From: Gabriel Goller <g.goller@proxmox.com>
To: Stefan Hanreich <s.hanreich@proxmox.com>
Cc: pve-devel@lists.proxmox.com
Subject: Re: [PATCH pve-network v2 6/9] sdn: adjust frr.conf.local merging to rust template types
Date: Wed, 4 Mar 2026 15:37:44 +0100 [thread overview]
Message-ID: <gbdpkbxkuyddh3snrsjaoqqn3urgi3aiv3jn34siitsn4xsorg@t5nt5xjfze3s> (raw)
In-Reply-To: <35bbc676-4261-4887-a5a4-9553d026a5bd@proxmox.com>
On 03.03.2026 16:19, Stefan Hanreich wrote:
> On 3/2/26 1:56 PM, Gabriel Goller wrote:
> > The frr object in perl which stores the whole frr config is now also
> > modeled in rust, so it changed a bit. Adjust the frr.conf.local merging
> > code so that the frr.conf.local is still merged correctly. This makes
> > use of the `custom_frr_config` properties scattered in many rust types.
> > So if we encounter a line in frr.conf.local that we need to merge, we
> > just throw it into this string vec and render it as-is.
> >
> > Co-authored-by: Stefan Hanreich <s.hanreich@proxmox.com>
> > Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> > ---
> > src/PVE/Network/SDN/Frr.pm | 202 ++++++++++++++++++++++++++++++-------
> > 1 file changed, 168 insertions(+), 34 deletions(-)
> >
> > diff --git a/src/PVE/Network/SDN/Frr.pm b/src/PVE/Network/SDN/Frr.pm
> > index b572f4536004..af3074017ddf 100644
> > --- a/src/PVE/Network/SDN/Frr.pm
> > +++ b/src/PVE/Network/SDN/Frr.pm
> > @@ -271,70 +271,204 @@ sub append_local_config {
> > return if !$local_config;
> >
> > my $section = \$frr_config->{""};
> > - my $router = undef;
> > + my $isis_router_name = undef;
> > + my $bgp_router_asn = undef;
> > + my $bgp_router_vrf = undef;
> > my $routemap = undef;
> > - my $routemap_config = ();
> > - my $routemap_action = undef;
> > + my $interface = undef;
> > + my $vrf = undef;
> > + my $new_block = 0;
> > + my $new_af_block = 0;
> >
> > - while ($local_config =~ /^\s*(.+?)\s*$/gm) {
> > + while ($local_config =~ /^(.+?)\s*$/gm) {
> > my $line = $1;
> > - $line =~ s/^\s+|\s+$//g;
> > -
> > - if ($line =~ m/^router (.+)$/) {
> > - $router = $1;
> > - $section = \$frr_config->{'frr'}->{'router'}->{$router}->{""};
>
> after this change merging now only works for isis and bgp routers? Did a
> quick check with other routing protocols in frr.conf.local and the
> routers seem to be missing.
Good catch, fixed this!
> > + $line =~ s/\s+$//g;
> > +
> > + if ($line =~ m/^router isis (.+)$/) {
> > + $isis_router_name = $1;
> > + if (defined $frr_config->{'frr'}->{'isis'}->{'router'}->{$isis_router_name}) {
>
> calls to defined should use parentheses (several occurences below)
done!
> > + $section =
> > + \($frr_config->{'frr'}->{'isis'}->{'router'}->{$isis_router_name}
> > + ->{'custom_frr_config'} //= []);
> > + } else {
> > + $new_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'custom_frr_config'}->@*,
> > + "router isis $isis_router_name",
> > + );
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > + next;
> > + } elsif ($line =~ m/^router bgp (\S+)(?: vrf (.+))?$/) {
> > + $bgp_router_asn = $1;
> > + $bgp_router_vrf = $2 // 'default';
> > +
> > + my $config_line =
> > + defined($2)
> > + ? "router bgp $bgp_router_asn vrf $bgp_router_vrf"
> > + : "router bgp $bgp_router_asn";
> > +
>
> this is only required in the else branch?
moved it down.
> > + if (
> > + defined $frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + and $frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}->{'asn'}
> > + eq $bgp_router_asn
> > + ) {
> > + $section =
> > + \($frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + ->{'custom_frr_config'} //= []);
> > + } else {
> > + $new_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'custom_frr_config'}->@*, $config_line,
> > + );
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > next;
> > } elsif ($line =~ m/^vrf (.+)$/) {
> > - $section = \$frr_config->{'frr'}->{'vrf'}->{$1};
> > + $vrf = $1;
> > + if (defined $frr_config->{'frr'}->{'bgp'}->{'vrfs'}->{$vrf}) {
> > + $section = \$frr_config->{'frr'}->{'bgp'}->{'vrfs'}->{$vrf}->{'custom_frr_config'};
> > + } else {
> > + $new_block = 1;
> > + push($frr_config->{'frr'}->{'custom_frr_config'}->@*, "vrf $vrf");
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > next;
> > } elsif ($line =~ m/^interface (.+)$/) {
> > - $section = \$frr_config->{'frr_interfaces'}->{$1};
> > + $interface = $1;
> > + if (defined $frr_config->{'frr'}->{'isis'}->{'interfaces'}->{$interface}) {
>
> trying to override an existing IS-IS interface doesn't work for me, e.g.
> with the following IS-IS controller:
>
> isis: isisberserker
> isis-domain 1
> isis-ifaces ens19,ens20
> isis-net 49.0000.1234.0000.00
> node berserker
>
> and the following frr.conf.local:
>
> interface ens20
> isis circuit-type level-2-only
> exit
> !
>
> I get an deserialization error:
>
> error: invalid type: Option value, expected a sequence
>
>
> This seems to be because the generated $frr_config has
>
> 'custom_frr_config' => undef
>
> in its top-level.
fixed this.
> > + $section = \($frr_config->{'frr'}->{'isis'}->{'interfaces'}->{$interface}
> > + ->{'custom_frr_config'} //= []);
> > + } else {
> > + $new_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'custom_frr_config'}->@*, "interface $interface",
> > + );
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > next;
> > } elsif ($line =~ m/^bgp community-list (.+)$/) {
> > - push(@{ $frr_config->{'frr_bgp_community_list'} }, $line);
> > + push(@{ $frr_config->{'frr'}->{'custom_frr_config'} }, $line);
> > next;
> > } elsif ($line =~ m/address-family (.+)$/) {
> > - $section = \$frr_config->{'frr'}->{'router'}->{$router}->{'address-family'}->{$1};
> > + # convert the address family from frr (e.g. l2vpn evpn) into the rust property (e.g. l2vpn_evpn)
> > + my $address_family_unchanged = $1;
> > + my $address_family = $1 =~ s/ /_/gr;
> > +
> > + if (
> > + defined $frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + and $frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}->{'asn'}
> > + eq $bgp_router_asn
> > + ) {
> > + if (
> > + defined $frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + ->{'address_families'}->{$address_family}
> > + ) {
> > + $section =
> > + \($frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + ->{'address_families'}->{$address_family}->{custom_frr_config} //= []);
> > + } else {
> > + $new_af_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + ->{'custom_frr_config'}->@*,
> > + " address-family $address_family_unchanged",
> > + );
> > + $section = \$frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + ->{'custom_frr_config'};
> > + }
> > + } else {
> > + $new_af_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'custom_frr_config'}->@*,
> > + " address-family $address_family_unchanged",
> > + );
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > next;
> > } elsif ($line =~ m/^route-map (.+) (permit|deny) (\d+)/) {
> > $routemap = $1;
> > - $routemap_config = ();
> > - $routemap_action = $2;
> > - $section = \$frr_config->{'frr_routemap'}->{$routemap};
> > + my $routemap_action = $2;
> > + my $seq_number = $3;
> > + if (defined $frr_config->{'frr'}->{'routemaps'}->{$routemap}) {
> > + my $index = 0;
> > + foreach my $single_routemap ($frr_config->{'frr'}->{'routemaps'}->{$routemap}->@*) {
>
> for is preferred over foreach, see:
> https://pve.proxmox.com/wiki/Perl_Style_Guide#Perl_syntax_choices
done.
> > + if (
> > + $single_routemap->{'seq'} == $seq_number
> > + && $single_routemap->{'action'} eq $routemap_action
> > + ) {
> > + last;
> > + }
> > + $index++;
> > + }
> > + if ($index < scalar @{ $frr_config->{'frr'}->{'routemaps'}->{$routemap} }) {
> > + $section = \($frr_config->{'frr'}->{'routemaps'}->{$routemap}->[$index]
> > + ->{'custom_frr_config'} //= []);
> > + } else {
> > + $new_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'custom_frr_config'}->@*,
> > + "route-map $routemap $routemap_action $seq_number",
> > + );
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > + } else {
> > + $new_block = 1;
> > + push(
> > + $frr_config->{'frr'}->{'custom_frr_config'}->@*,
> > + "route-map $routemap $routemap_action $seq_number",
> > + );
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + }
> > next;
>
> adding entries for an existing route-map (i.e. MAP_VTEP_IN) like so:
>
> route-map MAP_VTEP_IN deny 1
> exit
> !
> route-map MAP_VTEP_IN permit 1
> exit
> !
> route-map MAP_VTEP_IN permit 1
> match community cm-prefmod-400
> set local-preference 400
> exit
> !
> route-map MAP_VTEP_IN permit 1
> match ip address 10
> set local-preference 200
> exit
> !
>
> merges the route-map configuration with this patch, if the verdict is
> the same:
>
> route-map MAP_VTEP_IN permit 1
> match community cm-prefmod-400
> set local-preference 400
> match ip address 10
> set local-preference 200
> exit
> !
>
> the section with the same seq nr, but different verdict gets
> additionally added:
>
> route-map MAP_VTEP_IN deny 1
> exit
> !
>
> ------------------------------------------
>
> with the old merging logic, they were added as separate sections, with
> increasing numbers:
>
> route-map MAP_VTEP_IN permit 1
> exit
> !
> route-map MAP_VTEP_IN deny 2
> exit
> !
> route-map MAP_VTEP_IN permit 3
> exit
> !
> route-map MAP_VTEP_IN permit 4
> match community cm-prefmod-400
> set local-preference 400
> exit
> !
> route-map MAP_VTEP_IN permit 5
> match ip address 10
> set local-preference 200
> exit
> !
>
> Is this intentional? Imo this is quite the breaking change, particularly
> because route-maps are probably used relatively often in the frr.conf.local?
fixed this as well I hope.
> > } elsif ($line =~ m/^access-list (.+) seq (\d+) (.+)$/) {
> > - $frr_config->{'frr_access_list'}->{$1}->{$2} = $3;
> > + push($frr_config->{'frr'}->{'custom_frr_config'}->@*, $line);
> > next;
> > } elsif ($line =~ m/^ip prefix-list (.+) seq (\d+) (.*)$/) {
> > - $frr_config->{'frr_prefix_list'}->{$1}->{$2} = $3;
> > + push($frr_config->{'frr'}->{'custom_frr_config'}->@*, $line);
> > next;
> > } elsif ($line =~ m/^ipv6 prefix-list (.+) seq (\d+) (.*)$/) {
> > - $frr_config->{'frr_prefix_list_v6'}->{$1}->{$2} = $3;
> > + push($frr_config->{'frr'}->{'custom_frr_config'}->@*, $line);
> > next;
> > - } elsif ($line =~ m/^exit-address-family$/) {
> > + } elsif ($line =~ m/exit-address-family$/) {
> > + if ($new_af_block) {
> > + push(@{$$section}, $line);
> > + $section = \$frr_config->{'frr'}->{'bgp'}->{'custom_frr_config'};
> > + } else {
> > + $section =
> > + \($frr_config->{'frr'}->{'bgp'}->{'vrf_router'}->{$bgp_router_vrf}
> > + ->{'custom_frr_config'} //= []);
> > + }
> > + $new_af_block = 0;
> > next;
> > - } elsif ($line =~ m/^exit$/) {
> > - if ($router) {
> > - $section = \$frr_config->{''};
> > - $router = undef;
> > - } elsif ($routemap) {
> > - push(@{$$section}, { rule => $routemap_config, action => $routemap_action });
> > - $section = \$frr_config->{''};
> > + } elsif ($line =~ m/^exit/) {
> > + if ($bgp_router_vrf || $vrf || $interface || $routemap || $isis_router_name) {
> > + # this means we just added a new router/vrf/interface/routemap
> > + if ($new_block) {
> > + push(@{$$section}, $line);
> > + push(@{$$section}, "!");
> > + }
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + # we can't stack these, so exit out of all of them (technically we can have a vrf inside of a router bgp block, but we don't support that)
> > + $isis_router_name = undef;
> > + $bgp_router_vrf = undef;
> > + $bgp_router_asn = undef;
> > + $vrf = undef;
> > + $interface = undef;
> > $routemap = undef;
> > - $routemap_action = undef;
> > - $routemap_config = ();
> > + } else {
> > + $section = \$frr_config->{'frr'}->{'custom_frr_config'};
> > + push(@{$$section}, $line);
> > + push(@{$$section}, "!");
> > }
> > + $new_block = 0;
> > next;
> > } elsif ($line =~ m/!/) {
> > next;
> > }
> >
> > next if !$section;
> > - if ($routemap) {
> > - push(@{$routemap_config}, $line);
> > - } else {
> > - push(@{$$section}, $line);
> > - }
> > + push(@{$$section}, $line);
> > }
> > }
> >
Will send a new version soon!
next prev parent reply other threads:[~2026-03-04 14:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 12:55 [PATCH manager/network/proxmox{-ve-rs,-perl-rs} v2 00/19] Generate frr config using jinja templates and rust types Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 1/8] ve-config: firewall: cargo fmt Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 2/8] frr: add proxmox-frr-templates package that contains templates Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 3/8] ve-config: remove FrrConfigBuilder struct Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 4/8] sdn-types: support variable-length NET identifier Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 5/8] frr: add template serializer and serialize fabrics using templates Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 6/8] frr: add isis configuration and templates Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 7/8] frr: support custom frr configuration lines Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-ve-rs v2 8/8] frr: add bgp support with templates and serialization Gabriel Goller
2026-03-02 12:55 ` [PATCH proxmox-perl-rs v2 1/1] sdn: add function to generate the frr config for all daemons Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 1/9] sdn: remove duplicate comment line '!' in frr config Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 2/9] sdn: tests: add missing comment " Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 3/9] tests: use Test::Differences to make test assertions Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 4/9] sdn: write structured frr config that can be rendered using templates Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 5/9] tests: rearrange some statements in the frr config Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 6/9] sdn: adjust frr.conf.local merging to rust template types Gabriel Goller
2026-03-03 15:19 ` Stefan Hanreich
2026-03-04 14:37 ` Gabriel Goller [this message]
2026-03-02 12:55 ` [PATCH pve-network v2 7/9] api: add dry-run endpoint for sdn apply to preview changes Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 8/9] test: add test for frr.conf.local merging Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-network v2 9/9] test: bgp: add some various integration tests Gabriel Goller
2026-03-02 12:55 ` [PATCH pve-manager v2 1/1] sdn: add dry-run diff view for sdn apply Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gbdpkbxkuyddh3snrsjaoqqn3urgi3aiv3jn34siitsn4xsorg@t5nt5xjfze3s \
--to=g.goller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.hanreich@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.