From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <root@kvmformation3.odiso.net>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 3B410B8232
 for <pve-devel@lists.proxmox.com>; Sun,  3 Dec 2023 16:46:43 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 2478A30A4
 for <pve-devel@lists.proxmox.com>; Sun,  3 Dec 2023 16:46:43 +0100 (CET)
Received: from bastionodiso.odiso.net (bastionodiso.odiso.net
 [IPv6:2a0a:1580:2000::2d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Sun,  3 Dec 2023 16:46:42 +0100 (CET)
Received: from kvmformation3.odiso.net (formationkvm3.odiso.net [10.3.94.12])
 by bastionodiso.odiso.net (Postfix) with ESMTP id 395498107;
 Sun,  3 Dec 2023 16:46:42 +0100 (CET)
Received: by kvmformation3.odiso.net (Postfix, from userid 0)
 id 2D4511E26FD; Sun,  3 Dec 2023 16:46:12 +0100 (CET)
From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Date: Sun,  3 Dec 2023 16:46:10 +0100
Message-Id: <20231203154610.217714-5-aderumier@odiso.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20231203154610.217714-1-aderumier@odiso.com>
References: <20231203154610.217714-1-aderumier@odiso.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.227 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail
 domains are different
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [PATCH pve-network 4/4] controllers: evpn: fix null
 routes order && ipv6
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Sun, 03 Dec 2023 15:46:43 -0000

- don't duplicate ip
- ipv6 use "ipv6 route"
- order correctly

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 16 ++++++++-
 .../expected_controller_config                |  7 ++++
 .../exitnodenullroute/expected_sdn_interfaces |  8 +++++
 .../zones/evpn/exitnodenullroute/sdn_config   | 35 +++++++++++++++++++
 4 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 648f341..c2fdf88 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -162,11 +162,25 @@ sub generate_controller_zone_config {
     #null routes subnets of other zones
     if ($is_gateway) {
 	my $subnets = PVE::Network::SDN::Vnets::get_subnets();
+	my $cidrs = {};
 	foreach my $subnetid (sort keys %{$subnets}) {
 	    my $subnet = $subnets->{$subnetid};
 	    my $cidr = $subnet->{cidr};
 	    my $zone = $subnet->{zone};
-	    push @controller_config, "ip route $cidr null0" if $zone ne $id;
+	    my ($ip, $mask) = split(/\//, $cidr);
+	    $cidrs->{$ip} = $mask if $zone ne $id;
+
+	}
+
+	my @sorted_ip =
+		map  { $_->[0] }
+		sort { $a->[1] <=> $b->[1] }
+		map  { [ $_, eval { Net::IP->new( $_ )->intip } ] }
+		keys %{$cidrs} if $cidrs;
+
+	foreach my $ip (@sorted_ip) {
+	    my $ipversion = Net::IP::ip_is_ipv4($ip) ? 'ip' : 'ipv6';
+	    push @controller_config, "$ipversion route $ip/$cidrs->{$ip} null0";
 	}
     }
 
diff --git a/src/test/zones/evpn/exitnodenullroute/expected_controller_config b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
index e05fc77..a6403c0 100644
--- a/src/test/zones/evpn/exitnodenullroute/expected_controller_config
+++ b/src/test/zones/evpn/exitnodenullroute/expected_controller_config
@@ -7,13 +7,20 @@ service integrated-vtysh-config
 !
 vrf vrf_myzone
  vni 1000
+ ip route 10.0.0.0/24 null0
  ip route 172.16.0.0/24 null0
  ip route 172.16.1.0/24 null0
+ ip route 172.16.3.0/24 null0
 exit-vrf
 !
 vrf vrf_myzone2
  vni 1001
  ip route 10.0.0.0/24 null0
+ ip route 192.168.0.1/24 null0
+ ip route 192.168.10.1/24 null0
+ ipv6 route 2b0f:1480::/64 null0
+ ipv6 route 2b0f:1480:4000:6000::/64 null0
+ ipv6 route 2b0f:1480:4000:8000::/64 null0
 exit-vrf
 !
 router bgp 65000
diff --git a/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces b/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces
index b6d9c13..4bf5ccf 100644
--- a/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces
+++ b/src/test/zones/evpn/exitnodenullroute/expected_sdn_interfaces
@@ -3,17 +3,25 @@
 auto myvnet
 iface myvnet
 	address 10.0.0.1/24
+	address 192.168.0.1/24
+	address 192.168.10.1/24
+	address 2b0f:1480:4000:6000::1/64
+	address 2b0f:1480:4000:8000::1/64
+	address 2b0f:1480::1/64
 	bridge_ports vxlan_myvnet
 	bridge_stp off
 	bridge_fd 0
 	mtu 1450
 	ip-forward on
+	ip6-forward on
 	arp-accept on
 	vrf vrf_myzone
 
 auto myvnet2
 iface myvnet2
+	address 10.0.0.1/24
 	address 172.16.0.1/24
+	address 172.16.3.1/24
 	bridge_ports vxlan_myvnet2
 	bridge_stp off
 	bridge_fd 0
diff --git a/src/test/zones/evpn/exitnodenullroute/sdn_config b/src/test/zones/evpn/exitnodenullroute/sdn_config
index 1060f83..5064ec4 100644
--- a/src/test/zones/evpn/exitnodenullroute/sdn_config
+++ b/src/test/zones/evpn/exitnodenullroute/sdn_config
@@ -19,16 +19,51 @@
 
   subnets => {
 		ids => { 
+			'myzone-192.168.10.1-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '192.168.10.1',
+			},
+			'myzone-192.168.0.1-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '192.168.0.1',
+			},
 			'myzone-10.0.0.0-24' => {
 			    'type' => 'subnet',
 			    'vnet' => 'myvnet',
 			    'gateway' => '10.0.0.1',
 			},
+			'myzone2-10.0.0.0-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet2',
+			    'gateway' => '10.0.0.1',
+			},
+			'myzone-2b0f:1480:4000:8000::-64' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '2b0f:1480:4000:8000::1',
+			},
+			'myzone-2b0f:1480::-64' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '2b0f:1480::1',
+			},
 			'myzone2-172.16.0.0-24' => {
 			    'type' => 'subnet',
 			    'vnet' => 'myvnet2',
 			    'gateway' => '172.16.0.1',
 			},
+			'myzone2-172.16.3.0-24' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet2',
+			    'gateway' => '172.16.3.1',
+			},
+			'myzone-2b0f:1480:4000:6000::-64' => {
+			    'type' => 'subnet',
+			    'vnet' => 'myvnet',
+			    'gateway' => '2b0f:1480:4000:6000::1',
+			},
 			'myzone2-172.16.1.0-24' => {
 			    'type' => 'subnet',
 			    'vnet' => 'myvnet2',
-- 
2.39.2