[pve-devel] [PATCH-SERIES pve-network/pve-manager/pve-docs] sdn: add isis controller

[pve-devel] [PATCH-SERIES pve-network/pve-manager/pve-docs] sdn: add isis controller

[Alexandre Derumier]

Hi,
This patch serie add support for the isis routing protocol for underlay network,
instead bgp.

This was a request of a proxmox user, the implementation has been tested
https://forum.proxmox.com/threads/integrating-proxmox-sdn-with-existing-sdn-network.131946


pve-network:

Alexandre Derumier (3):
  controller: evpn: fix find_bgp_controller
  controllers: frr: add parsing of "interfaces" section
  controllers: add isis router plugin

 src/PVE/Network/SDN/Controllers.pm            |   2 +
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm |  57 ++++++--
 src/PVE/Network/SDN/Controllers/IsisPlugin.pm | 123 ++++++++++++++++++
 src/PVE/Network/SDN/Controllers/Makefile      |   2 +-
 src/PVE/Network/SDN/Zones/EvpnPlugin.pm       |  10 +-
 .../evpn/isis/expected_controller_config      |  58 +++++++++
 .../zones/evpn/isis/expected_sdn_interfaces   |  41 ++++++
 src/test/zones/evpn/isis/interfaces           |   7 +
 src/test/zones/evpn/isis/sdn_config           |  49 +++++++
 .../isis_loopback/expected_controller_config  |  59 +++++++++
 .../isis_loopback/expected_sdn_interfaces     |  41 ++++++
 src/test/zones/evpn/isis_loopback/interfaces  |  12 ++
 src/test/zones/evpn/isis_loopback/sdn_config  |  50 +++++++
 13 files changed, 499 insertions(+), 12 deletions(-)
 create mode 100644 src/PVE/Network/SDN/Controllers/IsisPlugin.pm
 create mode 100644 src/test/zones/evpn/isis/expected_controller_config
 create mode 100644 src/test/zones/evpn/isis/expected_sdn_interfaces
 create mode 100644 src/test/zones/evpn/isis/interfaces
 create mode 100644 src/test/zones/evpn/isis/sdn_config
 create mode 100644 src/test/zones/evpn/isis_loopback/expected_controller_config
 create mode 100644 src/test/zones/evpn/isis_loopback/expected_sdn_interfaces
 create mode 100644 src/test/zones/evpn/isis_loopback/interfaces
 create mode 100644 src/test/zones/evpn/isis_loopback/sdn_config


pve-manager:

Alexandre Derumier (1):
  sdn: controllers: add isis controller

 www/manager6/Makefile                    |  1 +
 www/manager6/Utils.js                    |  5 ++
 www/manager6/sdn/controllers/IsisEdit.js | 61 ++++++++++++++++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 www/manager6/sdn/controllers/IsisEdit.js


pve-docs:

Alexandre Derumier (2):
  sdn: add notes about bgp controller
  sdn: add isis controller documentation

 pvesdn.adoc | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

-- 
2.39.2

[pve-devel] [PATCH pve-network 1/3] controller: evpn: fix find_bgp_controller

[Alexandre Derumier]

---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 6da9c40..fd4b801 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -295,18 +295,17 @@ sub on_update_hook {
 sub find_bgp_controller {
     my ($nodename, $controller_cfg) = @_;
 
-    my $controller = undef;
+    my $res = undef;
     foreach my $id  (keys %{$controller_cfg->{ids}}) {
-        $controller = $controller_cfg->{ids}->{$id};
-        next if $controller->{type} ne 'bgp';
-        next if $controller->{node} ne $nodename;
+	my $controller = $controller_cfg->{ids}->{$id};
+	next if $controller->{type} ne 'bgp';
+	next if $controller->{node} ne $nodename;
+	$res = $controller;
 	last;
     }
-
-    return $controller;
+    return $res;
 }
 
-
 sub generate_frr_recurse{
    my ($final_config, $content, $parentkey, $level) = @_;
 
-- 
2.39.2

[pve-devel] [PATCH pve-docs 1/2] sdn: add notes about bgp controller

[Alexandre Derumier]

---
 pvesdn.adoc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pvesdn.adoc b/pvesdn.adoc
index 8b1fe33..4ac0911 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -353,6 +353,10 @@ The BGP controller is not used directly by a zone.
 You can use it to configure FRR to manage BGP peers.
 
 For BGP-EVPN, it can be used to define a different ASN by node, so doing EBGP.
+It can also be used to export evpn routes to a external bgp peer.
+
+NOTE: By default, for a simple full mesh evpn, you don't need to define any extra
+BGP Controller.
 
 Configuration options:
 
-- 
2.39.2

[pve-devel] [PATCH pve-manager 1/1] sdn: controllers: add isis controller

[Alexandre Derumier]

---
 www/manager6/Makefile                    |  1 +
 www/manager6/Utils.js                    |  5 ++
 www/manager6/sdn/controllers/IsisEdit.js | 61 ++++++++++++++++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 www/manager6/sdn/controllers/IsisEdit.js

diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index 59a5d8a7..6d6d8b1e 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -277,6 +277,7 @@ JSSRC= 							\
 	sdn/controllers/Base.js				\
 	sdn/controllers/EvpnEdit.js			\
 	sdn/controllers/BgpEdit.js			\
+	sdn/controllers/IsisEdit.js			\
 	sdn/IpamView.js					\
 	sdn/ipams/Base.js				\
 	sdn/ipams/NetboxEdit.js				\
diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js
index 6d4842df..77c5f91c 100644
--- a/www/manager6/Utils.js
+++ b/www/manager6/Utils.js
@@ -895,6 +895,11 @@ Ext.define('PVE.Utils', {
 	    ipanel: 'BgpInputPanel',
 	    faIcon: 'crosshairs',
 	},
+	isis: {
+	    name: 'isis',
+	    ipanel: 'IsisInputPanel',
+	    faIcon: 'crosshairs',
+	},
     },
 
     sdnipamSchema: {
diff --git a/www/manager6/sdn/controllers/IsisEdit.js b/www/manager6/sdn/controllers/IsisEdit.js
new file mode 100644
index 00000000..2e333fa5
--- /dev/null
+++ b/www/manager6/sdn/controllers/IsisEdit.js
@@ -0,0 +1,61 @@
+Ext.define('PVE.sdn.controllers.IsisInputPanel', {
+    extend: 'PVE.panel.SDNControllerBase',
+
+    onlineHelp: 'pvesdn_controller_plugin_evpn',
+
+    onGetValues: function(values) {
+        var me = this;
+
+        if (me.isCreate) {
+            values.type = me.type;
+	    values.controller = 'isis' + values.node;
+        } else {
+            delete values.controller;
+        }
+
+        return values;
+    },
+
+    initComponent: function() {
+	var me = this;
+
+	me.items = [
+	    {
+		xtype: 'pveNodeSelector',
+		name: 'node',
+		fieldLabel: gettext('Node'),
+		multiSelect: false,
+		autoSelect: false,
+		allowBlank: false,
+	    },
+	    {
+		xtype: 'textfield',
+		name: 'isis-domain',
+		fieldLabel: 'Domain',
+		allowBlank: false,
+	    },
+	    {
+		xtype: 'textfield',
+		name: 'isis-net',
+		fieldLabel: 'Network entity title',
+		allowBlank: false,
+	    },
+	    {
+		xtype: 'textfield',
+		name: 'isis-ifaces',
+		fieldLabel: gettext('Interfaces'),
+		allowBlank: false,
+	    },
+	];
+
+	me.advancedItems = [
+	    {
+		xtype: 'textfield',
+		name: 'loopback',
+		fieldLabel: gettext('Loopback Interface'),
+	    },
+	];
+
+	me.callParent();
+    },
+});
-- 
2.39.2

[pve-devel] [PATCH pve-network 2/3] controllers: frr: add parsing of "interfaces" section

[Alexandre Derumier]

---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index fd4b801..f1dd20f 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -384,6 +384,20 @@ sub generate_frr_ip_protocol {
    foreach my $rule (sort @$ips) {
 	push @{$final_config}, $rule;
    }
+
+}
+
+sub generate_frr_interfaces {
+   my ($final_config, $interfaces) = @_;
+
+   foreach my $k (sort keys %$interfaces) {
+	my $iface = $interfaces->{$k};
+	push @{$final_config}, "!";
+	push @{$final_config}, "interface $k";
+	foreach my $rule (sort @$iface) {
+	    push @{$final_config}, " $rule";
+	}
+   }
 }
 
 sub generate_frr_routemap {
@@ -445,6 +459,7 @@ sub generate_controller_rawconfig {
     }
 
     generate_frr_vrf($final_config, $config->{frr}->{vrf});
+    generate_frr_interfaces($final_config, $config->{frr_interfaces});
     generate_frr_recurse($final_config, $config->{frr}, undef, 0);
     generate_frr_list($final_config, $config->{frr_access_list}, "access-list");
     generate_frr_list($final_config, $config->{frr_prefix_list}, "ip prefix-list");
@@ -481,6 +496,9 @@ sub parse_merge_frr_local_config {
 	} elsif ($line =~ m/^vrf (.+)$/) {
 	    $section = \$config->{'frr'}->{'vrf'}->{$1};
 	    next;
+	} elsif ($line =~ m/^interface (.+)$/) {
+	    $section = \$config->{'frr_interfaces'}->{$1};
+	    next;
 	} elsif ($line =~ m/address-family (.+)$/) {
 	    $section = \$config->{'frr'}->{'router'}->{$router}->{'address-family'}->{$1};
 	    next;
-- 
2.39.2

[pve-devel] [PATCH pve-docs 2/2] sdn: add isis controller documentation

[Alexandre Derumier]

---
 pvesdn.adoc | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/pvesdn.adoc b/pvesdn.adoc
index 4ac0911..401cc6f 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -379,6 +379,27 @@ ebgp-mutltihop:: Increase the number of hops to reach peers, in case they are
 
 bgp-multipath-as-path-relax:: Allow ECMP if your peers have different ASN.
 
+
+[[pvesdn_controller_plugin_ISIS]]
+ISIS Controller
+~~~~~~~~~~~~~~~
+
+The ISIS controller is not used directly by a zone.
+You can use it to configure FRR to export evpn routes to an ISIS domain.
+
+Configuration options:
+
+node:: The node of this ISIS controller.
+
+domain:: A unique ISIS domain.
+
+network entity title:: A Unique ISIS network address that identifies this node.
+
+interfaces:: A list of physical interface(s) used by ISIS.
+
+loopback:: Use a loopback or dummy interface as the source of the EVPN network
+  (for multipath).
+
 [[pvesdn_config_ipam]]
 IPAMs
 -----
-- 
2.39.2

[pve-devel] [PATCH pve-network 3/3] controllers: add isis router plugin

[Alexandre Derumier]

---
 src/PVE/Network/SDN/Controllers.pm            |   2 +
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm |  28 +++-
 src/PVE/Network/SDN/Controllers/IsisPlugin.pm | 123 ++++++++++++++++++
 src/PVE/Network/SDN/Controllers/Makefile      |   2 +-
 src/PVE/Network/SDN/Zones/EvpnPlugin.pm       |  10 +-
 .../evpn/isis/expected_controller_config      |  58 +++++++++
 .../zones/evpn/isis/expected_sdn_interfaces   |  41 ++++++
 src/test/zones/evpn/isis/interfaces           |   7 +
 src/test/zones/evpn/isis/sdn_config           |  49 +++++++
 .../isis_loopback/expected_controller_config  |  59 +++++++++
 .../isis_loopback/expected_sdn_interfaces     |  41 ++++++
 src/test/zones/evpn/isis_loopback/interfaces  |  12 ++
 src/test/zones/evpn/isis_loopback/sdn_config  |  50 +++++++
 13 files changed, 476 insertions(+), 6 deletions(-)
 create mode 100644 src/PVE/Network/SDN/Controllers/IsisPlugin.pm
 create mode 100644 src/test/zones/evpn/isis/expected_controller_config
 create mode 100644 src/test/zones/evpn/isis/expected_sdn_interfaces
 create mode 100644 src/test/zones/evpn/isis/interfaces
 create mode 100644 src/test/zones/evpn/isis/sdn_config
 create mode 100644 src/test/zones/evpn/isis_loopback/expected_controller_config
 create mode 100644 src/test/zones/evpn/isis_loopback/expected_sdn_interfaces
 create mode 100644 src/test/zones/evpn/isis_loopback/interfaces
 create mode 100644 src/test/zones/evpn/isis_loopback/sdn_config

diff --git a/src/PVE/Network/SDN/Controllers.pm b/src/PVE/Network/SDN/Controllers.pm
index a23048e..f5a6b86 100644
--- a/src/PVE/Network/SDN/Controllers.pm
+++ b/src/PVE/Network/SDN/Controllers.pm
@@ -14,10 +14,12 @@ use PVE::Network::SDN::Zones;
 
 use PVE::Network::SDN::Controllers::EvpnPlugin;
 use PVE::Network::SDN::Controllers::BgpPlugin;
+use PVE::Network::SDN::Controllers::IsisPlugin;
 use PVE::Network::SDN::Controllers::FaucetPlugin;
 use PVE::Network::SDN::Controllers::Plugin;
 PVE::Network::SDN::Controllers::EvpnPlugin->register();
 PVE::Network::SDN::Controllers::BgpPlugin->register();
+PVE::Network::SDN::Controllers::IsisPlugin->register();
 PVE::Network::SDN::Controllers::FaucetPlugin->register();
 PVE::Network::SDN::Controllers::Plugin->init();
 
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index f1dd20f..3ac7d7e 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -53,11 +53,15 @@ sub generate_controller_config {
     my $loopback = undef;
     my $autortas = undef;
     my $bgprouter = find_bgp_controller($local_node, $controller_cfg);
+    my $isisrouter = find_isis_controller($local_node, $controller_cfg);
+
     if ($bgprouter) {
 	$ebgp = 1 if $plugin_config->{'asn'} ne $bgprouter->{asn};
 	$loopback = $bgprouter->{loopback} if $bgprouter->{loopback};
 	$asn = $bgprouter->{asn} if $bgprouter->{asn};
 	$autortas = $plugin_config->{'asn'} if $ebgp;
+    } elsif ($isisrouter) {
+	$loopback = $isisrouter->{loopback} if $isisrouter->{loopback};
     }
 
     return if !$asn;
@@ -86,10 +90,8 @@ sub generate_controller_config {
     push @controller_config, "neighbor VTEP remote-as $remoteas";
     push @controller_config, "neighbor VTEP bfd";
 
-    if($ebgp && $loopback) {
-	push @controller_config, "neighbor VTEP ebgp-multihop 10";
-	push @controller_config, "neighbor VTEP update-source $loopback";
-    }
+    push @controller_config, "neighbor VTEP ebgp-multihop 10" if $ebgp && $loopback;
+    push @controller_config, "neighbor VTEP update-source $loopback" if $loopback;
 
     # VTEP peers
     foreach my $address (@peers) {
@@ -136,11 +138,15 @@ sub generate_controller_zone_config {
     my $loopback = undef;
     my $autortas = undef;
     my $bgprouter = find_bgp_controller($local_node, $controller_cfg);
+    my $isisrouter = find_isis_controller($local_node, $controller_cfg);
+
     if($bgprouter) {
         $ebgp = 1 if $controller->{'asn'} ne $bgprouter->{asn};
 	$loopback = $bgprouter->{loopback} if $bgprouter->{loopback};
 	$asn = $bgprouter->{asn} if $bgprouter->{asn};
 	$autortas = $controller->{'asn'} if $ebgp;
+    } elsif ($isisrouter) {
+        $loopback = $isisrouter->{loopback} if $isisrouter->{loopback};
     }
 
     return if !$vrf || !$vrfvxlan || !$asn;
@@ -306,6 +312,20 @@ sub find_bgp_controller {
     return $res;
 }
 
+sub find_isis_controller {
+    my ($nodename, $controller_cfg) = @_;
+
+    my $res = undef;
+    foreach my $id  (keys %{$controller_cfg->{ids}}) {
+	my $controller = $controller_cfg->{ids}->{$id};
+	next if $controller->{type} ne 'isis';
+	next if $controller->{node} ne $nodename;
+	$res = $controller;
+	last;
+    }
+    return $res;
+}
+
 sub generate_frr_recurse{
    my ($final_config, $content, $parentkey, $level) = @_;
 
diff --git a/src/PVE/Network/SDN/Controllers/IsisPlugin.pm b/src/PVE/Network/SDN/Controllers/IsisPlugin.pm
new file mode 100644
index 0000000..afea82e
--- /dev/null
+++ b/src/PVE/Network/SDN/Controllers/IsisPlugin.pm
@@ -0,0 +1,123 @@
+package PVE::Network::SDN::Controllers::IsisPlugin;
+
+use strict;
+use warnings;
+
+use PVE::INotify;
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::Tools qw(run_command file_set_contents file_get_contents);
+
+use PVE::Network::SDN::Controllers::Plugin;
+use PVE::Network::SDN::Zones::Plugin;
+use Net::IP;
+
+use base('PVE::Network::SDN::Controllers::Plugin');
+
+sub type {
+    return 'isis';
+}
+
+sub properties {
+    return {
+	'isis-domain' => {
+	    description => "ISIS domain.",
+	    type => 'string'
+	},
+	'isis-ifaces' => {
+	    description => "ISIS interface.",
+	    type => 'string', format => 'pve-iface-list',
+	},
+	'isis-net' => {
+	    description => "ISIS network entity title.",
+	    type => 'string'
+	},
+    };
+}
+
+sub options {
+    return {
+	'isis-domain' => { optional => 0 },
+	'isis-net' => { optional => 0 },
+	'isis-ifaces' => { optional => 0 },
+        'node' => { optional => 0 },
+        'loopback' => { optional => 1 },
+    };
+}
+
+# Plugin implementation
+sub generate_controller_config {
+    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
+
+    my $isis_ifaces = $plugin_config->{'isis-ifaces'};
+    my $isis_net = $plugin_config->{'isis-net'};
+    my $isis_domain = $plugin_config->{'isis-domain'};
+    my $local_node = PVE::INotify::nodename();
+
+    return if !$isis_ifaces || !$isis_net || !$isis_domain;
+    return if $local_node ne $plugin_config->{node};
+
+    my @router_config = (
+	"net $isis_net",
+	"redistribute ipv4 connected level-1",
+	"redistribute ipv6 connected level-1",
+	"log-adjacency-changes",
+    );
+
+    push(@{$config->{frr}->{router}->{"isis $isis_domain"}}, @router_config);
+
+    my @iface_config = (
+	"ip router isis $isis_domain"
+    );
+
+    my @ifaces = PVE::Tools::split_list($isis_ifaces);
+    for my $iface (sort @ifaces) {
+	push(@{$config->{frr_interfaces}->{$iface}}, @iface_config);
+    }
+
+    return $config;
+}
+
+sub generate_controller_zone_config {
+    my ($class, $plugin_config, $controller, $controller_cfg, $id, $uplinks, $config) = @_;
+
+}
+
+sub on_delete_hook {
+    my ($class, $controllerid, $zone_cfg) = @_;
+
+}
+
+sub on_update_hook {
+    my ($class, $controllerid, $controller_cfg) = @_;
+
+    # we can only have 1 bgp controller by node
+    my $local_node = PVE::INotify::nodename();
+    my $controllernb = 0;
+    foreach my $id (keys %{$controller_cfg->{ids}}) {
+        next if $id eq $controllerid;
+        my $controller = $controller_cfg->{ids}->{$id};
+        next if $controller->{type} ne "isis";
+        next if $controller->{node} ne $local_node;
+        $controllernb++;
+        die "only 1 bgp or isis controller can be defined" if $controllernb > 1;
+    }
+}
+
+sub generate_controller_rawconfig {
+    my ($class, $plugin_config, $config) = @_;
+    return "";
+}
+
+sub write_controller_config {
+    my ($class, $plugin_config, $config) = @_;
+    return;
+}
+
+sub reload_controller {
+    my ($class) = @_;
+    return;
+}
+
+1;
+
+
diff --git a/src/PVE/Network/SDN/Controllers/Makefile b/src/PVE/Network/SDN/Controllers/Makefile
index 11686a3..fd9f881 100644
--- a/src/PVE/Network/SDN/Controllers/Makefile
+++ b/src/PVE/Network/SDN/Controllers/Makefile
@@ -1,4 +1,4 @@
-SOURCES=Plugin.pm FaucetPlugin.pm EvpnPlugin.pm BgpPlugin.pm
+SOURCES=Plugin.pm FaucetPlugin.pm EvpnPlugin.pm BgpPlugin.pm IsisPlugin.pm
 
 
 PERL5DIR=${DESTDIR}/usr/share/perl5
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index b155abc..5df05f9 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -119,8 +119,16 @@ sub generate_sdn_config {
     warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware};
 
     my @peers = PVE::Tools::split_list($controller->{'peers'});
+
+    my $loopback = undef;
     my $bgprouter = PVE::Network::SDN::Controllers::EvpnPlugin::find_bgp_controller($local_node, $controller_cfg);
-    my $loopback = $bgprouter->{loopback} if $bgprouter->{loopback};
+    my $isisrouter = PVE::Network::SDN::Controllers::EvpnPlugin::find_isis_controller($local_node, $controller_cfg);
+    if ($bgprouter->{loopback}) {
+	$loopback = $bgprouter->{loopback};
+    } elsif ($isisrouter->{loopback}) {
+	$loopback = $isisrouter->{loopback};
+    }
+
     my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers, $loopback);
     my $is_evpn_gateway = $plugin_config->{'exitnodes'}->{$local_node};
     my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'};
diff --git a/src/test/zones/evpn/isis/expected_controller_config b/src/test/zones/evpn/isis/expected_controller_config
new file mode 100644
index 0000000..8d1706a
--- /dev/null
+++ b/src/test/zones/evpn/isis/expected_controller_config
@@ -0,0 +1,58 @@
+frr version 8.5.1
+frr defaults datacenter
+hostname localhost
+log syslog informational
+service integrated-vtysh-config
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+interface eth0
+ ip router isis isis1
+!
+interface eth1
+ ip router isis isis1
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp hard-administrative-reset
+ no bgp graceful-restart notification
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_IN in
+  neighbor VTEP route-map MAP_VTEP_OUT out
+  neighbor VTEP activate
+  advertise-all-vni
+ exit-address-family
+exit
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
+ no bgp hard-administrative-reset
+ no bgp graceful-restart notification
+exit
+!
+router isis isis1
+ net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
+ redistribute ipv4 connected level-1
+ redistribute ipv6 connected level-1
+ log-adjacency-changes
+exit
+!
+route-map MAP_VTEP_IN permit 1
+exit
+!
+route-map MAP_VTEP_OUT permit 1
+exit
+!
+line vty
+!
\ No newline at end of file
diff --git a/src/test/zones/evpn/isis/expected_sdn_interfaces b/src/test/zones/evpn/isis/expected_sdn_interfaces
new file mode 100644
index 0000000..4cf13e0
--- /dev/null
+++ b/src/test/zones/evpn/isis/expected_sdn_interfaces
@@ -0,0 +1,41 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 10.0.0.1/24
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	ip-forward on
+	arp-accept on
+	vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+	vrf-table auto
+	post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+	bridge-ports vrfvx_myzone
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+	vxlan-id 1000
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
diff --git a/src/test/zones/evpn/isis/interfaces b/src/test/zones/evpn/isis/interfaces
new file mode 100644
index 0000000..2426e0f
--- /dev/null
+++ b/src/test/zones/evpn/isis/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
\ No newline at end of file
diff --git a/src/test/zones/evpn/isis/sdn_config b/src/test/zones/evpn/isis/sdn_config
new file mode 100644
index 0000000..5963c18
--- /dev/null
+++ b/src/test/zones/evpn/isis/sdn_config
@@ -0,0 +1,49 @@
+{
+    version => 1,
+    vnets => {
+        ids => {
+            myvnet => {
+                tag => "100",
+                type => "vnet",
+                zone => "myzone",
+            },
+        },
+    },
+
+    zones   => {
+        ids => {
+            myzone => {
+                ipam => "pve",
+                type => "evpn",
+                controller => "evpnctl",
+                'vrf-vxlan' => 1000,
+            },
+        },
+    },
+    controllers  => {
+        ids => {
+            evpnctl => {
+                type => "evpn",
+                'peers' => '192.168.0.1,192.168.0.2,192.168.0.3',
+                asn => "65000",
+            },
+            localhost => {
+                type => "isis",
+                'isis-domain' => 'isis1',
+                'isis-ifaces' => 'eth1,eth0',
+                'isis-net' => "47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00",
+                node => "localhost",
+            },
+        },
+    },
+
+    subnets => {
+        ids => {
+            'myzone-10.0.0.0-24' => {
+                'type' => 'subnet',
+                'vnet' => 'myvnet',
+                'gateway' => '10.0.0.1',
+            },
+        },
+    },
+}
diff --git a/src/test/zones/evpn/isis_loopback/expected_controller_config b/src/test/zones/evpn/isis_loopback/expected_controller_config
new file mode 100644
index 0000000..7b034c4
--- /dev/null
+++ b/src/test/zones/evpn/isis_loopback/expected_controller_config
@@ -0,0 +1,59 @@
+frr version 8.5.1
+frr defaults datacenter
+hostname localhost
+log syslog informational
+service integrated-vtysh-config
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+interface eth0
+ ip router isis isis1
+!
+interface eth1
+ ip router isis isis1
+!
+router bgp 65000
+ bgp router-id 10.0.0.1
+ no bgp hard-administrative-reset
+ no bgp graceful-restart notification
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor VTEP update-source dummy1
+ neighbor 10.0.0.2 peer-group VTEP
+ neighbor 10.0.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_IN in
+  neighbor VTEP route-map MAP_VTEP_OUT out
+  neighbor VTEP activate
+  advertise-all-vni
+ exit-address-family
+exit
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 10.0.0.1
+ no bgp hard-administrative-reset
+ no bgp graceful-restart notification
+exit
+!
+router isis isis1
+ net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
+ redistribute ipv4 connected level-1
+ redistribute ipv6 connected level-1
+ log-adjacency-changes
+exit
+!
+route-map MAP_VTEP_IN permit 1
+exit
+!
+route-map MAP_VTEP_OUT permit 1
+exit
+!
+line vty
+!
\ No newline at end of file
diff --git a/src/test/zones/evpn/isis_loopback/expected_sdn_interfaces b/src/test/zones/evpn/isis_loopback/expected_sdn_interfaces
new file mode 100644
index 0000000..e595dc9
--- /dev/null
+++ b/src/test/zones/evpn/isis_loopback/expected_sdn_interfaces
@@ -0,0 +1,41 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 10.0.0.1/24
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	ip-forward on
+	arp-accept on
+	vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+	vrf-table auto
+	post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+	bridge-ports vrfvx_myzone
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+	vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+	vxlan-id 1000
+	vxlan-local-tunnelip 10.0.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan-local-tunnelip 10.0.0.1
+	bridge-learning off
+	bridge-arp-nd-suppress on
+	mtu 1450
diff --git a/src/test/zones/evpn/isis_loopback/interfaces b/src/test/zones/evpn/isis_loopback/interfaces
new file mode 100644
index 0000000..41ae25f
--- /dev/null
+++ b/src/test/zones/evpn/isis_loopback/interfaces
@@ -0,0 +1,12 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
+
+auto dummy1
+iface dummy1 inet static
+        address 10.0.0.1/32
+        link-type dummy
\ No newline at end of file
diff --git a/src/test/zones/evpn/isis_loopback/sdn_config b/src/test/zones/evpn/isis_loopback/sdn_config
new file mode 100644
index 0000000..786a3e7
--- /dev/null
+++ b/src/test/zones/evpn/isis_loopback/sdn_config
@@ -0,0 +1,50 @@
+{
+    version => 1,
+    vnets => {
+        ids => {
+            myvnet => {
+                tag => "100",
+                type => "vnet",
+                zone => "myzone",
+            },
+        },
+    },
+
+    zones   => {
+        ids => {
+            myzone => {
+                ipam => "pve",
+                type => "evpn",
+                controller => "evpnctl",
+                'vrf-vxlan' => 1000,
+            },
+        },
+    },
+    controllers  => {
+        ids => {
+            evpnctl => {
+                type => "evpn",
+                'peers' => '10.0.0.1,10.0.0.2,10.0.0.3',
+                asn => "65000",
+            },
+            localhost => {
+                type => "isis",
+                'isis-domain' => 'isis1',
+                'isis-ifaces' => 'eth1,eth0',
+                'isis-net' => "47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00",
+		loopback => 'dummy1',
+                node => "localhost",
+            },
+        },
+    },
+
+    subnets => {
+        ids => {
+            'myzone-10.0.0.0-24' => {
+                'type' => 'subnet',
+                'vnet' => 'myvnet',
+                'gateway' => '10.0.0.1',
+            },
+        },
+    },
+}
-- 
2.39.2

[pve-devel] applied-series: [PATCH-SERIES pve-network/pve-manager/pve-docs] sdn: add isis controller

[Fabian Grünbichler]

On September 13, 2023 1:38 pm, Alexandre Derumier wrote:
> Hi,
> This patch serie add support for the isis routing protocol for underlay network,
> instead bgp.
> 
> This was a request of a proxmox user, the implementation has been tested
> https://forum.proxmox.com/threads/integrating-proxmox-sdn-with-existing-sdn-network.131946
> 
> 
> pve-network:
> 
> Alexandre Derumier (3):
>   controller: evpn: fix find_bgp_controller
>   controllers: frr: add parsing of "interfaces" section
>   controllers: add isis router plugin
> 
>  src/PVE/Network/SDN/Controllers.pm            |   2 +
>  src/PVE/Network/SDN/Controllers/EvpnPlugin.pm |  57 ++++++--
>  src/PVE/Network/SDN/Controllers/IsisPlugin.pm | 123 ++++++++++++++++++
>  src/PVE/Network/SDN/Controllers/Makefile      |   2 +-
>  src/PVE/Network/SDN/Zones/EvpnPlugin.pm       |  10 +-
>  .../evpn/isis/expected_controller_config      |  58 +++++++++
>  .../zones/evpn/isis/expected_sdn_interfaces   |  41 ++++++
>  src/test/zones/evpn/isis/interfaces           |   7 +
>  src/test/zones/evpn/isis/sdn_config           |  49 +++++++
>  .../isis_loopback/expected_controller_config  |  59 +++++++++
>  .../isis_loopback/expected_sdn_interfaces     |  41 ++++++
>  src/test/zones/evpn/isis_loopback/interfaces  |  12 ++
>  src/test/zones/evpn/isis_loopback/sdn_config  |  50 +++++++
>  13 files changed, 499 insertions(+), 12 deletions(-)
>  create mode 100644 src/PVE/Network/SDN/Controllers/IsisPlugin.pm
>  create mode 100644 src/test/zones/evpn/isis/expected_controller_config
>  create mode 100644 src/test/zones/evpn/isis/expected_sdn_interfaces
>  create mode 100644 src/test/zones/evpn/isis/interfaces
>  create mode 100644 src/test/zones/evpn/isis/sdn_config
>  create mode 100644 src/test/zones/evpn/isis_loopback/expected_controller_config
>  create mode 100644 src/test/zones/evpn/isis_loopback/expected_sdn_interfaces
>  create mode 100644 src/test/zones/evpn/isis_loopback/interfaces
>  create mode 100644 src/test/zones/evpn/isis_loopback/sdn_config
> 
> 
> pve-manager:
> 
> Alexandre Derumier (1):
>   sdn: controllers: add isis controller
> 
>  www/manager6/Makefile                    |  1 +
>  www/manager6/Utils.js                    |  5 ++
>  www/manager6/sdn/controllers/IsisEdit.js | 61 ++++++++++++++++++++++++
>  3 files changed, 67 insertions(+)
>  create mode 100644 www/manager6/sdn/controllers/IsisEdit.js
> 
> 
> pve-docs:
> 
> Alexandre Derumier (2):
>   sdn: add notes about bgp controller
>   sdn: add isis controller documentation
> 
>  pvesdn.adoc | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> -- 
> 2.39.2
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
>