[pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup
@ 2023-12-03 15:46 Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 1/4] controllers: evpn: add ipv6 prefix-list support Alexandre Derumier
                   ` (5 more replies)
  0 siblings, 6 replies; 8+ messages in thread
From: Alexandre Derumier @ 2023-12-03 15:46 UTC (permalink / raw)
  To: pve-devel

This patch serie is fixing 1 critical bug with multiple exit-nodes
and other minor ipv6 bug with prefix-list && null routes.

Also cleaning the re-ordering of some values in frr.conf to match
the output of frr running config.

Alexandre Derumier (4):
  controllers: evpn: add ipv6 prefix-list support
  controllers: evpn: bugfix: use prefix-list in route-map instead evpn
    match
  controllers: evpn: frr config cleanup
  controllers: evpn: fix null routes order && ipv6

 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 52 +++++++++++++++----
 .../expected_controller_config                |  6 +--
 .../expected_controller_config                |  6 +--
 .../evpn/ebgp/expected_controller_config      |  6 +--
 .../ebgp_loopback/expected_controller_config  |  6 +--
 .../evpn/exitnode/expected_controller_config  | 19 ++++---
 .../expected_controller_config                | 19 ++++---
 .../expected_controller_config                | 18 +++++--
 .../exitnode_snat/expected_controller_config  | 19 ++++---
 .../expected_controller_config                | 33 +++++++++---
 .../exitnodenullroute/expected_sdn_interfaces |  8 +++
 .../zones/evpn/exitnodenullroute/sdn_config   | 35 +++++++++++++
 .../evpn/ipv4/expected_controller_config      |  6 +--
 .../evpn/ipv4ipv6/expected_controller_config  |  6 +--
 .../expected_controller_config                |  6 +--
 .../evpn/ipv6/expected_controller_config      |  6 +--
 .../evpn/isis/expected_controller_config      |  6 +--
 .../isis_loopback/expected_controller_config  |  6 +--
 .../expected_controller_config                |  6 +--
 .../multiplezones/expected_controller_config  |  6 +--
 .../evpn/rt_import/expected_controller_config |  6 +--
 .../evpn/vxlanport/expected_controller_config |  6 +--
 22 files changed, 203 insertions(+), 84 deletions(-)

-- 
2.39.2




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH pve-network 1/4] controllers: evpn: add ipv6 prefix-list support
  2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
@ 2023-12-03 15:46 ` Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 2/4] controllers: evpn: bugfix: use prefix-list in route-map instead evpn match Alexandre Derumier
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2023-12-03 15:46 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index f320139..e536226 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -484,6 +484,7 @@ sub generate_controller_rawconfig {
     generate_frr_recurse($final_config, $config->{frr}, undef, 0);
     generate_frr_list($final_config, $config->{frr_access_list}, "access-list");
     generate_frr_list($final_config, $config->{frr_prefix_list}, "ip prefix-list");
+    generate_frr_list($final_config, $config->{frr_prefix_list_v6}, "ipv6 prefix-list");
     generate_frr_routemap($final_config, $config->{frr_routemap});
     generate_frr_ip_protocol($final_config, $config->{frr_ip_protocol});
 
@@ -535,6 +536,9 @@ sub parse_merge_frr_local_config {
 	} elsif ($line =~ m/^ip prefix-list (.+) seq (\d+) (.*)$/) {
 	    $config->{'frr_prefix_list'}->{$1}->{$2} = $3;
 	    next;
+	} elsif ($line =~ m/^ipv6 prefix-list (.+) seq (\d+) (.*)$/) {
+	    $config->{'frr_prefix_list_v6'}->{$1}->{$2} = $3;
+	    next;
 	} elsif($line =~ m/^exit-address-family$/) {
 	    next;
 	} elsif($line =~ m/^exit$/) {
-- 
2.39.2




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH pve-network 2/4] controllers: evpn: bugfix: use prefix-list in route-map instead evpn match
  2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 1/4] controllers: evpn: add ipv6 prefix-list support Alexandre Derumier
@ 2023-12-03 15:46 ` Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 3/4] controllers: evpn: frr config cleanup Alexandre Derumier
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2023-12-03 15:46 UTC (permalink / raw)
  To: pve-devel

"match evpn" in route-map is broken since 8.5.0
https://github.com/FRRouting/frr/issues/14419

the patch
https://github.com/FRRouting/frr/commit/272c6d5db128ff7450fe9fcd16c046160594deb3
is converting type-2 && type-5 evpn routes to prefix-prefix.
(fixing prefix-list not working previously, but breaking "match evpn")

So, simply use prefix-list now, as "match epvn" was a workaround anyway.

reported on the forum, where user have routing loop between the 2 exit-nodes:
https://forum.proxmox.com/threads/sdn-with-evpn-controller-routing-loop-when-using-multiple-exit-nodes.137362/

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 ++++++++++++++-----
 .../evpn/exitnode/expected_controller_config  | 13 +++++++---
 .../expected_controller_config                | 13 +++++++---
 .../expected_controller_config                | 12 +++++++--
 .../exitnode_snat/expected_controller_config  | 13 +++++++---
 .../expected_controller_config                | 20 ++++++++++----
 6 files changed, 74 insertions(+), 23 deletions(-)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index e536226..f1605a3 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -188,22 +188,34 @@ sub generate_controller_zone_config {
 
     if ($is_gateway) {
 
+	$config->{frr_prefix_list}->{'only_default'}->{1} = "permit 0.0.0.0/0";
+	$config->{frr_prefix_list_v6}->{'only_default_v6'}->{1} = "permit ::/0";
+
 	if (!$exitnodes_primary || $exitnodes_primary eq $local_node) {
-	    #filter default type5 route coming from other exit nodes on primary node or both nodes if no primary is defined.
+	    #filter default route coming from other exit nodes on primary node or both nodes if no primary is defined.
+	    my $routemap_config_v6 = ();
+	    push @{$routemap_config_v6}, "match ip address prefix-list only_default_v6";
+	    my $routemap_v6 = { rule => $routemap_config_v6, action => "deny" };
+	    unshift(@{$config->{frr_routemap}->{'MAP_VTEP_IN'}}, $routemap_v6);
+
 	    my $routemap_config = ();
-	    push @{$routemap_config}, "match evpn vni $vrfvxlan";
-	    push @{$routemap_config}, "match evpn route-type prefix";
+	    push @{$routemap_config}, "match ip address prefix-list only_default";
 	    my $routemap = { rule => $routemap_config, action => "deny" };
 	    unshift(@{$config->{frr_routemap}->{'MAP_VTEP_IN'}}, $routemap);
+
 	} elsif ($exitnodes_primary ne $local_node) {
+	    my $routemap_config_v6 = ();
+	    push @{$routemap_config_v6}, "match ipv6 address prefix-list only_default_v6";
+	    push @{$routemap_config_v6}, "set metric 200";
+	    my $routemap_v6 = { rule => $routemap_config_v6, action => "permit" };
+	    unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap_v6);
+
 	    my $routemap_config = ();
-	    push @{$routemap_config}, "match evpn vni $vrfvxlan";
-	    push @{$routemap_config}, "match evpn route-type prefix";
+	    push @{$routemap_config}, "match ip address prefix-list only_default";
 	    push @{$routemap_config}, "set metric 200";
 	    my $routemap = { rule => $routemap_config, action => "permit" };
 	    unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap);
-        }
-
+	}
 
 	if (!$exitnodes_local_routing) {
 	    @controller_config = ();
diff --git a/src/test/zones/evpn/exitnode/expected_controller_config b/src/test/zones/evpn/exitnode/expected_controller_config
index 598233f..f327e34 100644
--- a/src/test/zones/evpn/exitnode/expected_controller_config
+++ b/src/test/zones/evpn/exitnode/expected_controller_config
@@ -56,12 +56,19 @@ router bgp 65000 vrf vrf_myzone
  exit-address-family
 exit
 !
+ip prefix-list only_default seq 1 permit 0.0.0.0/0
+!
+ipv6 prefix-list only_default_v6 seq 1 permit ::/0
+!
 route-map MAP_VTEP_IN deny 1
- match evpn vni 1000
- match evpn route-type prefix
+ match ip address prefix-list only_default
+exit
+!
+route-map MAP_VTEP_IN deny 2
+ match ip address prefix-list only_default_v6
 exit
 !
-route-map MAP_VTEP_IN permit 2
+route-map MAP_VTEP_IN permit 3
 exit
 !
 route-map MAP_VTEP_OUT permit 1
diff --git a/src/test/zones/evpn/exitnode_local_routing/expected_controller_config b/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
index 8c8e485..5b96cd8 100644
--- a/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
@@ -40,12 +40,19 @@ router bgp 65000 vrf vrf_myzone
  exit-address-family
 exit
 !
+ip prefix-list only_default seq 1 permit 0.0.0.0/0
+!
+ipv6 prefix-list only_default_v6 seq 1 permit ::/0
+!
 route-map MAP_VTEP_IN deny 1
- match evpn vni 1000
- match evpn route-type prefix
+ match ip address prefix-list only_default
+exit
+!
+route-map MAP_VTEP_IN deny 2
+ match ip address prefix-list only_default_v6
 exit
 !
-route-map MAP_VTEP_IN permit 2
+route-map MAP_VTEP_IN permit 3
 exit
 !
 route-map MAP_VTEP_OUT permit 1
diff --git a/src/test/zones/evpn/exitnode_primary/expected_controller_config b/src/test/zones/evpn/exitnode_primary/expected_controller_config
index ec73a38..b7f2db5 100644
--- a/src/test/zones/evpn/exitnode_primary/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_primary/expected_controller_config
@@ -56,16 +56,24 @@ router bgp 65000 vrf vrf_myzone
  exit-address-family
 exit
 !
+ip prefix-list only_default seq 1 permit 0.0.0.0/0
+!
+ipv6 prefix-list only_default_v6 seq 1 permit ::/0
+!
 route-map MAP_VTEP_IN permit 1
 exit
 !
 route-map MAP_VTEP_OUT permit 1
- match evpn vni 1000
- match evpn route-type prefix
+ match ip address prefix-list only_default
  set metric 200
 exit
 !
 route-map MAP_VTEP_OUT permit 2
+ match ipv6 address prefix-list only_default_v6
+ set metric 200
+exit
+!
+route-map MAP_VTEP_OUT permit 3
 exit
 !
 line vty
diff --git a/src/test/zones/evpn/exitnode_snat/expected_controller_config b/src/test/zones/evpn/exitnode_snat/expected_controller_config
index 598233f..f327e34 100644
--- a/src/test/zones/evpn/exitnode_snat/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_snat/expected_controller_config
@@ -56,12 +56,19 @@ router bgp 65000 vrf vrf_myzone
  exit-address-family
 exit
 !
+ip prefix-list only_default seq 1 permit 0.0.0.0/0
+!
+ipv6 prefix-list only_default_v6 seq 1 permit ::/0
+!
 route-map MAP_VTEP_IN deny 1
- match evpn vni 1000
- match evpn route-type prefix
+ match ip address prefix-list only_default
+exit
+!
+route-map MAP_VTEP_IN deny 2
+ match ip address prefix-list only_default_v6
 exit
 !
-route-map MAP_VTEP_IN permit 2
+route-map MAP_VTEP_IN permit 3
 exit
 !
 route-map MAP_VTEP_OUT permit 1
diff --git a/src/test/zones/evpn/exitnodenullroute/expected_controller_config b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
index 7dc8517..1728c02 100644
--- a/src/test/zones/evpn/exitnodenullroute/expected_controller_config
+++ b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
@@ -84,17 +84,27 @@ router bgp 65000 vrf vrf_myzone2
  exit-address-family
 exit
 !
+ip prefix-list only_default seq 1 permit 0.0.0.0/0
+!
+ipv6 prefix-list only_default_v6 seq 1 permit ::/0
+!
 route-map MAP_VTEP_IN deny 1
- match evpn vni 1001
- match evpn route-type prefix
+ match ip address prefix-list only_default
 exit
 !
 route-map MAP_VTEP_IN deny 2
- match evpn vni 1000
- match evpn route-type prefix
+ match ip address prefix-list only_default_v6
+exit
+!
+route-map MAP_VTEP_IN deny 3
+ match ip address prefix-list only_default
+exit
+!
+route-map MAP_VTEP_IN deny 4
+ match ip address prefix-list only_default_v6
 exit
 !
-route-map MAP_VTEP_IN permit 3
+route-map MAP_VTEP_IN permit 5
 exit
 !
 route-map MAP_VTEP_OUT permit 1
-- 
2.39.2




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH pve-network 3/4] controllers: evpn: frr config cleanup
  2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 1/4] controllers: evpn: add ipv6 prefix-list support Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 2/4] controllers: evpn: bugfix: use prefix-list in route-map instead evpn match Alexandre Derumier
@ 2023-12-03 15:46 ` Alexandre Derumier
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 4/4] controllers: evpn: fix null routes order && ipv6 Alexandre Derumier
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2023-12-03 15:46 UTC (permalink / raw)
  To: pve-devel

Some values have been reordered in last version

- bump version to 8.5.2
- move no bgp graceful-restart notification
- move neighbor VTEP activate

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm               | 6 +++---
 .../zones/evpn/advertise_subnets/expected_controller_config | 6 +++---
 .../disable_arp_nd_suppression/expected_controller_config   | 6 +++---
 src/test/zones/evpn/ebgp/expected_controller_config         | 6 +++---
 .../zones/evpn/ebgp_loopback/expected_controller_config     | 6 +++---
 src/test/zones/evpn/exitnode/expected_controller_config     | 6 +++---
 .../evpn/exitnode_local_routing/expected_controller_config  | 6 +++---
 .../zones/evpn/exitnode_primary/expected_controller_config  | 6 +++---
 .../zones/evpn/exitnode_snat/expected_controller_config     | 6 +++---
 .../zones/evpn/exitnodenullroute/expected_controller_config | 6 +++---
 src/test/zones/evpn/ipv4/expected_controller_config         | 6 +++---
 src/test/zones/evpn/ipv4ipv6/expected_controller_config     | 6 +++---
 .../zones/evpn/ipv4ipv6nogateway/expected_controller_config | 6 +++---
 src/test/zones/evpn/ipv6/expected_controller_config         | 6 +++---
 src/test/zones/evpn/isis/expected_controller_config         | 6 +++---
 .../zones/evpn/isis_loopback/expected_controller_config     | 6 +++---
 .../zones/evpn/multipath_relax/expected_controller_config   | 6 +++---
 .../zones/evpn/multiplezones/expected_controller_config     | 6 +++---
 src/test/zones/evpn/rt_import/expected_controller_config    | 6 +++---
 src/test/zones/evpn/vxlanport/expected_controller_config    | 6 +++---
 20 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index f1605a3..648f341 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -77,9 +77,9 @@ sub generate_controller_config {
     my @controller_config = (
 	"bgp router-id $ifaceip",
 	"no bgp hard-administrative-reset",
-	"no bgp graceful-restart notification",
 	"no bgp default ipv4-unicast",
 	"coalesce-time 1000",
+	"no bgp graceful-restart notification",
     );
 
     push(@{$bgp->{""}}, @controller_config) if keys %{$bgp} == 0;
@@ -104,9 +104,9 @@ sub generate_controller_config {
 
     # address-family l2vpn
     @controller_config = ();
+    push @controller_config, "neighbor VTEP activate";
     push @controller_config, "neighbor VTEP route-map MAP_VTEP_IN in";
     push @controller_config, "neighbor VTEP route-map MAP_VTEP_OUT out";
-    push @controller_config, "neighbor VTEP activate";
     push @controller_config, "advertise-all-vni";
     push @controller_config, "autort as $autortas" if $autortas;
     push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
@@ -479,7 +479,7 @@ sub generate_controller_rawconfig {
     my $nodename = PVE::INotify::nodename();
 
     my $final_config = [];
-    push @{$final_config}, "frr version 8.5.1";
+    push @{$final_config}, "frr version 8.5.2";
     push @{$final_config}, "frr defaults datacenter";
     push @{$final_config}, "hostname $nodename";
     push @{$final_config}, "log syslog informational";
diff --git a/src/test/zones/evpn/advertise_subnets/expected_controller_config b/src/test/zones/evpn/advertise_subnets/expected_controller_config
index 15f4581..473a470 100644
--- a/src/test/zones/evpn/advertise_subnets/expected_controller_config
+++ b/src/test/zones/evpn/advertise_subnets/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config b/src/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
index d5d310d..9d8ec60 100644
--- a/src/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
+++ b/src/test/zones/evpn/disable_arp_nd_suppression/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/ebgp/expected_controller_config b/src/test/zones/evpn/ebgp/expected_controller_config
index 1f14b80..8dfb6de 100644
--- a/src/test/zones/evpn/ebgp/expected_controller_config
+++ b/src/test/zones/evpn/ebgp/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65001
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as external
  neighbor VTEP bfd
@@ -33,9 +33,9 @@ router bgp 65001
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
   autort as 65000
  exit-address-family
diff --git a/src/test/zones/evpn/ebgp_loopback/expected_controller_config b/src/test/zones/evpn/ebgp_loopback/expected_controller_config
index 1add7f5..82eef11 100644
--- a/src/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/src/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65001
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as external
  neighbor VTEP bfd
@@ -36,9 +36,9 @@ router bgp 65001
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
   autort as 65000
  exit-address-family
diff --git a/src/test/zones/evpn/exitnode/expected_controller_config b/src/test/zones/evpn/exitnode/expected_controller_config
index f327e34..50b702b 100644
--- a/src/test/zones/evpn/exitnode/expected_controller_config
+++ b/src/test/zones/evpn/exitnode/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -30,9 +30,9 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/exitnode_local_routing/expected_controller_config b/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
index 5b96cd8..456574d 100644
--- a/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/exitnode_primary/expected_controller_config b/src/test/zones/evpn/exitnode_primary/expected_controller_config
index b7f2db5..28c91a5 100644
--- a/src/test/zones/evpn/exitnode_primary/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_primary/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -30,9 +30,9 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/exitnode_snat/expected_controller_config b/src/test/zones/evpn/exitnode_snat/expected_controller_config
index f327e34..50b702b 100644
--- a/src/test/zones/evpn/exitnode_snat/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_snat/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -30,9 +30,9 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/exitnodenullroute/expected_controller_config b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
index 1728c02..e05fc77 100644
--- a/src/test/zones/evpn/exitnodenullroute/expected_controller_config
+++ b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -19,9 +19,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -39,9 +39,9 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/ipv4/expected_controller_config b/src/test/zones/evpn/ipv4/expected_controller_config
index d5d310d..9d8ec60 100644
--- a/src/test/zones/evpn/ipv4/expected_controller_config
+++ b/src/test/zones/evpn/ipv4/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/ipv4ipv6/expected_controller_config b/src/test/zones/evpn/ipv4ipv6/expected_controller_config
index d5d310d..9d8ec60 100644
--- a/src/test/zones/evpn/ipv4ipv6/expected_controller_config
+++ b/src/test/zones/evpn/ipv4ipv6/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config b/src/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
index d5d310d..9d8ec60 100644
--- a/src/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
+++ b/src/test/zones/evpn/ipv4ipv6nogateway/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/ipv6/expected_controller_config b/src/test/zones/evpn/ipv6/expected_controller_config
index d5d310d..9d8ec60 100644
--- a/src/test/zones/evpn/ipv6/expected_controller_config
+++ b/src/test/zones/evpn/ipv6/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/isis/expected_controller_config b/src/test/zones/evpn/isis/expected_controller_config
index 8d1706a..9ec8c01 100644
--- a/src/test/zones/evpn/isis/expected_controller_config
+++ b/src/test/zones/evpn/isis/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -18,9 +18,9 @@ interface eth1
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -28,9 +28,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/isis_loopback/expected_controller_config b/src/test/zones/evpn/isis_loopback/expected_controller_config
index 7b034c4..5a7f5c9 100644
--- a/src/test/zones/evpn/isis_loopback/expected_controller_config
+++ b/src/test/zones/evpn/isis_loopback/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -18,9 +18,9 @@ interface eth1
 router bgp 65000
  bgp router-id 10.0.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -29,9 +29,9 @@ router bgp 65000
  neighbor 10.0.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/multipath_relax/expected_controller_config b/src/test/zones/evpn/multipath_relax/expected_controller_config
index f0316cc..a87cdc4 100644
--- a/src/test/zones/evpn/multipath_relax/expected_controller_config
+++ b/src/test/zones/evpn/multipath_relax/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -34,9 +34,9 @@ router bgp 65000
  exit-address-family
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/multiplezones/expected_controller_config b/src/test/zones/evpn/multiplezones/expected_controller_config
index 8d578f7..37f663a 100644
--- a/src/test/zones/evpn/multiplezones/expected_controller_config
+++ b/src/test/zones/evpn/multiplezones/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -16,9 +16,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -26,9 +26,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/rt_import/expected_controller_config b/src/test/zones/evpn/rt_import/expected_controller_config
index f394b84..5bdb148 100644
--- a/src/test/zones/evpn/rt_import/expected_controller_config
+++ b/src/test/zones/evpn/rt_import/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
diff --git a/src/test/zones/evpn/vxlanport/expected_controller_config b/src/test/zones/evpn/vxlanport/expected_controller_config
index d5d310d..9d8ec60 100644
--- a/src/test/zones/evpn/vxlanport/expected_controller_config
+++ b/src/test/zones/evpn/vxlanport/expected_controller_config
@@ -1,4 +1,4 @@
-frr version 8.5.1
+frr version 8.5.2
 frr defaults datacenter
 hostname localhost
 log syslog informational
@@ -12,9 +12,9 @@ exit-vrf
 router bgp 65000
  bgp router-id 192.168.0.1
  no bgp hard-administrative-reset
- no bgp graceful-restart notification
  no bgp default ipv4-unicast
  coalesce-time 1000
+ no bgp graceful-restart notification
  neighbor VTEP peer-group
  neighbor VTEP remote-as 65000
  neighbor VTEP bfd
@@ -22,9 +22,9 @@ router bgp 65000
  neighbor 192.168.0.3 peer-group VTEP
  !
  address-family l2vpn evpn
+  neighbor VTEP activate
   neighbor VTEP route-map MAP_VTEP_IN in
   neighbor VTEP route-map MAP_VTEP_OUT out
-  neighbor VTEP activate
   advertise-all-vni
  exit-address-family
 exit
-- 
2.39.2




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH pve-network 4/4] controllers: evpn: fix null routes order && ipv6
  2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
                   ` (2 preceding siblings ...)
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 3/4] controllers: evpn: frr config cleanup Alexandre Derumier
@ 2023-12-03 15:46 ` Alexandre Derumier
  2024-01-06  6:41 ` [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup DERUMIER, Alexandre
  2024-01-22 10:59 ` [pve-devel] applied: " Thomas Lamprecht
  5 siblings, 0 replies; 8+ messages in thread
From: Alexandre Derumier @ 2023-12-03 15:46 UTC (permalink / raw)
  To: pve-devel

- don't duplicate ip
- ipv6 use "ipv6 route"
- order correctly

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 16 ++++++++-
 .../expected_controller_config                |  7 ++++
 .../exitnodenullroute/expected_sdn_interfaces |  8 +++++
 .../zones/evpn/exitnodenullroute/sdn_config   | 35 +++++++++++++++++++
 4 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 648f341..c2fdf88 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -162,11 +162,25 @@ sub generate_controller_zone_config {
     #null routes subnets of other zones
     if ($is_gateway) {
 	my $subnets = PVE::Network::SDN::Vnets::get_subnets();
+	my $cidrs = {};
 	foreach my $subnetid (sort keys %{$subnets}) {
 	    my $subnet = $subnets->{$subnetid};
 	    my $cidr = $subnet->{cidr};
 	    my $zone = $subnet->{zone};
-	    push @controller_config, "ip route $cidr null0" if $zone ne $id;
+	    my ($ip, $mask) = split(/\//, $cidr);
+	    $cidrs->{$ip} = $mask if $zone ne $id;
+
+	}
+
+	my @sorted_ip =
+		map  { $_->[0] }
+		sort { $a->[1] <=> $b->[1] }
+		map  { [ $_, eval { Net::IP->new( $_ )->intip } ] }
+		keys %{$cidrs} if $cidrs;
+
+	foreach my $ip (@sorted_ip) {
+	    my $ipversion = Net::IP::ip_is_ipv4($ip) ? 'ip' : 'ipv6';
+	    push @controller_config, "$ipversion route $ip/$cidrs->{$ip} null0";
 	}
     }
 
diff --git a/src/test/zones/evpn/exitnodenullroute/expected_controller_config b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
index e05fc77..a6403c0 100644
--- a/src/test/zones/evpn/exitnodenullroute/expected_controller_config
+++ b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
@@ -7,13 +7,20 @@ service integrated-vtysh-config
 !
 vrf vrf_myzone
  vni 1000
+ ip route 10.0.0.0/24 null0
  ip route 172.16.0.0/24 null0
  ip route 172.16.1.0/24 null0
+ ip route 172.16.3.0/24 null0
 exit-vrf
 !
 vrf vrf_myzone2
  vni 1001
  ip route 10.0.0.0/24 null0
+ ip route 192.168.0.1/24 null0
+ ip route 192.168.10.1/24 null0
+ ipv6 route 2b0f:1480::/64 null0
+ ipv6 route 2b0f:1480:4000:6000::/64 null0
+ ipv6 route 2b0f:1480:4000:8000::/64 null0
 exit-vrf
 !
 router bgp 65000
diff --git a/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces b/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces
index b6d9c13..4bf5ccf 100644
--- a/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces
+++ b/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces
@@ -3,17 +3,25 @@
 auto myvnet
 iface myvnet
 	address 10.0.0.1/24
+	address 192.168.0.1/24
+	address 192.168.10.1/24
+	address 2b0f:1480:4000:6000::1/64
+	address 2b0f:1480:4000:8000::1/64
+	address 2b0f:1480::1/64
 	bridge_ports vxlan_myvnet
 	bridge_stp off
 	bridge_fd 0
 	mtu 1450
 	ip-forward on
+	ip6-forward on
 	arp-accept on
 	vrf vrf_myzone
 
 auto myvnet2
 iface myvnet2
+	address 10.0.0.1/24
 	address 172.16.0.1/24
+	address 172.16.3.1/24
 	bridge_ports vxlan_myvnet2
 	bridge_stp off
 	bridge_fd 0
diff --git a/src/test/zones/evpn/exitnodenullroute/sdn_config b/src/test/zones/evpn/exitnodenullroute/sdn_config
index 1060f83..5064ec4 100644
--- a/src/test/zones/evpn/exitnodenullroute/sdn_config
+++ b/src/test/zones/evpn/exitnodenullroute/sdn_config
@@ -19,16 +19,51 @@
 
   subnets => {
 		ids => { 
+			'myzone-192.168.10.1-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '192.168.10.1',
+			},
+			'myzone-192.168.0.1-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '192.168.0.1',
+			},
 			'myzone-10.0.0.0-24' => {
 			    'type' => 'subnet',
 			    'vnet' => 'myvnet',
 			    'gateway' => '10.0.0.1',
 			},
+			'myzone2-10.0.0.0-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet2',
+			    'gateway' => '10.0.0.1',
+			},
+			'myzone-2b0f:1480:4000:8000::-64' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '2b0f:1480:4000:8000::1',
+			},
+			'myzone-2b0f:1480::-64' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '2b0f:1480::1',
+			},
 			'myzone2-172.16.0.0-24' => {
 			    'type' => 'subnet',
 			    'vnet' => 'myvnet2',
 			    'gateway' => '172.16.0.1',
 			},
+			'myzone2-172.16.3.0-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet2',
+			    'gateway' => '172.16.3.1',
+			},
+			'myzone-2b0f:1480:4000:6000::-64' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '2b0f:1480:4000:6000::1',
+			},
 			'myzone2-172.16.1.0-24' => {
 			    'type' => 'subnet',
 			    'vnet' => 'myvnet2',
-- 
2.39.2




^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup
  2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
                   ` (3 preceding siblings ...)
  2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 4/4] controllers: evpn: fix null routes order && ipv6 Alexandre Derumier
@ 2024-01-06  6:41 ` DERUMIER, Alexandre
  2024-01-19 11:59   ` DERUMIER, Alexandre
  2024-01-22 10:59 ` [pve-devel] applied: " Thomas Lamprecht
  5 siblings, 1 reply; 8+ messages in thread
From: DERUMIER, Alexandre @ 2024-01-06  6:41 UTC (permalink / raw)
  To: pve-devel

Hi,

could it be possible to apply this patch serie, I have seen another
forum user have bugs with evpn && multuple exit nods.


-------- Message initial --------
De: Alexandre Derumier <aderumier@odiso.com>
Répondre à: Proxmox VE development discussion <pve-
devel@lists.proxmox.com>
À: pve-devel@lists.proxmox.com
Objet: [pve-devel] [PATCH pve-network 0/4] evpn controller fix &&
cleanup
Date: 03/12/2023 16:46:06

This patch serie is fixing 1 critical bug with multiple exit-nodes
and other minor ipv6 bug with prefix-list && null routes.

Also cleaning the re-ordering of some values in frr.conf to match
the output of frr running config.

Alexandre Derumier (4):
  controllers: evpn: add ipv6 prefix-list support
  controllers: evpn: bugfix: use prefix-list in route-map instead evpn
    match
  controllers: evpn: frr config cleanup
  controllers: evpn: fix null routes order && ipv6

 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 52 +++++++++++++++----
 .../expected_controller_config                |  6 +--
 .../expected_controller_config                |  6 +--
 .../evpn/ebgp/expected_controller_config      |  6 +--
 .../ebgp_loopback/expected_controller_config  |  6 +--
 .../evpn/exitnode/expected_controller_config  | 19 ++++---
 .../expected_controller_config                | 19 ++++---
 .../expected_controller_config                | 18 +++++--
 .../exitnode_snat/expected_controller_config  | 19 ++++---
 .../expected_controller_config                | 33 +++++++++---
 .../exitnodenullroute/expected_sdn_interfaces |  8 +++
 .../zones/evpn/exitnodenullroute/sdn_config   | 35 +++++++++++++
 .../evpn/ipv4/expected_controller_config      |  6 +--
 .../evpn/ipv4ipv6/expected_controller_config  |  6 +--
 .../expected_controller_config                |  6 +--
 .../evpn/ipv6/expected_controller_config      |  6 +--
 .../evpn/isis/expected_controller_config      |  6 +--
 .../isis_loopback/expected_controller_config  |  6 +--
 .../expected_controller_config                |  6 +--
 .../multiplezones/expected_controller_config  |  6 +--
 .../evpn/rt_import/expected_controller_config |  6 +--
 .../evpn/vxlanport/expected_controller_config |  6 +--
 22 files changed, 203 insertions(+), 84 deletions(-)



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup
  2024-01-06  6:41 ` [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup DERUMIER, Alexandre
@ 2024-01-19 11:59   ` DERUMIER, Alexandre
  0 siblings, 0 replies; 8+ messages in thread
From: DERUMIER, Alexandre @ 2024-01-19 11:59 UTC (permalink / raw)
  To: pve-devel

Hi,

is it possible to applied this patch serie ?


They are 2 bug report about the multiple evpn exit-bug

https://forum.proxmox.com/threads/sdn-with-evpn-controller.139279/

https://forum.proxmox.com/threads/bugfix-for-evpn-sdn-multiple-exit-nodes.137784

-------- Message initial --------
De: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
Répondre à: Proxmox VE development discussion <pve-
devel@lists.proxmox.com>
À: pve-devel@lists.proxmox.com <pve-devel@lists.proxmox.com>
Objet: Re: [pve-devel] [PATCH pve-network 0/4] evpn controller fix &&
cleanup
Date: 06/01/2024 07:41:18

Hi,

could it be possible to apply this patch serie, I have seen another
forum user have bugs with evpn && multuple exit nods.


-------- Message initial --------
De: Alexandre Derumier <aderumier@odiso.com>
Répondre à: Proxmox VE development discussion <pve-
devel@lists.proxmox.com>
À: pve-devel@lists.proxmox.com
Objet: [pve-devel] [PATCH pve-network 0/4] evpn controller fix &&
cleanup
Date: 03/12/2023 16:46:06

This patch serie is fixing 1 critical bug with multiple exit-nodes
and other minor ipv6 bug with prefix-list && null routes.

Also cleaning the re-ordering of some values in frr.conf to match
the output of frr running config.

Alexandre Derumier (4):
  controllers: evpn: add ipv6 prefix-list support
  controllers: evpn: bugfix: use prefix-list in route-map instead evpn
    match
  controllers: evpn: frr config cleanup
  controllers: evpn: fix null routes order && ipv6

 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 52 +++++++++++++++----
 .../expected_controller_config                |  6 +--
 .../expected_controller_config                |  6 +--
 .../evpn/ebgp/expected_controller_config      |  6 +--
 .../ebgp_loopback/expected_controller_config  |  6 +--
 .../evpn/exitnode/expected_controller_config  | 19 ++++---
 .../expected_controller_config                | 19 ++++---
 .../expected_controller_config                | 18 +++++--
 .../exitnode_snat/expected_controller_config  | 19 ++++---
 .../expected_controller_config                | 33 +++++++++---
 .../exitnodenullroute/expected_sdn_interfaces |  8 +++
 .../zones/evpn/exitnodenullroute/sdn_config   | 35 +++++++++++++
 .../evpn/ipv4/expected_controller_config      |  6 +--
 .../evpn/ipv4ipv6/expected_controller_config  |  6 +--
 .../expected_controller_config                |  6 +--
 .../evpn/ipv6/expected_controller_config      |  6 +--
 .../evpn/isis/expected_controller_config      |  6 +--
 .../isis_loopback/expected_controller_config  |  6 +--
 .../expected_controller_config                |  6 +--
 .../multiplezones/expected_controller_config  |  6 +--
 .../evpn/rt_import/expected_controller_config |  6 +--
 .../evpn/vxlanport/expected_controller_config |  6 +--
 22 files changed, 203 insertions(+), 84 deletions(-)


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] applied: [PATCH pve-network 0/4] evpn controller fix && cleanup
  2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
                   ` (4 preceding siblings ...)
  2024-01-06  6:41 ` [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup DERUMIER, Alexandre
@ 2024-01-22 10:59 ` Thomas Lamprecht
  5 siblings, 0 replies; 8+ messages in thread
From: Thomas Lamprecht @ 2024-01-22 10:59 UTC (permalink / raw)
  To: Proxmox VE development discussion, Alexandre Derumier

Am 03/12/2023 um 16:46 schrieb Alexandre Derumier:
> This patch serie is fixing 1 critical bug with multiple exit-nodes
> and other minor ipv6 bug with prefix-list && null routes.
> 
> Also cleaning the re-ordering of some values in frr.conf to match
> the output of frr running config.
> 
> Alexandre Derumier (4):
>   controllers: evpn: add ipv6 prefix-list support
>   controllers: evpn: bugfix: use prefix-list in route-map instead evpn
>     match
>   controllers: evpn: frr config cleanup
>   controllers: evpn: fix null routes order && ipv6
> 
>  src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 52 +++++++++++++++----
>  .../expected_controller_config                |  6 +--
>  .../expected_controller_config                |  6 +--
>  .../evpn/ebgp/expected_controller_config      |  6 +--
>  .../ebgp_loopback/expected_controller_config  |  6 +--
>  .../evpn/exitnode/expected_controller_config  | 19 ++++---
>  .../expected_controller_config                | 19 ++++---
>  .../expected_controller_config                | 18 +++++--
>  .../exitnode_snat/expected_controller_config  | 19 ++++---
>  .../expected_controller_config                | 33 +++++++++---
>  .../exitnodenullroute/expected_sdn_interfaces |  8 +++
>  .../zones/evpn/exitnodenullroute/sdn_config   | 35 +++++++++++++
>  .../evpn/ipv4/expected_controller_config      |  6 +--
>  .../evpn/ipv4ipv6/expected_controller_config  |  6 +--
>  .../expected_controller_config                |  6 +--
>  .../evpn/ipv6/expected_controller_config      |  6 +--
>  .../evpn/isis/expected_controller_config      |  6 +--
>  .../isis_loopback/expected_controller_config  |  6 +--
>  .../expected_controller_config                |  6 +--
>  .../multiplezones/expected_controller_config  |  6 +--
>  .../evpn/rt_import/expected_controller_config |  6 +--
>  .../evpn/vxlanport/expected_controller_config |  6 +--
>  22 files changed, 203 insertions(+), 84 deletions(-)
> 


sorry for the delay, applied series now, thanks!




^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2024-01-22 10:59 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-03 15:46 [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup Alexandre Derumier
2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 1/4] controllers: evpn: add ipv6 prefix-list support Alexandre Derumier
2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 2/4] controllers: evpn: bugfix: use prefix-list in route-map instead evpn match Alexandre Derumier
2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 3/4] controllers: evpn: frr config cleanup Alexandre Derumier
2023-12-03 15:46 ` [pve-devel] [PATCH pve-network 4/4] controllers: evpn: fix null routes order && ipv6 Alexandre Derumier
2024-01-06  6:41 ` [pve-devel] [PATCH pve-network 0/4] evpn controller fix && cleanup DERUMIER, Alexandre
2024-01-19 11:59   ` DERUMIER, Alexandre
2024-01-22 10:59 ` [pve-devel] applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal