From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 942DB9A896 for ; Fri, 17 Nov 2023 14:56:08 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 75AA233DE5 for ; Fri, 17 Nov 2023 14:55:38 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 17 Nov 2023 14:55:37 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5574143E38 for ; Fri, 17 Nov 2023 14:55:37 +0100 (CET) From: Stefan Lendl To: pve-devel@lists.proxmox.com Date: Fri, 17 Nov 2023 14:55:29 +0100 Message-ID: <20231117135531.3198353-5-s.lendl@proxmox.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231117135531.3198353-1-s.lendl@proxmox.com> References: <20231117135531.3198353-1-s.lendl@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.063 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH v2 pve-docs 4/6] sdn: Controllers X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2023 13:56:08 -0000 Signed-off-by: Stefan Lendl --- pvesdn.adoc | 56 +++++++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/pvesdn.adoc b/pvesdn.adoc index c4b77f0..73d3dee 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -336,36 +336,41 @@ DNS Zone Prefix:: Add a prefix to the domain registration, like [[pvesdn_config_controllers]] Controllers ------------ +------------- + +Some zones implement a separated control and data plane that require an external +external controller to manage the VNet's control plane. + +Currently, only the `EVPN` zone requires an external controller. -Some zone types need an external controller to manage the VNet control-plane. -Currently this is only required for the `bgp-evpn` zone plugin. [[pvesdn_controller_plugin_evpn]] EVPN Controller -~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~ -For `BGP-EVPN`, we need a controller to manage the control plane. -The currently supported software controller is the "frr" router. -You may need to install it on each node where you want to deploy EVPN zones. +The `EVPN`, zone requires an external controller to manage the control plane. +The EVPN controller plugin configures the Free Range Routing (frr) router. + +To enable the EVPN controller, you need to install frr on every node that shall +participate in the EVPN zone. ---- apt install frr frr-pythontools ---- -Configuration options: +EVPN controller configuration options: -asn:: A unique BGP ASN number. It's highly recommended to use a private ASN +ASN #:: A unique BGP ASN number. It's highly recommended to use a private ASN number (64512 – 65534, 4200000000 – 4294967294), as otherwise you could end up breaking global routing by mistake. -peers:: An IP list of all nodes where you want to communicate for the EVPN - (could also be external nodes or route reflectors servers) +Peers:: An IP list of all nodes that are part of the EVPN zone. (could also be + external nodes or route reflector servers) [[pvesdn_controller_plugin_BGP]] BGP Controller -~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~ The BGP controller is not used directly by a zone. You can use it to configure FRR to manage BGP peers. @@ -376,20 +381,20 @@ It can also be used to export EVPN routes to an external BGP peer. NOTE: By default, for a simple full mesh EVPN, you don't need to define a BGP controller. -Configuration options: +BGP controller configuration options: -node:: The node of this BGP controller +Node:: The node of this BGP controller -asn:: A unique BGP ASN number. It's highly recommended to use a private ASN +ASN #:: A unique BGP ASN number. It's highly recommended to use a private ASN number in the range (64512 - 65534) or (4200000000 - 4294967294), as otherwise you could break global routing by mistake. -peers:: A list of peer IP addresses you want to communicate with using the +Peer:: A list of peer IP addresses you want to communicate with using the underlying BGP network. -ebgp:: If your peer's remote-AS is different, this enables EBGP. +EBGP:: If your peer's remote-AS is different, this enables EBGP. -loopback:: Use a loopback or dummy interface as the source of the EVPN network +Loopback Interface:: Use a loopback or dummy interface as the source of the EVPN network (for multipath). ebgp-mutltihop:: Increase the number of hops to reach peers, in case they are @@ -403,21 +408,22 @@ ISIS Controller ~~~~~~~~~~~~~~~ The ISIS controller is not used directly by a zone. -You can use it to configure FRR to export evpn routes to an ISIS domain. +You can use it to configure FRR to export EVPN routes to an ISIS domain. -Configuration options: +ISIS controller configuration options: -node:: The node of this ISIS controller. +Node:: The node of this ISIS controller. -domain:: A unique ISIS domain. +Domain:: A unique ISIS domain. -network entity title:: A Unique ISIS network address that identifies this node. +Network Entity Title:: A Unique ISIS network address that identifies this node. -interfaces:: A list of physical interface(s) used by ISIS. +Interfaces:: A list of physical interface(s) used by ISIS. -loopback:: Use a loopback or dummy interface as the source of the EVPN network +Loopback:: Use a loopback or dummy interface as the source of the EVPN network (for multipath). + [[pvesdn_config_ipam]] IPAMs ----- -- 2.42.0