[pve-devel] [PATCH proxmox-perl-rs 07/10] pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn

[Stefan Hanreich <s.hanreich@proxmox.com>]

From: Gabriel Goller <g.goller@proxmox.com>

Add functions to get the l3vpn and l2vpn routes from frr so that we can
display them in the ui in the evpn zone content view. L3vpn route
retrieval is quite easy, we just get the routes that are in a specific
vrf (the vrf of the zone) (we could do this with iproute2, but we use
vtysh so that we can get all nexthops). For l2vpn we could also use
`bridge fdb`, but then we don't get the VNI and the ip address
associated to the l2vpn route distributed by EVPN. In order to get all
the information we show all the type2 routes that EVPN receives and get
the mac and ip address of them. We also filter by installed and bestpath
so we only display the installed and best routes.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 pve-rs/src/bindings/sdn/fabrics.rs | 53 ++++++++++++++++-
 pve-rs/src/sdn/status.rs           | 93 +++++++++++++++++++++++++++++-
 2 files changed, 144 insertions(+), 2 deletions(-)

diff --git a/pve-rs/src/bindings/sdn/fabrics.rs b/pve-rs/src/bindings/sdn/fabrics.rs
index dcd5bcc..a1f056d 100644
--- a/pve-rs/src/bindings/sdn/fabrics.rs
+++ b/pve-rs/src/bindings/sdn/fabrics.rs
@@ -12,7 +12,7 @@ pub mod pve_rs_sdn_fabrics {
     use std::process::Command;
     use std::sync::Mutex;
 
-    use anyhow::{Context, Error};
+    use anyhow::{Context, Error, format_err};
     use openssl::hash::{MessageDigest, hash};
     use serde::{Deserialize, Serialize};
 
@@ -22,6 +22,7 @@ pub mod pve_rs_sdn_fabrics {
     use proxmox_section_config::typed::SectionConfigData;
     use proxmox_ve_config::common::valid::{Valid, Validatable};
 
+    use proxmox_ve_config::sdn::config::{SdnConfig, ZoneConfig};
     use proxmox_ve_config::sdn::fabric::section_config::Section;
     use proxmox_ve_config::sdn::fabric::section_config::fabric::{
         Fabric as ConfigFabric, FabricId,
@@ -662,4 +663,54 @@ pub mod pve_rs_sdn_fabrics {
 
         status::get_status(config, route_status)
     }
+
+    /// Get all the L3 routes for the passed zone.
+    ///
+    /// Every zone has a vrf named `vrf_{zone}`. Show all the L3 (IP) routes on the VRF of the
+    /// zone.
+    #[export]
+    fn l3vpn_routes(zone: String) -> Result<status::L3VPNRoutes, Error> {
+        let command = format!("vtysh -c 'show ip route vrf vrf_{zone} json'");
+        let l3vpn_routes_string =
+            String::from_utf8(Command::new("sh").args(["-c", &command]).output()?.stdout)?;
+        let l3vpn_routes: proxmox_frr::de::Routes = if l3vpn_routes_string.is_empty() {
+            proxmox_frr::de::Routes::default()
+        } else {
+            serde_json::from_str(&l3vpn_routes_string)
+                .with_context(|| "error parsing l3vpn routes")?
+        };
+
+        status::get_l3vpn_routes(&format!("vrf_{zone}"), l3vpn_routes)
+    }
+
+    /// Get all the L2 routes for the passed vnet.
+    ///
+    /// When using VXLAN the vnet "stores" the L2 routes in it's FDB. The best way to retrieve them
+    /// with additional metadata is to query FRR. Use the `show bgp l2vpn evpn route` command.
+    /// To filter by vnet, get the VNI of the vnet from the config and use it in the command.
+    #[export]
+    fn l2vpn_routes(vnet: String) -> Result<status::L2VPNRoutes, Error> {
+        // read config to get the vni of the vnet
+        let raw_config = std::fs::read_to_string("/etc/pve/sdn/.running-config")?;
+        let running_config: proxmox_ve_config::sdn::config::RunningConfig =
+            serde_json::from_str(&raw_config)?;
+        let parsed_config = SdnConfig::try_from(running_config)?;
+
+        let vni = parsed_config
+            .zones()
+            .flat_map(ZoneConfig::vnets)
+            .find(|vnet_config| vnet_config.name().as_ref() == vnet)
+            .ok_or_else(|| format_err!("could not find vnet {vnet}"))?
+            .tag()
+            .ok_or_else(|| format_err!("vnet {vnet} has no tag"))?;
+
+        let command = format!("vtysh -c 'show bgp l2vpn evpn route vni {vni} type 2 json'");
+        let l2vpn_routes_string =
+            String::from_utf8(Command::new("sh").args(["-c", &command]).output()?.stdout)?;
+
+        let routes = serde_json::from_str(&l2vpn_routes_string)
+            .with_context(|| "error parsing l2vpn routes")?;
+
+        status::get_l2vpn_routes(routes)
+    }
 }
diff --git a/pve-rs/src/sdn/status.rs b/pve-rs/src/sdn/status.rs
index c04a0c1..0c9dc0f 100644
--- a/pve-rs/src/sdn/status.rs
+++ b/pve-rs/src/sdn/status.rs
@@ -1,6 +1,8 @@
 use std::collections::{BTreeMap, HashMap, HashSet};
+use std::net::IpAddr;
 
-use proxmox_section_config::typed::SectionConfigData;
+use proxmox_network_types::ip_address::Cidr;
+use proxmox_network_types::mac_address::MacAddress;
 use serde::{Deserialize, Serialize};
 
 use proxmox_frr::de::{self};
@@ -138,3 +140,92 @@ pub fn get_status(
 
     Ok(stats)
 }
+/// Common for nexthops, they can be either a interface name or a ip addr
+#[derive(Debug, Serialize)]
+#[serde(untagged)]
+pub enum IpAddrOrInterfaceName {
+    /// IpAddr
+    IpAddr(IpAddr),
+    /// Interface Name
+    InterfaceName(String),
+}
+
+/// One L3VPN route
+#[derive(Debug, Serialize)]
+pub struct L3VPNRoute {
+    ip: Cidr,
+    protocol: String,
+    metric: i32,
+    nexthops: Vec<IpAddrOrInterfaceName>,
+}
+
+/// All L3VPN routes of a zone
+#[derive(Debug, Serialize)]
+pub struct L3VPNRoutes(Vec<L3VPNRoute>);
+
+/// Convert parsed routes from frr into l3vpn routes, this means we need to match against the vrf
+/// name of the zone.
+pub fn get_l3vpn_routes(vrf: &str, routes: de::Routes) -> Result<L3VPNRoutes, anyhow::Error> {
+    let mut result = Vec::new();
+    for (prefix, routes) in routes.0 {
+        for route in routes {
+            if route.vrf_name == vrf && route.installed.unwrap_or_default() {
+                result.push(L3VPNRoute {
+                    ip: prefix,
+                    metric: route.metric,
+                    protocol: route.protocol,
+                    nexthops: route
+                        .nexthops
+                        .into_iter()
+                        .filter_map(|nh| {
+                            if nh.duplicate.unwrap_or_default() {
+                                return None;
+                            }
+
+                            nh.ip.map(IpAddrOrInterfaceName::IpAddr).or_else(|| {
+                                nh.interface_name.map(IpAddrOrInterfaceName::InterfaceName)
+                            })
+                        })
+                        .collect(),
+                });
+            }
+        }
+    }
+    Ok(L3VPNRoutes(result))
+}
+
+/// One L2VPN route
+#[derive(Debug, Serialize)]
+pub struct L2VPNRoute {
+    mac: MacAddress,
+    ip: IpAddr,
+    nexthop: IpAddr,
+}
+
+/// All L2VPN routes of a specific vnet
+#[derive(Debug, Serialize)]
+pub struct L2VPNRoutes(Vec<L2VPNRoute>);
+
+/// Convert the parsed frr evpn struct into an array of structured L2VPN routes
+pub fn get_l2vpn_routes(routes: de::evpn::Routes) -> Result<L2VPNRoutes, anyhow::Error> {
+    let mut result = Vec::new();
+    for route in routes.0.values() {
+        if let de::evpn::Entry::Route(r) = route {
+            r.paths.iter().flatten().for_each(|path| {
+                if path.bestpath.unwrap_or_default() {
+                    if let (Some(mac), Some(ip), Some(nh)) =
+                        (path.mac, path.ip, path.nexthops.first())
+                    {
+                        result.push(L2VPNRoute {
+                            mac,
+                            ip,
+                            nexthop: nh.ip,
+                        });
+                    }
+                }
+            });
+        }
+    }
+
+    Ok(L2VPNRoutes(result))
+}
-- 
2.47.3


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel