* [pve-devel] [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing
@ 2026-01-19 11:05 Hannes Laimer
2026-01-19 11:09 ` Stefan Hanreich
2026-01-19 14:27 ` [pve-devel] superseded: " Hannes Laimer
0 siblings, 2 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-19 11:05 UTC (permalink / raw)
To: pve-devel
IPv6 subnets on exitnodes had no working local-routing path. Add a v6
address on the xvrf veth pair and install IPv6 routes via that next-hop.
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
v2:
- change `address6` to `address`, ifreload2 does not pick up address6.
Probably had the address still attached from manualy testing so I
didn't notice when I tested this for v1
src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 7 ++++++-
src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 ++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index e53000a..74fc35d 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -462,7 +462,12 @@ sub generate_vnet_frr_config {
foreach my $subnetid (sort keys %{$subnets}) {
my $subnet = $subnets->{$subnetid};
my $cidr = $subnet->{cidr};
- push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
+ my ($ip) = split(/\//, $cidr, 2);
+ if (Net::IP::ip_is_ipv6($ip)) {
+ push @controller_config, "ipv6 route $cidr fd00:ffff::2 xvrf_$zoneid";
+ } else {
+ push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
+ }
}
push(@{ $config->{frr_ip_protocol} }, @controller_config);
}
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 6d89499..18aecb9 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -327,6 +327,7 @@ sub generate_sdn_config {
@iface_config = ();
push @iface_config, "link-type veth";
push @iface_config, "address 10.255.255.1/30";
+ push @iface_config, "address fd00:ffff::1/126" if $ipv6;
push @iface_config, "veth-peer-name $iface_xvrfp";
push @iface_config, "mtu " . ($mtu + 50) if $mtu;
push(@{ $config->{$iface_xvrf} }, @iface_config) if !$config->{$iface_xvrf};
@@ -334,6 +335,7 @@ sub generate_sdn_config {
@iface_config = ();
push @iface_config, "link-type veth";
push @iface_config, "address 10.255.255.2/30";
+ push @iface_config, "address fd00:ffff::2/126" if $ipv6;
push @iface_config, "veth-peer-name $iface_xvrf";
push @iface_config, "vrf $vrf_iface";
push @iface_config, "mtu " . ($mtu + 50) if $mtu;
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing
2026-01-19 11:05 [pve-devel] [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing Hannes Laimer
@ 2026-01-19 11:09 ` Stefan Hanreich
2026-01-19 11:13 ` Hannes Laimer
2026-01-19 14:27 ` [pve-devel] superseded: " Hannes Laimer
1 sibling, 1 reply; 4+ messages in thread
From: Stefan Hanreich @ 2026-01-19 11:09 UTC (permalink / raw)
To: pve-devel
On 1/19/26 12:05 PM, Hannes Laimer wrote:
> IPv6 subnets on exitnodes had no working local-routing path. Add a v6
> address on the xvrf veth pair and install IPv6 routes via that next-hop.
>
> Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
> ---
> v2:
> - change `address6` to `address`, ifreload2 does not pick up address6.
> Probably had the address still attached from manualy testing so I
> didn't notice when I tested this for v1
>
> src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 7 ++++++-
> src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 ++
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> index e53000a..74fc35d 100644
> --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> @@ -462,7 +462,12 @@ sub generate_vnet_frr_config {
> foreach my $subnetid (sort keys %{$subnets}) {
> my $subnet = $subnets->{$subnetid};
> my $cidr = $subnet->{cidr};
> - push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
> + my ($ip) = split(/\//, $cidr, 2);
> + if (Net::IP::ip_is_ipv6($ip)) {
> + push @controller_config, "ipv6 route $cidr fd00:ffff::2 xvrf_$zoneid";
Wouldn't it make sense to use the link-local address instead? For IPv4
it would make sense as well imo to use an APIPA address instead, but
technically that's a breaking change. I guess we could even route all
IPv4 traffic via the IPv6 link-local address.
> + } else {
> + push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
> + }
> }
> push(@{ $config->{frr_ip_protocol} }, @controller_config);
> }
> diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
> index 6d89499..18aecb9 100644
> --- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
> +++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
> @@ -327,6 +327,7 @@ sub generate_sdn_config {
> @iface_config = ();
> push @iface_config, "link-type veth";
> push @iface_config, "address 10.255.255.1/30";
> + push @iface_config, "address fd00:ffff::1/126" if $ipv6;
> push @iface_config, "veth-peer-name $iface_xvrfp";
> push @iface_config, "mtu " . ($mtu + 50) if $mtu;
> push(@{ $config->{$iface_xvrf} }, @iface_config) if !$config->{$iface_xvrf};
> @@ -334,6 +335,7 @@ sub generate_sdn_config {
> @iface_config = ();
> push @iface_config, "link-type veth";
> push @iface_config, "address 10.255.255.2/30";
> + push @iface_config, "address fd00:ffff::2/126" if $ipv6;
> push @iface_config, "veth-peer-name $iface_xvrf";
> push @iface_config, "vrf $vrf_iface";
> push @iface_config, "mtu " . ($mtu + 50) if $mtu;
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing
2026-01-19 11:09 ` Stefan Hanreich
@ 2026-01-19 11:13 ` Hannes Laimer
0 siblings, 0 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-19 11:13 UTC (permalink / raw)
To: Proxmox VE development discussion, Stefan Hanreich
On 1/19/26 12:08, Stefan Hanreich wrote:
> On 1/19/26 12:05 PM, Hannes Laimer wrote:
>> IPv6 subnets on exitnodes had no working local-routing path. Add a v6
>> address on the xvrf veth pair and install IPv6 routes via that next-hop.
>>
>> Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
>> ---
>> v2:
>> - change `address6` to `address`, ifreload2 does not pick up address6.
>> Probably had the address still attached from manualy testing so I
>> didn't notice when I tested this for v1
>>
>> src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 7 ++++++-
>> src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 ++
>> 2 files changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
>> index e53000a..74fc35d 100644
>> --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
>> +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
>> @@ -462,7 +462,12 @@ sub generate_vnet_frr_config {
>> foreach my $subnetid (sort keys %{$subnets}) {
>> my $subnet = $subnets->{$subnetid};
>> my $cidr = $subnet->{cidr};
>> - push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
>> + my ($ip) = split(/\//, $cidr, 2);
>> + if (Net::IP::ip_is_ipv6($ip)) {
>> + push @controller_config, "ipv6 route $cidr fd00:ffff::2 xvrf_$zoneid";
>
> Wouldn't it make sense to use the link-local address instead? For IPv4
> it would make sense as well imo to use an APIPA address instead, but
> technically that's a breaking change. I guess we could even route all
> IPv4 traffic via the IPv6 link-local address.
>
I did try just
`ipv6 route $cidr xvrf_$zoneid`
since I assumed it would end up using the ll address, but it didn't. I
am not super sure why, maybe cause it would be cross-vrf(?).
Or did you mean just putting the ll address there explicitly?
>> + } else {
>> + push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
>> + }
>> }
>> push(@{ $config->{frr_ip_protocol} }, @controller_config);
>> }
>> diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
>> index 6d89499..18aecb9 100644
>> --- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
>> +++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
>> @@ -327,6 +327,7 @@ sub generate_sdn_config {
>> @iface_config = ();
>> push @iface_config, "link-type veth";
>> push @iface_config, "address 10.255.255.1/30";
>> + push @iface_config, "address fd00:ffff::1/126" if $ipv6;
>> push @iface_config, "veth-peer-name $iface_xvrfp";
>> push @iface_config, "mtu " . ($mtu + 50) if $mtu;
>> push(@{ $config->{$iface_xvrf} }, @iface_config) if !$config->{$iface_xvrf};
>> @@ -334,6 +335,7 @@ sub generate_sdn_config {
>> @iface_config = ();
>> push @iface_config, "link-type veth";
>> push @iface_config, "address 10.255.255.2/30";
>> + push @iface_config, "address fd00:ffff::2/126" if $ipv6;
>> push @iface_config, "veth-peer-name $iface_xvrf";
>> push @iface_config, "vrf $vrf_iface";
>> push @iface_config, "mtu " . ($mtu + 50) if $mtu;
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] superseded: [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing
2026-01-19 11:05 [pve-devel] [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing Hannes Laimer
2026-01-19 11:09 ` Stefan Hanreich
@ 2026-01-19 14:27 ` Hannes Laimer
1 sibling, 0 replies; 4+ messages in thread
From: Hannes Laimer @ 2026-01-19 14:27 UTC (permalink / raw)
To: pve-devel
superseded-by:
https://lore.proxmox.com/pve-devel/20260119142639.39184-1-h.laimer@proxmox.com/T/#u
On 1/19/26 12:05, Hannes Laimer wrote:
> IPv6 subnets on exitnodes had no working local-routing path. Add a v6
> address on the xvrf veth pair and install IPv6 routes via that next-hop.
>
> Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
> ---
> v2:
> - change `address6` to `address`, ifreload2 does not pick up address6.
> Probably had the address still attached from manualy testing so I
> didn't notice when I tested this for v1
>
> src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 7 ++++++-
> src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 ++
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> index e53000a..74fc35d 100644
> --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
> @@ -462,7 +462,12 @@ sub generate_vnet_frr_config {
> foreach my $subnetid (sort keys %{$subnets}) {
> my $subnet = $subnets->{$subnetid};
> my $cidr = $subnet->{cidr};
> - push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
> + my ($ip) = split(/\//, $cidr, 2);
> + if (Net::IP::ip_is_ipv6($ip)) {
> + push @controller_config, "ipv6 route $cidr fd00:ffff::2 xvrf_$zoneid";
> + } else {
> + push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
> + }
> }
> push(@{ $config->{frr_ip_protocol} }, @controller_config);
> }
> diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
> index 6d89499..18aecb9 100644
> --- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
> +++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
> @@ -327,6 +327,7 @@ sub generate_sdn_config {
> @iface_config = ();
> push @iface_config, "link-type veth";
> push @iface_config, "address 10.255.255.1/30";
> + push @iface_config, "address fd00:ffff::1/126" if $ipv6;
> push @iface_config, "veth-peer-name $iface_xvrfp";
> push @iface_config, "mtu " . ($mtu + 50) if $mtu;
> push(@{ $config->{$iface_xvrf} }, @iface_config) if !$config->{$iface_xvrf};
> @@ -334,6 +335,7 @@ sub generate_sdn_config {
> @iface_config = ();
> push @iface_config, "link-type veth";
> push @iface_config, "address 10.255.255.2/30";
> + push @iface_config, "address fd00:ffff::2/126" if $ipv6;
> push @iface_config, "veth-peer-name $iface_xvrf";
> push @iface_config, "vrf $vrf_iface";
> push @iface_config, "mtu " . ($mtu + 50) if $mtu;
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-01-19 14:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-19 11:05 [pve-devel] [PATCH pve-network v2] sdn: evpn: fix IPv6 exitnode local routing Hannes Laimer
2026-01-19 11:09 ` Stefan Hanreich
2026-01-19 11:13 ` Hannes Laimer
2026-01-19 14:27 ` [pve-devel] superseded: " Hannes Laimer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.