From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 505941FF13B for ; Wed, 06 May 2026 03:26:15 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F37DB11C58; Wed, 6 May 2026 03:26:12 +0200 (CEST) From: Thomas Lamprecht To: pve-devel@lists.proxmox.com, Stefan Hanreich Subject: partially-applied: [PATCH access-control/cluster/manager/network/proxmox{-ve-rs,-perl-rs} v5 00/46] Add support for route maps / prefix lists to SDN Date: Wed, 6 May 2026 03:25:27 +0200 Message-ID: <177803042695.3078892.17863339675648439363.b4-ty@b4> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260505153720.412180-1-s.hanreich@proxmox.com> References: <20260505153720.412180-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778030630863 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.122 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: EA4YMNGO7UDF6QPAHTU6POI34UZALNWO X-Message-ID-Hash: EA4YMNGO7UDF6QPAHTU6POI34UZALNWO X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Tue, 05 May 2026 17:36:28 +0200, Stefan Hanreich wrote: > ## Introduction > > This patch adds support for managing route maps and prefix lists to the SDN > stack. With this patch series, route maps can be applied to the BGP and EVPN > controller for incoming / outgoing route filtering. Additionally, prefix lists > can be used to filter routes that should be installed by a fabric into the > kernel routing table, overriding the default behavior of only installing routes > from the configured IP prefix. There are currently some other features in > development that would make use of route maps as well, namely: > > [...] Applied now also the pve-rs and pve-network parts, thanks! Basically only missing the pve-manager part (and docs!). I squashed some smaller fixes in here, I added a [TL: ...] trailer for where I did for transparency, maybe chross-check these. Also: The OSPF delete enum gains 'redistribute' here too, but OspfProperties / OspfDeletableProperties in proxmox-ve-rs don't have such a field. Is this an intentional placeholder for a follow-up, or stray addition? I kept it as is because it didn't really hurt. btw. had to do a breaks from newer libpve-rs-perl library to older libpve-network-perl for the get_frr_raw_config signature change, not huge, but if we can avoid these it would be still nice (e.g., add as new method and keep old one around until next major release) pve-rs: [1/3] pve-rs: sdn: add route maps module commit: 0ef21ca470b703263fd0826fafad21e01d7d0e64 [2/3] pve-rs: sdn: add prefix lists module commit: 83294ce846e88c53c8592b8348dc5ee6b375a093 [3/3] sdn: add prefix list / route maps to frr config generation helper commit: 2f7299e82eb074991edc0b75aeaf32d2e629496f pve-network: [01/16] controller: bgp: evpn: adapt to new match / set frr config syntax commit: baf1abeb25529fb92ab28506d62c7af0a8661ddc [02/16] sdn: add prefix lists module commit: e33eb423f18560b132d48a8e5c0bce093a38979b [03/16] sdn: add route map module commit: a58daf531f42b3c9423afb92a62099d4ab56264d [04/16] api2: add prefix list module commit: c82df6a48c4a37e012d51934cd379f2ba7a5f96c [05/16] api2: add route maps module commit: 975fb0feeceefd6514cb34e4dd6fbc2c402481da [06/16] api2: add route map module commit: 582b2b6d61503e5cf44698d2e99d0601ad116e48 [07/16] api2: add route map entry module commit: 75fb8cde9c1d8a60e5d872bb99f999190fa429dc [08/16] evpn controller: add route_map_{in,out} parameter commit: 85587a9de22ea4dbd8fb7c30a9874505f1dcdef5 [09/16] bgp controller: allow configuring custom route maps commit: ccb1fba411c18830843cc6243620be18d1d8e45b [10/16] sdn: commit route map / prefix list configuration on sdn apply commit: 2398e82d55c4538918d58ccda8127614a359a9a0 [11/16] sdn: frr: consider route maps and prefix lists in dry-run commit: 20bf2f0ded1e1ed35e70f3308fa327b1e3d0b8fc [12/16] fabrics: ospf: openfabric: add route_filter property commit: 83b00f15c4cdc991267833849a9e1bca6c329917 [13/16] tests: add simple route map test case commit: 4c6f608e5b0d4e01846eb3cba53ee82e36e738cc [14/16] tests: add bgp evpn route map/prefix list testcase commit: b0149dfcc37b3dc5583b87e8a723a72848453551 [15/16] tests: add route map with prefix list testcase commit: d062782eb0eefe788a720102c5b7c7f7b538121a [16/16] tests: add exit node with custom route map testcase commit: c31ce38b6a89cf03ad9879f9092edbeb389452da