[pve-devel] [PATCH pve-network 00/10] bgp/evpn improvements

[pve-devel] [PATCH pve-network 00/10] bgp/evpn improvements

[Alexandre Derumier]

This patch series include a lot of new evpn features requested by user forum
and add some fixes/cleanup with new frr version

Alexandre Derumier (10):
  zones: status : skip node if node don't have the zone
  controllers: bgp: use loopback ip src for loopback network
  controllers: bgp: add bgp-multipath-as-path-relax option
  controllers: evpn : add min/max value to asn
  controllers: evpn/bgp : add exitnodes-primary && rework route-map
  controllers: evpn: add missing bgp router-id in vrf
  zones: evpn : add rt-import
  controllers: evpn : remove "no bgp ebgp-requires-policy"
  controllers: bgp : remove bgp network import-check
  controllers: evpn : remove ip forwarding, ipv6 forwarding and add frr
    version

 PVE/Network/SDN/Controllers/BgpPlugin.pm      | 23 ++++++-
 PVE/Network/SDN/Controllers/EvpnPlugin.pm     | 54 +++++++++++++++--
 PVE/Network/SDN/Zones.pm                      |  1 +
 PVE/Network/SDN/Zones/EvpnPlugin.pm           | 31 +++++++++-
 .../expected_controller_config                | 11 ++--
 .../expected_controller_config                | 11 ++--
 .../evpn/ebgp/expected_controller_config      | 13 ++--
 .../ebgp_loopback/expected_controller_config  | 19 ++++--
 .../evpn/exitnode/expected_controller_config  | 11 ++--
 .../expected_controller_config                | 11 ++--
 .../expected_controller_config                | 60 +++++++++++++++++++
 .../exitnode_primary/expected_sdn_interfaces  | 41 +++++++++++++
 test/zones/evpn/exitnode_primary/interfaces   |  7 +++
 test/zones/evpn/exitnode_primary/sdn_config   | 26 ++++++++
 .../exitnode_snat/expected_controller_config  | 11 ++--
 .../evpn/ipv4/expected_controller_config      | 11 ++--
 .../evpn/ipv4ipv6/expected_controller_config  | 11 ++--
 .../expected_controller_config                | 11 ++--
 .../evpn/ipv6/expected_controller_config      | 11 ++--
 .../expected_controller_config                | 46 ++++++++++++++
 .../multipath_relax/expected_sdn_interfaces   | 41 +++++++++++++
 test/zones/evpn/multipath_relax/interfaces    |  7 +++
 test/zones/evpn/multipath_relax/sdn_config    | 49 +++++++++++++++
 .../evpn/rt_import/expected_controller_config | 40 +++++++++++++
 .../evpn/rt_import/expected_sdn_interfaces    | 42 +++++++++++++
 test/zones/evpn/rt_import/interfaces          |  7 +++
 test/zones/evpn/rt_import/sdn_config          | 26 ++++++++
 27 files changed, 575 insertions(+), 57 deletions(-)
 create mode 100644 test/zones/evpn/exitnode_primary/expected_controller_config
 create mode 100644 test/zones/evpn/exitnode_primary/expected_sdn_interfaces
 create mode 100644 test/zones/evpn/exitnode_primary/interfaces
 create mode 100644 test/zones/evpn/exitnode_primary/sdn_config
 create mode 100644 test/zones/evpn/multipath_relax/expected_controller_config
 create mode 100644 test/zones/evpn/multipath_relax/expected_sdn_interfaces
 create mode 100644 test/zones/evpn/multipath_relax/interfaces
 create mode 100644 test/zones/evpn/multipath_relax/sdn_config
 create mode 100644 test/zones/evpn/rt_import/expected_controller_config
 create mode 100644 test/zones/evpn/rt_import/expected_sdn_interfaces
 create mode 100644 test/zones/evpn/rt_import/interfaces
 create mode 100644 test/zones/evpn/rt_import/sdn_config

-- 
2.30.2

[pve-devel] [PATCH pve-network 01/10] zones: status : skip node if node don't have the zone

[Alexandre Derumier]

reported by forum user:
https://forum.proxmox.com/threads/proxmox-sdn-incorrect-node-deployment.99834/

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Zones.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm
index a4d81e3..62dadb1 100644
--- a/PVE/Network/SDN/Zones.pm
+++ b/PVE/Network/SDN/Zones.pm
@@ -235,6 +235,7 @@ sub status {
     my $zone_status = {};
 
     for my $id (sort keys %{$zone_cfg->{ids}}) {
+	next if defined($zone_cfg->{ids}->{$id}->{nodes}) && !$zone_cfg->{ids}->{$id}->{nodes}->{$nodename};
 	$zone_status->{$id}->{status} = $err_config ? 'pending' : 'available';
     }
 
-- 
2.30.2

[pve-devel] [PATCH pve-network 02/10] controllers: bgp: use loopback ip src for loopback network

[Alexandre Derumier]

can be usefull if we want to join other loopback ips,
like a ceph cluster in the underlay network

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/BgpPlugin.pm                 | 7 +++++++
 PVE/Network/SDN/Controllers/EvpnPlugin.pm                | 2 ++
 test/zones/evpn/ebgp_loopback/expected_controller_config | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index 69c688b..075ca90 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -110,6 +110,13 @@ sub generate_controller_config {
 	push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP soft-reconfiguration inbound");
     }
 
+    if ($loopback) {
+	push(@{$config->{frr}->{''}}, "ip prefix-list loopbacks_ips seq 10 permit 0.0.0.0/0 le 32");
+	push(@{$config->{frr}->{''}}, "ip protocol bgp route-map correct_src");
+	push(@{$config->{frr}->{'route-map'}->{'correct_src permit 1'}}, "match ip address prefix-list loopbacks_ips");
+	push(@{$config->{frr}->{'route-map'}->{'correct_src permit 1'}}, "set src $ifaceip");
+    }
+
     return $config;
 }
 
diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 3e450cf..61a6314 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -258,6 +258,7 @@ sub sort_frr_config {
     $order->{'ipv4 unicast'} = 1;
     $order->{'ipv6 unicast'} = 2;
     $order->{'l2vpn evpn'} = 3;
+    $order->{'route-map'} = 200;
 
     my $a_val = 100;
     my $b_val = 100;
@@ -283,6 +284,7 @@ sub generate_frr_recurse{
    $keylist->{vrf} = 1;
    $keylist->{'address-family'} = 1;
    $keylist->{router} = 1;
+   $keylist->{'route-map'} = 1;
 
    my $exitkeylist = {};
    $exitkeylist->{vrf} = 1;
diff --git a/test/zones/evpn/ebgp_loopback/expected_controller_config b/test/zones/evpn/ebgp_loopback/expected_controller_config
index 23be7f9..01cb2c2 100644
--- a/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -5,6 +5,8 @@ frr defaults datacenter
 service integrated-vtysh-config
 hostname localhost
 !
+ip prefix-list loopbacks_ips seq 10 permit 0.0.0.0/0 le 32
+ip protocol bgp route-map correct_src
 !
 vrf vrf_myzone
  vni 1000
@@ -49,5 +51,9 @@ router bgp 65001 vrf vrf_myzone
   route-target export 65000:1000
  exit-address-family
 !
+route-map correct_src permit 1
+ match ip address prefix-list loopbacks_ips
+ set src 192.168.0.1
+!
 line vty
 !
\ No newline at end of file
-- 
2.30.2

[pve-devel] [PATCH pve-network 03/10] controllers: bgp: add bgp-multipath-as-path-relax option

[Alexandre Derumier]

Some users need it to do ecmp when peering with 2 differents asn

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/BgpPlugin.pm      |  9 ++++
 .../expected_controller_config                | 43 ++++++++++++++++
 .../multipath_relax/expected_sdn_interfaces   | 41 ++++++++++++++++
 test/zones/evpn/multipath_relax/interfaces    |  7 +++
 test/zones/evpn/multipath_relax/sdn_config    | 49 +++++++++++++++++++
 5 files changed, 149 insertions(+)
 create mode 100644 test/zones/evpn/multipath_relax/expected_controller_config
 create mode 100644 test/zones/evpn/multipath_relax/expected_sdn_interfaces
 create mode 100644 test/zones/evpn/multipath_relax/interfaces
 create mode 100644 test/zones/evpn/multipath_relax/sdn_config

diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index 075ca90..1e4e708 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -19,6 +19,10 @@ sub type {
 
 sub properties {
     return {
+	'bgp-multipath-as-path-relax' => {
+	    type => 'boolean',
+	    optional => 1,
+	},
 	ebgp => {
 	    type => 'boolean',
 	    optional => 1,
@@ -41,6 +45,7 @@ sub options {
 	'node' => { optional => 0 },
 	'asn' => { optional => 0 },
 	'peers' => { optional => 0 },
+	'bgp-multipath-as-path-relax' => { optional => 1 },
 	'ebgp' => { optional => 1 },
 	'ebgp-multihop' => { optional => 1 },
 	'loopback' => { optional => 1 },
@@ -58,6 +63,8 @@ sub generate_controller_config {
     my $ebgp = $plugin_config->{ebgp};
     my $ebgp_multihop = $plugin_config->{'ebgp-multihop'};
     my $loopback = $plugin_config->{loopback};
+    my $multipath_relax = $plugin_config->{'bgp-multipath-as-path-relax'};
+
     my $local_node = PVE::INotify::nodename();
 
 
@@ -86,6 +93,8 @@ sub generate_controller_config {
 	push @controller_config, "bgp disable-ebgp-connected-route-check" if $loopback;
     }
 
+    push @controller_config, "bgp bestpath as-path multipath-relax" if $multipath_relax;
+
     #BGP neighbors
     if(@peers) {
 	push @controller_config, "neighbor BGP peer-group";
diff --git a/test/zones/evpn/multipath_relax/expected_controller_config b/test/zones/evpn/multipath_relax/expected_controller_config
new file mode 100644
index 0000000..38cc836
--- /dev/null
+++ b/test/zones/evpn/multipath_relax/expected_controller_config
@@ -0,0 +1,43 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ bgp bestpath as-path multipath-relax
+ neighbor BGP peer-group
+ neighbor BGP remote-as 65000
+ neighbor BGP bfd
+ neighbor 192.168.0.1 peer-group BGP
+ neighbor 192.168.0.2 peer-group BGP
+ neighbor 192.168.0.3 peer-group BGP
+ !
+ address-family ipv4 unicast
+  neighbor BGP activate
+  neighbor BGP soft-reconfiguration inbound
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  neighbor VTEP activate
+  advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/multipath_relax/expected_sdn_interfaces b/test/zones/evpn/multipath_relax/expected_sdn_interfaces
new file mode 100644
index 0000000..4cf13e0
--- /dev/null
+++ b/test/zones/evpn/multipath_relax/expected_sdn_interfaces
@@ -0,0 +1,41 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 10.0.0.1/24
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	ip-forward on
+	arp-accept on
+	vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+	vrf-table auto
+	post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+	bridge-ports vrfvx_myzone
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+	vxlan-id 1000
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
diff --git a/test/zones/evpn/multipath_relax/interfaces b/test/zones/evpn/multipath_relax/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/multipath_relax/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
diff --git a/test/zones/evpn/multipath_relax/sdn_config b/test/zones/evpn/multipath_relax/sdn_config
new file mode 100644
index 0000000..5a1d8a7
--- /dev/null
+++ b/test/zones/evpn/multipath_relax/sdn_config
@@ -0,0 +1,49 @@
+{
+    version => 1,
+    vnets => {
+        ids => {
+            myvnet => {
+                tag => "100",
+                type => "vnet",
+                zone => "myzone",
+            },
+        },
+    },
+
+    zones   => {
+        ids => {
+            myzone => {
+                ipam => "pve",
+                type => "evpn",
+                controller => "evpnctl",
+                'vrf-vxlan' => 1000,
+            },
+        },
+    },
+    controllers  => {
+        ids => {
+            evpnctl => {
+                type => "evpn",
+                'peers' => '192.168.0.1,192.168.0.2,192.168.0.3',
+                asn => "65000",
+            },
+            localhost => {
+                type => "bgp",
+                'peers' => '192.168.0.1,192.168.0.2,192.168.0.3',
+                'bgp-multipath-as-path-relax' => "1",
+                asn => "65000",
+                node => "localhost",
+            },
+        },
+    },
+
+    subnets => {
+        ids => {
+            'myzone-10.0.0.0-24' => {
+                'type' => 'subnet',
+                'vnet' => 'myvnet',
+                'gateway' => '10.0.0.1',
+            },
+        },
+    },
+}
-- 
2.30.2

[pve-devel] [PATCH pve-network 04/10] controllers: evpn : add min/max value to asn

[Alexandre Derumier]

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/EvpnPlugin.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 61a6314..d02bdf7 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -22,6 +22,8 @@ sub properties {
 	asn => {
 	    type => 'integer',
 	    description => "autonomous system number",
+	    minimum => 0,
+	    maximum => 4294967296
 	},
 	peers => {
 	    description => "peers address list.",
-- 
2.30.2

[pve-devel] [PATCH pve-network 05/10] controllers: evpn/bgp : add exitnodes-primary && rework route-map

[Alexandre Derumier]

exitnodes-primary option force traffic to a primary node
A route-map is used to increase metric on backup nodes.
This can be usefull for snat or avoid asymetric routing.

Route-map is rework to handle multiple sequences of route map.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/BgpPlugin.pm      |  7 ++-
 PVE/Network/SDN/Controllers/EvpnPlugin.pm     | 33 +++++++++-
 PVE/Network/SDN/Zones/EvpnPlugin.pm           |  3 +
 .../expected_controller_config                |  3 +
 .../expected_controller_config                |  3 +
 .../evpn/ebgp/expected_controller_config      |  3 +
 .../ebgp_loopback/expected_controller_config  |  3 +
 .../evpn/exitnode/expected_controller_config  |  3 +
 .../expected_controller_config                |  3 +
 .../expected_controller_config                | 61 +++++++++++++++++++
 .../exitnode_primary/expected_sdn_interfaces  | 41 +++++++++++++
 test/zones/evpn/exitnode_primary/interfaces   |  7 +++
 test/zones/evpn/exitnode_primary/sdn_config   | 26 ++++++++
 .../exitnode_snat/expected_controller_config  |  3 +
 .../evpn/ipv4/expected_controller_config      |  3 +
 .../evpn/ipv4ipv6/expected_controller_config  |  3 +
 .../expected_controller_config                |  3 +
 .../evpn/ipv6/expected_controller_config      |  3 +
 .../expected_controller_config                |  3 +
 19 files changed, 210 insertions(+), 4 deletions(-)
 create mode 100644 test/zones/evpn/exitnode_primary/expected_controller_config
 create mode 100644 test/zones/evpn/exitnode_primary/expected_sdn_interfaces
 create mode 100644 test/zones/evpn/exitnode_primary/interfaces
 create mode 100644 test/zones/evpn/exitnode_primary/sdn_config

diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index 1e4e708..70c7264 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -122,8 +122,11 @@ sub generate_controller_config {
     if ($loopback) {
 	push(@{$config->{frr}->{''}}, "ip prefix-list loopbacks_ips seq 10 permit 0.0.0.0/0 le 32");
 	push(@{$config->{frr}->{''}}, "ip protocol bgp route-map correct_src");
-	push(@{$config->{frr}->{'route-map'}->{'correct_src permit 1'}}, "match ip address prefix-list loopbacks_ips");
-	push(@{$config->{frr}->{'route-map'}->{'correct_src permit 1'}}, "set src $ifaceip");
+
+	my $routemap_config = [];
+	push @{$routemap_config}, "match ip address prefix-list loopbacks_ips";
+	push @{$routemap_config}, "set src $ifaceip";
+	push(@{$config->{frr_routemap}->{'correct_src'}}, $routemap_config);
     }
 
     return $config;
diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index d02bdf7..2b48e9a 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -99,11 +99,14 @@ sub generate_controller_config {
 
     # address-family l2vpn
     @controller_config = ();
+    push @controller_config, "neighbor VTEP route-map MAP_VTEP_OUT out";
     push @controller_config, "neighbor VTEP activate";
     push @controller_config, "advertise-all-vni";
     push @controller_config, "autort as $autortas" if $autortas;
     push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
 
+    push(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, []);
+
     return $config;
 }
 
@@ -115,6 +118,7 @@ sub generate_controller_zone_config {
     my $vrf = "vrf_$id";
     my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
     my $exitnodes = $plugin_config->{'exitnodes'};
+    my $exitnodes_primary = $plugin_config->{'exitnodes-primary'};
     my $advertisesubnets = $plugin_config->{'advertise-subnets'};
     my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'};
 
@@ -152,6 +156,14 @@ sub generate_controller_zone_config {
 
     if ($is_gateway) {
 
+        if($exitnodes_primary && $exitnodes_primary ne $local_node) {
+	    my $routemap_config = ();
+	    push @{$routemap_config}, "match evpn vni $vrfvxlan";
+	    push @{$routemap_config}, "match evpn route-type prefix";
+	    push @{$routemap_config}, "set metric 200";
+	    unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap_config);
+        }
+
 	if (!$exitnodes_local_routing) {
 	    @controller_config = ();
 	    #import /32 routes of evpn network from vrf1 to default vrf (for packet return)
@@ -260,7 +272,6 @@ sub sort_frr_config {
     $order->{'ipv4 unicast'} = 1;
     $order->{'ipv6 unicast'} = 2;
     $order->{'l2vpn evpn'} = 3;
-    $order->{'route-map'} = 200;
 
     my $a_val = 100;
     my $b_val = 100;
@@ -286,7 +297,6 @@ sub generate_frr_recurse{
    $keylist->{vrf} = 1;
    $keylist->{'address-family'} = 1;
    $keylist->{router} = 1;
-   $keylist->{'route-map'} = 1;
 
    my $exitkeylist = {};
    $exitkeylist->{vrf} = 1;
@@ -324,6 +334,23 @@ sub generate_frr_recurse{
     }
 }
 
+sub generate_frr_routemap {
+   my ($final_config, $routemaps) = @_;
+
+   foreach my $id (sort keys %$routemaps) {
+
+	my $routemap = $routemaps->{$id};
+	my $order = 0;
+	foreach my $seq (@$routemap) {
+		$order++;
+		my @config = ();
+		push @config, "!";
+		push @config, "route-map $id permit $order";
+		push @config, map { " $_" } @$seq;
+		push @{$final_config}, @config;
+	}
+   }
+}
 sub generate_controller_rawconfig {
     my ($class, $plugin_config, $config) = @_;
 
@@ -340,6 +367,7 @@ sub generate_controller_rawconfig {
 
     if (-e "/etc/frr/frr.conf.local") {
 	generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1);
+	generate_frr_routemap($final_config, $config->{frr_routemap});
 	push @{$final_config}, "!";
 
 	my $local_conf = file_get_contents("/etc/frr/frr.conf.local");
@@ -347,6 +375,7 @@ sub generate_controller_rawconfig {
 	push @{$final_config}, $local_conf;
     } else {
 	generate_frr_recurse($final_config, $config->{frr}, undef, 0);
+	generate_frr_routemap($final_config, $config->{frr_routemap});
     }
 
     push @{$final_config}, "!";
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 50ea619..62c968c 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -40,6 +40,8 @@ sub properties {
 	    description => "Allow exitnodes to connect to evpn guests",
 	    optional => 1
 	},
+	'exitnodes-primary' => get_standard_option('pve-node', {
+	    description => "Force traffic to this exitnode first."}),
 	'advertise-subnets' => {
 	    type => 'boolean',
 	    description => "Advertise evpn subnets if you have silent hosts",
@@ -60,6 +62,7 @@ sub options {
 	controller => { optional => 0 },
 	exitnodes => { optional => 1 },
 	'exitnodes-local-routing' => { optional => 1 },
+	'exitnodes-primary' => { optional => 1 },
 	'advertise-subnets' => { optional => 1 },
 	'disable-arp-nd-suppression' => { optional => 1 },
 	mtu => { optional => 1 },
diff --git a/test/zones/evpn/advertise_subnets/expected_controller_config b/test/zones/evpn/advertise_subnets/expected_controller_config
index aa6b3bd..cdaf0d4 100644
--- a/test/zones/evpn/advertise_subnets/expected_controller_config
+++ b/test/zones/evpn/advertise_subnets/expected_controller_config
@@ -21,6 +21,7 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
@@ -40,5 +41,7 @@ router bgp 65000 vrf vrf_myzone
   advertise ipv6 unicast
  exit-address-family
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config b/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
index c0ca898..e1d425f 100644
--- a/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
+++ b/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
@@ -21,11 +21,14 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/ebgp/expected_controller_config b/test/zones/evpn/ebgp/expected_controller_config
index be3e1af..f6c8f18 100644
--- a/test/zones/evpn/ebgp/expected_controller_config
+++ b/test/zones/evpn/ebgp/expected_controller_config
@@ -33,6 +33,7 @@ router bgp 65001
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
   autort as 65000
@@ -46,5 +47,7 @@ router bgp 65001 vrf vrf_myzone
   route-target export 65000:1000
  exit-address-family
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/ebgp_loopback/expected_controller_config b/test/zones/evpn/ebgp_loopback/expected_controller_config
index 01cb2c2..64dff4e 100644
--- a/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -38,6 +38,7 @@ router bgp 65001
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
   autort as 65000
@@ -51,6 +52,8 @@ router bgp 65001 vrf vrf_myzone
   route-target export 65000:1000
  exit-address-family
 !
+route-map MAP_VTEP_OUT permit 1
+!
 route-map correct_src permit 1
  match ip address prefix-list loopbacks_ips
  set src 192.168.0.1
diff --git a/test/zones/evpn/exitnode/expected_controller_config b/test/zones/evpn/exitnode/expected_controller_config
index 57ff6ff..8a535b3 100644
--- a/test/zones/evpn/exitnode/expected_controller_config
+++ b/test/zones/evpn/exitnode/expected_controller_config
@@ -29,6 +29,7 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
@@ -48,5 +49,7 @@ router bgp 65000 vrf vrf_myzone
   default-originate ipv6
  exit-address-family
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/exitnode_local_routing/expected_controller_config b/test/zones/evpn/exitnode_local_routing/expected_controller_config
index abd065b..876da86 100644
--- a/test/zones/evpn/exitnode_local_routing/expected_controller_config
+++ b/test/zones/evpn/exitnode_local_routing/expected_controller_config
@@ -22,6 +22,7 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
@@ -33,5 +34,7 @@ router bgp 65000 vrf vrf_myzone
   default-originate ipv6
  exit-address-family
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/exitnode_primary/expected_controller_config b/test/zones/evpn/exitnode_primary/expected_controller_config
new file mode 100644
index 0000000..5306645
--- /dev/null
+++ b/test/zones/evpn/exitnode_primary/expected_controller_config
@@ -0,0 +1,61 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family ipv4 unicast
+  import vrf vrf_myzone
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  import vrf vrf_myzone
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
+  neighbor VTEP activate
+  advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
+ !
+ address-family ipv4 unicast
+  redistribute connected
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  redistribute connected
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  default-originate ipv4
+  default-originate ipv6
+ exit-address-family
+!
+route-map MAP_VTEP_OUT permit 1
+ match evpn vni 1000
+ match evpn route-type prefix
+ set metric 200
+!
+route-map MAP_VTEP_OUT permit 2
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/exitnode_primary/expected_sdn_interfaces b/test/zones/evpn/exitnode_primary/expected_sdn_interfaces
new file mode 100644
index 0000000..5ab3084
--- /dev/null
+++ b/test/zones/evpn/exitnode_primary/expected_sdn_interfaces
@@ -0,0 +1,41 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 10.0.0.1/24
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	ip-forward on
+	arp-accept on
+	vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+	vrf-table auto
+	post-up ip route del vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+	bridge-ports vrfvx_myzone
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+	vxlan-id 1000
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
diff --git a/test/zones/evpn/exitnode_primary/interfaces b/test/zones/evpn/exitnode_primary/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/exitnode_primary/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
diff --git a/test/zones/evpn/exitnode_primary/sdn_config b/test/zones/evpn/exitnode_primary/sdn_config
new file mode 100644
index 0000000..bfeafc5
--- /dev/null
+++ b/test/zones/evpn/exitnode_primary/sdn_config
@@ -0,0 +1,26 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+                      },
+             },
+
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'exitnodes-primary' => "othernode", exitnodes => { 'localhost' => 1 } } },
+             },
+  controllers  => {
+               ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+             },
+
+  subnets => {
+              ids => { 'myzone-10.0.0.0-24' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '10.0.0.1',
+						  }
+		     }
+	     }
+}
+
+
diff --git a/test/zones/evpn/exitnode_snat/expected_controller_config b/test/zones/evpn/exitnode_snat/expected_controller_config
index 57ff6ff..8a535b3 100644
--- a/test/zones/evpn/exitnode_snat/expected_controller_config
+++ b/test/zones/evpn/exitnode_snat/expected_controller_config
@@ -29,6 +29,7 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
@@ -48,5 +49,7 @@ router bgp 65000 vrf vrf_myzone
   default-originate ipv6
  exit-address-family
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/ipv4/expected_controller_config b/test/zones/evpn/ipv4/expected_controller_config
index c0ca898..e1d425f 100644
--- a/test/zones/evpn/ipv4/expected_controller_config
+++ b/test/zones/evpn/ipv4/expected_controller_config
@@ -21,11 +21,14 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/ipv4ipv6/expected_controller_config b/test/zones/evpn/ipv4ipv6/expected_controller_config
index c0ca898..e1d425f 100644
--- a/test/zones/evpn/ipv4ipv6/expected_controller_config
+++ b/test/zones/evpn/ipv4ipv6/expected_controller_config
@@ -21,11 +21,14 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
index c0ca898..e1d425f 100644
--- a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
+++ b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
@@ -21,11 +21,14 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/ipv6/expected_controller_config b/test/zones/evpn/ipv6/expected_controller_config
index c0ca898..e1d425f 100644
--- a/test/zones/evpn/ipv6/expected_controller_config
+++ b/test/zones/evpn/ipv6/expected_controller_config
@@ -21,11 +21,14 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
diff --git a/test/zones/evpn/multipath_relax/expected_controller_config b/test/zones/evpn/multipath_relax/expected_controller_config
index 38cc836..18095ec 100644
--- a/test/zones/evpn/multipath_relax/expected_controller_config
+++ b/test/zones/evpn/multipath_relax/expected_controller_config
@@ -33,11 +33,14 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
   neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
 !
+route-map MAP_VTEP_OUT permit 1
+!
 line vty
 !
\ No newline at end of file
-- 
2.30.2

[pve-devel] [PATCH pve-network 06/10] controllers: evpn: add missing bgp router-id in vrf

[Alexandre Derumier]

evpn route distinguisher is compute from bgp router-id.
if not defined, it take random ip or 0.0.0.0 and could result collisions between hosts

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/EvpnPlugin.pm                     | 4 ++++
 test/zones/evpn/advertise_subnets/expected_controller_config  | 1 +
 .../disable_arp_nd_suppression/expected_controller_config     | 1 +
 test/zones/evpn/ebgp/expected_controller_config               | 1 +
 test/zones/evpn/ebgp_loopback/expected_controller_config      | 1 +
 test/zones/evpn/exitnode/expected_controller_config           | 1 +
 .../evpn/exitnode_local_routing/expected_controller_config    | 1 +
 test/zones/evpn/exitnode_snat/expected_controller_config      | 1 +
 test/zones/evpn/ipv4/expected_controller_config               | 1 +
 test/zones/evpn/ipv4ipv6/expected_controller_config           | 1 +
 test/zones/evpn/ipv4ipv6nogateway/expected_controller_config  | 1 +
 test/zones/evpn/ipv6/expected_controller_config               | 1 +
 test/zones/evpn/multipath_relax/expected_controller_config    | 1 +
 13 files changed, 16 insertions(+)

diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 2b48e9a..96abb9f 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -123,6 +123,7 @@ sub generate_controller_zone_config {
     my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'};
 
     my $asn = $controller->{asn};
+    my @peers = PVE::Tools::split_list($controller->{'peers'}) if $controller->{'peers'};
     my $ebgp = undef;
     my $loopback = undef;
     my $autortas = undef;
@@ -136,6 +137,8 @@ sub generate_controller_zone_config {
 
     return if !$vrf || !$vrfvxlan || !$asn;
 
+    my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers, $loopback);
+
     # vrf
     my @controller_config = ();
     push @controller_config, "vni $vrfvxlan";
@@ -143,6 +146,7 @@ sub generate_controller_zone_config {
 
     #main vrf router
     @controller_config = ();
+    push @controller_config, "bgp router-id $ifaceip";
     push @controller_config, "no bgp ebgp-requires-policy" if $ebgp;
 #    push @controller_config, "!";
     push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, @controller_config);
diff --git a/test/zones/evpn/advertise_subnets/expected_controller_config b/test/zones/evpn/advertise_subnets/expected_controller_config
index cdaf0d4..73da849 100644
--- a/test/zones/evpn/advertise_subnets/expected_controller_config
+++ b/test/zones/evpn/advertise_subnets/expected_controller_config
@@ -27,6 +27,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
  !
  address-family ipv4 unicast
   redistribute connected
diff --git a/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config b/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
index e1d425f..4120409 100644
--- a/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
+++ b/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
@@ -27,6 +27,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
 !
 route-map MAP_VTEP_OUT permit 1
 !
diff --git a/test/zones/evpn/ebgp/expected_controller_config b/test/zones/evpn/ebgp/expected_controller_config
index f6c8f18..ae35a35 100644
--- a/test/zones/evpn/ebgp/expected_controller_config
+++ b/test/zones/evpn/ebgp/expected_controller_config
@@ -40,6 +40,7 @@ router bgp 65001
  exit-address-family
 !
 router bgp 65001 vrf vrf_myzone
+ bgp router-id 192.168.0.1
  no bgp ebgp-requires-policy
  !
  address-family l2vpn evpn
diff --git a/test/zones/evpn/ebgp_loopback/expected_controller_config b/test/zones/evpn/ebgp_loopback/expected_controller_config
index 64dff4e..55141b2 100644
--- a/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -45,6 +45,7 @@ router bgp 65001
  exit-address-family
 !
 router bgp 65001 vrf vrf_myzone
+ bgp router-id 192.168.0.1
  no bgp ebgp-requires-policy
  !
  address-family l2vpn evpn
diff --git a/test/zones/evpn/exitnode/expected_controller_config b/test/zones/evpn/exitnode/expected_controller_config
index 8a535b3..38f358b 100644
--- a/test/zones/evpn/exitnode/expected_controller_config
+++ b/test/zones/evpn/exitnode/expected_controller_config
@@ -35,6 +35,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
  !
  address-family ipv4 unicast
   redistribute connected
diff --git a/test/zones/evpn/exitnode_local_routing/expected_controller_config b/test/zones/evpn/exitnode_local_routing/expected_controller_config
index 876da86..1968def 100644
--- a/test/zones/evpn/exitnode_local_routing/expected_controller_config
+++ b/test/zones/evpn/exitnode_local_routing/expected_controller_config
@@ -28,6 +28,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
  !
  address-family l2vpn evpn
   default-originate ipv4
diff --git a/test/zones/evpn/exitnode_snat/expected_controller_config b/test/zones/evpn/exitnode_snat/expected_controller_config
index 8a535b3..38f358b 100644
--- a/test/zones/evpn/exitnode_snat/expected_controller_config
+++ b/test/zones/evpn/exitnode_snat/expected_controller_config
@@ -35,6 +35,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
  !
  address-family ipv4 unicast
   redistribute connected
diff --git a/test/zones/evpn/ipv4/expected_controller_config b/test/zones/evpn/ipv4/expected_controller_config
index e1d425f..4120409 100644
--- a/test/zones/evpn/ipv4/expected_controller_config
+++ b/test/zones/evpn/ipv4/expected_controller_config
@@ -27,6 +27,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
 !
 route-map MAP_VTEP_OUT permit 1
 !
diff --git a/test/zones/evpn/ipv4ipv6/expected_controller_config b/test/zones/evpn/ipv4ipv6/expected_controller_config
index e1d425f..4120409 100644
--- a/test/zones/evpn/ipv4ipv6/expected_controller_config
+++ b/test/zones/evpn/ipv4ipv6/expected_controller_config
@@ -27,6 +27,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
 !
 route-map MAP_VTEP_OUT permit 1
 !
diff --git a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
index e1d425f..4120409 100644
--- a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
+++ b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
@@ -27,6 +27,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
 !
 route-map MAP_VTEP_OUT permit 1
 !
diff --git a/test/zones/evpn/ipv6/expected_controller_config b/test/zones/evpn/ipv6/expected_controller_config
index e1d425f..4120409 100644
--- a/test/zones/evpn/ipv6/expected_controller_config
+++ b/test/zones/evpn/ipv6/expected_controller_config
@@ -27,6 +27,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
 !
 route-map MAP_VTEP_OUT permit 1
 !
diff --git a/test/zones/evpn/multipath_relax/expected_controller_config b/test/zones/evpn/multipath_relax/expected_controller_config
index 18095ec..d7f51b1 100644
--- a/test/zones/evpn/multipath_relax/expected_controller_config
+++ b/test/zones/evpn/multipath_relax/expected_controller_config
@@ -39,6 +39,7 @@ router bgp 65000
  exit-address-family
 !
 router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
 !
 route-map MAP_VTEP_OUT permit 1
 !
-- 
2.30.2

[pve-devel] [PATCH pve-network 07/10] zones: evpn : add rt-import

[Alexandre Derumier]

Allow to import external route target list from external evpn network
(main usecase is DC inter-connect)

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/EvpnPlugin.pm     |  9 ++++
 PVE/Network/SDN/Zones/EvpnPlugin.pm           | 28 ++++++++++++-
 .../evpn/rt_import/expected_controller_config | 41 ++++++++++++++++++
 .../evpn/rt_import/expected_sdn_interfaces    | 42 +++++++++++++++++++
 test/zones/evpn/rt_import/interfaces          |  7 ++++
 test/zones/evpn/rt_import/sdn_config          | 26 ++++++++++++
 6 files changed, 152 insertions(+), 1 deletion(-)
 create mode 100644 test/zones/evpn/rt_import/expected_controller_config
 create mode 100644 test/zones/evpn/rt_import/expected_sdn_interfaces
 create mode 100644 test/zones/evpn/rt_import/interfaces
 create mode 100644 test/zones/evpn/rt_import/sdn_config

diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 96abb9f..6d9b059 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -121,6 +121,7 @@ sub generate_controller_zone_config {
     my $exitnodes_primary = $plugin_config->{'exitnodes-primary'};
     my $advertisesubnets = $plugin_config->{'advertise-subnets'};
     my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'};
+    my $rt_import = [PVE::Tools::split_list($plugin_config->{'rt-import'})] if $plugin_config->{'rt-import'};
 
     my $asn = $controller->{asn};
     my @peers = PVE::Tools::split_list($controller->{'peers'}) if $controller->{'peers'};
@@ -202,6 +203,14 @@ sub generate_controller_zone_config {
 	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
     }
 
+    if($rt_import) {
+	@controller_config = ();
+	foreach my $rt (sort @{$rt_import}) {
+	    push @controller_config, "route-target import $rt";
+	}
+	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
+    }
+
     return $config;
 }
 
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 62c968c..a5a7539 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -19,6 +19,26 @@ sub type {
     return 'evpn';
 }
 
+PVE::JSONSchema::register_format('pve-sdn-bgp-rt', \&pve_verify_sdn_bgp_rt);
+sub pve_verify_sdn_bgp_rt {
+    my ($rt) = @_;
+
+    if ($rt =~ m/^(\d+):(\d+)$/) {
+	my $asn = $1;
+	my $id = $2;
+
+	if ($asn < 0 || $asn > 4294967295) {
+	    die "value does not look like a valid bgp route-target\n";
+	}
+	if ($id < 0 || $id > 4294967295) {
+	    die "value does not look like a valid bgp route-target\n";
+	}
+    } else {
+	die "value does not look like a valid bgp route-target\n";
+    }
+    return $rt;
+}
+
 sub properties {
     return {
 	'vrf-vxlan' => {
@@ -51,7 +71,12 @@ sub properties {
 	    type => 'boolean',
 	    description => "Disable ipv4 arp && ipv6 neighbour discovery suppression",
 	    optional => 1
-	}
+	},
+	'rt-import' => {
+	    type => 'string',
+	    description => "Route-Target import",
+	    optional => 1, format => 'pve-sdn-bgp-rt-list'
+        }
     };
 }
 
@@ -65,6 +90,7 @@ sub options {
 	'exitnodes-primary' => { optional => 1 },
 	'advertise-subnets' => { optional => 1 },
 	'disable-arp-nd-suppression' => { optional => 1 },
+	'rt-import' => { optional => 1 },
 	mtu => { optional => 1 },
 	mac => { optional => 1 },
 	dns => { optional => 1 },
diff --git a/test/zones/evpn/rt_import/expected_controller_config b/test/zones/evpn/rt_import/expected_controller_config
new file mode 100644
index 0000000..dc15476
--- /dev/null
+++ b/test/zones/evpn/rt_import/expected_controller_config
@@ -0,0 +1,41 @@
+log syslog informational
+ip forwarding
+ipv6 forwarding
+frr defaults datacenter
+service integrated-vtysh-config
+hostname localhost
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_OUT out
+  neighbor VTEP activate
+  advertise-all-vni
+ exit-address-family
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
+ !
+ address-family l2vpn evpn
+  route-target import 65001:1000
+  route-target import 65002:1000
+  route-target import 65003:1000
+ exit-address-family
+!
+route-map MAP_VTEP_OUT permit 1
+!
+line vty
+!
\ No newline at end of file
diff --git a/test/zones/evpn/rt_import/expected_sdn_interfaces b/test/zones/evpn/rt_import/expected_sdn_interfaces
new file mode 100644
index 0000000..9d1c64c
--- /dev/null
+++ b/test/zones/evpn/rt_import/expected_sdn_interfaces
@@ -0,0 +1,42 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 10.0.0.1/24
+	hwaddress A2:1D:CB:1A:C0:8B
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	ip-forward on
+	arp-accept on
+	vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+	vrf-table auto
+	post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+	bridge-ports vrfvx_myzone
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+	vxlan-id 1000
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
diff --git a/test/zones/evpn/rt_import/interfaces b/test/zones/evpn/rt_import/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/evpn/rt_import/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
diff --git a/test/zones/evpn/rt_import/sdn_config b/test/zones/evpn/rt_import/sdn_config
new file mode 100644
index 0000000..b62bb2e
--- /dev/null
+++ b/test/zones/evpn/rt_import/sdn_config
@@ -0,0 +1,26 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+                      },
+             },
+
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000, 'mac' => 'A2:1D:CB:1A:C0:8B', 'rt-import' => '65001:1000,65002:1000,65003:1000' } },
+             },
+  controllers  => {
+               ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+             },
+
+  subnets => {
+              ids => { 'myzone-10.0.0.0-24' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '10.0.0.1',
+						  }
+		     }
+	     }
+}
+
+
-- 
2.30.2

[pve-devel] [PATCH pve-network 08/10] controllers: evpn : remove "no bgp ebgp-requires-policy"

[Alexandre Derumier]

It's already disabled in the default datacenter profile since frr 7.4

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/BgpPlugin.pm                 | 1 -
 PVE/Network/SDN/Controllers/EvpnPlugin.pm                | 1 -
 test/zones/evpn/ebgp/expected_controller_config          | 2 --
 test/zones/evpn/ebgp_loopback/expected_controller_config | 2 --
 4 files changed, 6 deletions(-)

diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index 70c7264..bfeda0c 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -89,7 +89,6 @@ sub generate_controller_config {
 
     @controller_config = ();
     if($ebgp) {
-	push @controller_config, "no bgp ebgp-requires-policy";
 	push @controller_config, "bgp disable-ebgp-connected-route-check" if $loopback;
     }
 
diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 6d9b059..c4aac91 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -148,7 +148,6 @@ sub generate_controller_zone_config {
     #main vrf router
     @controller_config = ();
     push @controller_config, "bgp router-id $ifaceip";
-    push @controller_config, "no bgp ebgp-requires-policy" if $ebgp;
 #    push @controller_config, "!";
     push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, @controller_config);
 
diff --git a/test/zones/evpn/ebgp/expected_controller_config b/test/zones/evpn/ebgp/expected_controller_config
index ae35a35..50d01c1 100644
--- a/test/zones/evpn/ebgp/expected_controller_config
+++ b/test/zones/evpn/ebgp/expected_controller_config
@@ -19,7 +19,6 @@ router bgp 65001
  neighbor VTEP bfd
  neighbor 192.168.0.2 peer-group VTEP
  neighbor 192.168.0.3 peer-group VTEP
- no bgp ebgp-requires-policy
  neighbor BGP peer-group
  neighbor BGP remote-as external
  neighbor BGP bfd
@@ -41,7 +40,6 @@ router bgp 65001
 !
 router bgp 65001 vrf vrf_myzone
  bgp router-id 192.168.0.1
- no bgp ebgp-requires-policy
  !
  address-family l2vpn evpn
   route-target import 65000:1000
diff --git a/test/zones/evpn/ebgp_loopback/expected_controller_config b/test/zones/evpn/ebgp_loopback/expected_controller_config
index 55141b2..5b246c6 100644
--- a/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -23,7 +23,6 @@ router bgp 65001
  neighbor VTEP update-source dummy1
  neighbor 192.168.0.2 peer-group VTEP
  neighbor 192.168.0.3 peer-group VTEP
- no bgp ebgp-requires-policy
  bgp disable-ebgp-connected-route-check
  neighbor BGP peer-group
  neighbor BGP remote-as external
@@ -46,7 +45,6 @@ router bgp 65001
 !
 router bgp 65001 vrf vrf_myzone
  bgp router-id 192.168.0.1
- no bgp ebgp-requires-policy
  !
  address-family l2vpn evpn
   route-target import 65000:1000
-- 
2.30.2

[pve-devel] [PATCH pve-network 09/10] controllers: bgp : remove bgp network import-check

[Alexandre Derumier]

already enabled since frr 7.4

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/BgpPlugin.pm | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm b/PVE/Network/SDN/Controllers/BgpPlugin.pm
index bfeda0c..73ed171 100644
--- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -81,8 +81,7 @@ sub generate_controller_config {
     my @controller_config = (
         "bgp router-id $ifaceip",
         "no bgp default ipv4-unicast",
-        "coalesce-time 1000",
-        "bgp network import-check"
+        "coalesce-time 1000"
     );
 
     push(@{$bgp->{""}}, @controller_config) if keys %{$bgp} == 0;
-- 
2.30.2

[pve-devel] [PATCH pve-network 10/10] controllers: evpn : remove ip forwarding, ipv6 forwarding and add frr version

[Alexandre Derumier]

Forwarding is enabled by default since frr 7.4
also add frr version && reorder some options to avoid warning message on frr reload

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Controllers/EvpnPlugin.pm                  | 7 +++----
 .../evpn/advertise_subnets/expected_controller_config      | 7 +++----
 .../disable_arp_nd_suppression/expected_controller_config  | 7 +++----
 test/zones/evpn/ebgp/expected_controller_config            | 7 +++----
 test/zones/evpn/ebgp_loopback/expected_controller_config   | 7 +++----
 test/zones/evpn/exitnode/expected_controller_config        | 7 +++----
 .../evpn/exitnode_local_routing/expected_controller_config | 7 +++----
 .../zones/evpn/exitnode_primary/expected_controller_config | 7 +++----
 test/zones/evpn/exitnode_snat/expected_controller_config   | 7 +++----
 test/zones/evpn/ipv4/expected_controller_config            | 7 +++----
 test/zones/evpn/ipv4ipv6/expected_controller_config        | 7 +++----
 .../evpn/ipv4ipv6nogateway/expected_controller_config      | 7 +++----
 test/zones/evpn/ipv6/expected_controller_config            | 7 +++----
 test/zones/evpn/multipath_relax/expected_controller_config | 7 +++----
 test/zones/evpn/rt_import/expected_controller_config       | 7 +++----
 15 files changed, 45 insertions(+), 60 deletions(-)

diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index c4aac91..70a9da1 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -369,12 +369,11 @@ sub generate_controller_rawconfig {
     my $nodename = PVE::INotify::nodename();
 
     my $final_config = [];
-    push @{$final_config}, "log syslog informational";
-    push @{$final_config}, "ip forwarding";
-    push @{$final_config}, "ipv6 forwarding";
+    push @{$final_config}, "frr version 8.0.1";
     push @{$final_config}, "frr defaults datacenter";
-    push @{$final_config}, "service integrated-vtysh-config";
     push @{$final_config}, "hostname $nodename";
+    push @{$final_config}, "log syslog informational";
+    push @{$final_config}, "service integrated-vtysh-config";
     push @{$final_config}, "!";
 
     if (-e "/etc/frr/frr.conf.local") {
diff --git a/test/zones/evpn/advertise_subnets/expected_controller_config b/test/zones/evpn/advertise_subnets/expected_controller_config
index 73da849..c9545bc 100644
--- a/test/zones/evpn/advertise_subnets/expected_controller_config
+++ b/test/zones/evpn/advertise_subnets/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config b/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
index 4120409..5a8fb99 100644
--- a/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
+++ b/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/ebgp/expected_controller_config b/test/zones/evpn/ebgp/expected_controller_config
index 50d01c1..5c9a7c6 100644
--- a/test/zones/evpn/ebgp/expected_controller_config
+++ b/test/zones/evpn/ebgp/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/ebgp_loopback/expected_controller_config b/test/zones/evpn/ebgp_loopback/expected_controller_config
index 5b246c6..5ec19a8 100644
--- a/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 ip prefix-list loopbacks_ips seq 10 permit 0.0.0.0/0 le 32
 ip protocol bgp route-map correct_src
diff --git a/test/zones/evpn/exitnode/expected_controller_config b/test/zones/evpn/exitnode/expected_controller_config
index 38f358b..96d89f3 100644
--- a/test/zones/evpn/exitnode/expected_controller_config
+++ b/test/zones/evpn/exitnode/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/exitnode_local_routing/expected_controller_config b/test/zones/evpn/exitnode_local_routing/expected_controller_config
index 1968def..812043e 100644
--- a/test/zones/evpn/exitnode_local_routing/expected_controller_config
+++ b/test/zones/evpn/exitnode_local_routing/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 ip route 10.0.0.0/24 10.255.255.2 xvrf_myzone
 !
diff --git a/test/zones/evpn/exitnode_primary/expected_controller_config b/test/zones/evpn/exitnode_primary/expected_controller_config
index 5306645..5f23bdc 100644
--- a/test/zones/evpn/exitnode_primary/expected_controller_config
+++ b/test/zones/evpn/exitnode_primary/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/exitnode_snat/expected_controller_config b/test/zones/evpn/exitnode_snat/expected_controller_config
index 38f358b..96d89f3 100644
--- a/test/zones/evpn/exitnode_snat/expected_controller_config
+++ b/test/zones/evpn/exitnode_snat/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/ipv4/expected_controller_config b/test/zones/evpn/ipv4/expected_controller_config
index 4120409..5a8fb99 100644
--- a/test/zones/evpn/ipv4/expected_controller_config
+++ b/test/zones/evpn/ipv4/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/ipv4ipv6/expected_controller_config b/test/zones/evpn/ipv4ipv6/expected_controller_config
index 4120409..5a8fb99 100644
--- a/test/zones/evpn/ipv4ipv6/expected_controller_config
+++ b/test/zones/evpn/ipv4ipv6/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
index 4120409..5a8fb99 100644
--- a/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
+++ b/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/ipv6/expected_controller_config b/test/zones/evpn/ipv6/expected_controller_config
index 4120409..5a8fb99 100644
--- a/test/zones/evpn/ipv6/expected_controller_config
+++ b/test/zones/evpn/ipv6/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/multipath_relax/expected_controller_config b/test/zones/evpn/multipath_relax/expected_controller_config
index d7f51b1..ec3ce69 100644
--- a/test/zones/evpn/multipath_relax/expected_controller_config
+++ b/test/zones/evpn/multipath_relax/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
diff --git a/test/zones/evpn/rt_import/expected_controller_config b/test/zones/evpn/rt_import/expected_controller_config
index dc15476..bcd2479 100644
--- a/test/zones/evpn/rt_import/expected_controller_config
+++ b/test/zones/evpn/rt_import/expected_controller_config
@@ -1,9 +1,8 @@
-log syslog informational
-ip forwarding
-ipv6 forwarding
+frr version 8.0.1
 frr defaults datacenter
-service integrated-vtysh-config
 hostname localhost
+log syslog informational
+service integrated-vtysh-config
 !
 !
 vrf vrf_myzone
-- 
2.30.2

[pve-devel] applied-series: [PATCH pve-network 00/10] bgp/evpn improvements

[Thomas Lamprecht]

On 11.02.22 10:33, Alexandre Derumier wrote:
> This patch series include a lot of new evpn features requested by user forum
> and add some fixes/cleanup with new frr version
> 
> Alexandre Derumier (10):
>   zones: status : skip node if node don't have the zone
>   controllers: bgp: use loopback ip src for loopback network
>   controllers: bgp: add bgp-multipath-as-path-relax option
>   controllers: evpn : add min/max value to asn
>   controllers: evpn/bgp : add exitnodes-primary && rework route-map
>   controllers: evpn: add missing bgp router-id in vrf
>   zones: evpn : add rt-import
>   controllers: evpn : remove "no bgp ebgp-requires-policy"
>   controllers: bgp : remove bgp network import-check
>   controllers: evpn : remove ip forwarding, ipv6 forwarding and add frr
>     version

applied series, thanks!