-rs: firewall: cargo: fmt > pve-rs: cargo: bump proxmox-apt and proxmox-ve-config versions > pve-rs: fabrics: update proxmox-frr import path > pve-rs: fabrics: fix clippy lint warnings > pve-rs: fabrics: add function to get status of fabric > pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn > pve-rs: fabrics: add function to get routes learned by a fabric > pve-rs: fabrics: add function to get the interfaces used for a fabric > pve-rs: fabrics: add function to get the neighbors for a fabric > > Stefan Hanreich (1): > pve-rs: firewall: add missing documentation comments > > pve-rs/Cargo.toml | 4 +- > pve-rs/src/bindings/firewall/sdn.rs | 16 +- > pve-rs/src/bindings/sdn/fabrics.rs | 296 +++++++++++++- > pve-rs/src/lib.rs | 2 + > pve-rs/src/sdn/mod.rs | 3 + > pve-rs/src/sdn/status.rs | 585 ++++++++++++++++++++++++++++ > 6 files changed, 896 insertions(+), 10 deletions(-) > create mode 100644 pve-rs/src/sdn/mod.rs > create mode 100644 pve-rs/src/sdn/status.rs > > > pve-network: > > Gabriel Goller (3): > fabrics: add fabrics status to SDN::status function > api: nodes: fabrics: add endpoint for querying route status > api: nodes: fabrics: add endpoint for querying neighbor information > > Stefan Hanreich (6): > refactor: rework api module structure for the /nodes/{node}/sdn subdir > sdn: status: add zone type to sdn resource > api: nodes: fabrics: add endpoint for querying interface status > api: nodes: zones: add bridge status > api: nodes: zones: add ip vrf endpoint for evpn zones > api: nodes: vnets: add mac-vrf endpoint for evpn vnets > > src/PVE/API2/Network/SDN/Makefile | 2 +- > src/PVE/API2/Network/SDN/Nodes/Fabric.pm | 187 +++++++++ > src/PVE/API2/Network/SDN/Nodes/Fabrics.pm | 16 + > .../Network/SDN/{Zones => Nodes}/Makefile | 12 +- > src/PVE/API2/Network/SDN/Nodes/Status.pm | 61 +++ > src/PVE/API2/Network/SDN/Nodes/Vnet.pm | 147 +++++++ > src/PVE/API2/Network/SDN/Nodes/Vnets.pm | 16 + > src/PVE/API2/Network/SDN/Nodes/Zone.pm | 379 ++++++++++++++++++ > .../SDN/{Zones/Status.pm => Nodes/Zones.pm} | 58 +-- > src/PVE/API2/Network/SDN/Vnets.pm | 2 +- > src/PVE/API2/Network/SDN/Zones/Content.pm | 88 ---- > src/PVE/Network/SDN.pm | 6 +- > src/PVE/Network/SDN/Zones.pm | 2 + > src/test/debug/statuscheck.pl | 3 +- > 14 files changed, 833 insertions(+), 146 deletions(-) > create mode 100644 src/PVE/API2/Network/SDN/Nodes/Fabric.pm > create mode 100644 src/PVE/API2/Network/SDN/Nodes/Fabrics.pm > rename src/PVE/API2/Network/SDN/{Zones => Nodes}/Makefile (51%) > create mode 100644 src/PVE/API2/Network/SDN/Nodes/Status.pm > create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnet.pm > create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnets.pm > create mode 100644 src/PVE/API2/Network/SDN/Nodes/Zone.pm > rename src/PVE/API2/Network/SDN/{Zones/Status.pm => Nodes/Zones.pm} (56%) > delete mode 100644 src/PVE/API2/Network/SDN/Zones/Content.pm > > > pve-manager: > > Gabriel Goller (2): > pvestatd: add network resource to status reporting > ui: resource tree: add network resource > > Stefan Hanreich (6): > api: nodes: use new status module for sdn subdirectory > refactor: ui: sdn browser: parametrize zone content panel > pvestatd: sdn: adapt to changes in status reporting > ui: sdn browser: Add ip-vrf panel for evpn zones > ui: sdn browser: add mac vrf panel > ui: sdn browser: add zone bridge view > > PVE/API2/Cluster.pm | 102 ++++++++++++--- > PVE/API2/Nodes.pm | 50 +------ > PVE/Service/pvestatd.pm | 29 ++-- > www/manager6/Makefile | 6 + > www/manager6/Utils.js | 11 ++ > www/manager6/Workspace.js | 1 + > www/manager6/sdn/Browser.js | 29 ++++ > www/manager6/sdn/EvpnZoneIpVrfPanel.js | 84 ++++++++++++ > www/manager6/sdn/EvpnZoneMacVrfPanel.js | 130 ++++++++++++++++++ > www/manager6/sdn/FabricsContentView.js | 77 +++++++++++ > www/manager6/sdn/NetworkBrowser.js | 167 ++++++++++++++++++++++++ > www/manager6/sdn/ZoneBridgeView.js | 88 +++++++++++++ > www/manager6/sdn/ZoneBridgesPanel.js | 131 +++++++++++++++++++ > www/manager6/sdn/ZoneContentPanel.js | 11 +- > www/manager6/sdn/ZoneContentView.js | 75 ++++++----- > www/manager6/tree/ResourceTree.js | 6 + > 16 files changed, 888 insertions(+), 109 deletions(-) > create mode 100644 www/manager6/sdn/EvpnZoneIpVrfPanel.js > create mode 100644 www/manager6/sdn/EvpnZoneMacVrfPanel.js > create mode 100644 www/manager6/sdn/FabricsContentView.js > create mode 100644 www/manager6/sdn/NetworkBrowser.js > create mode 100644 www/manager6/sdn/ZoneBridgeView.js > create mode 100644 www/manager6/sdn/ZoneBridgesPanel.js > > > Summary over all repositories: > 56 files changed, 3401 insertions(+), 595 deletions(-) > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel