From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network v3 36/44] tests: add exit node with custom route map testcase
Date: Mon, 4 May 2026 13:39:33 +0200 [thread overview]
Message-ID: <20260504113943.159905-37-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20260504113943.159905-1-s.hanreich@proxmox.com>
This testcase simulates an exit node with a custom route map. It
checks whether the stack still auto-generates the deny rules for
default routes (otherwise traffic will loop between the exit nodes
until TTL is exeeded) and only then jumps into the user-provided
custom route map.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
.../expected_controller_config | 101 ++++++++++++++++++
.../expected_sdn_interfaces | 41 +++++++
.../zones/evpn/routemap_exit_node/interfaces | 7 ++
.../zones/evpn/routemap_exit_node/sdn_config | 71 ++++++++++++
4 files changed, 220 insertions(+)
create mode 100644 src/test/zones/evpn/routemap_exit_node/expected_controller_config
create mode 100644 src/test/zones/evpn/routemap_exit_node/expected_sdn_interfaces
create mode 100644 src/test/zones/evpn/routemap_exit_node/interfaces
create mode 100644 src/test/zones/evpn/routemap_exit_node/sdn_config
diff --git a/src/test/zones/evpn/routemap_exit_node/expected_controller_config b/src/test/zones/evpn/routemap_exit_node/expected_controller_config
new file mode 100644
index 0000000..b581775
--- /dev/null
+++ b/src/test/zones/evpn/routemap_exit_node/expected_controller_config
@@ -0,0 +1,101 @@
+frr version 10.4.1
+frr defaults datacenter
+hostname localhost
+log syslog informational
+service integrated-vtysh-config
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp hard-administrative-reset
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ no bgp graceful-restart notification
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family ipv4 unicast
+ import vrf vrf_myzone
+ exit-address-family
+ !
+ address-family ipv6 unicast
+ import vrf vrf_myzone
+ exit-address-family
+ !
+ address-family l2vpn evpn
+ neighbor VTEP activate
+ neighbor VTEP route-map MAP_VTEP_IN in
+ neighbor VTEP route-map MAP_VTEP_OUT out
+ advertise-all-vni
+ exit-address-family
+exit
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
+ no bgp hard-administrative-reset
+ no bgp graceful-restart notification
+ !
+ address-family ipv4 unicast
+ redistribute connected
+ exit-address-family
+ !
+ address-family ipv6 unicast
+ redistribute connected
+ exit-address-family
+ !
+ address-family l2vpn evpn
+ default-originate ipv4
+ default-originate ipv6
+ exit-address-family
+exit
+!
+ip prefix-list only_default seq 1 permit 0.0.0.0/0
+!
+ipv6 prefix-list only_default_v6 seq 1 permit ::/0
+!
+route-map MAP_VTEP_IN deny 1
+ match ip address prefix-list only_default
+exit
+!
+route-map MAP_VTEP_IN deny 2
+ match ipv6 address prefix-list only_default_v6
+exit
+!
+route-map MAP_VTEP_IN permit 3
+ call map-in
+exit
+!
+route-map MAP_VTEP_OUT permit 1
+ call map-out
+exit
+!
+route-map map-in deny 5
+ set src 192.0.2.1
+exit
+!
+route-map map-in permit 123
+ match ip next-hop address 192.0.2.45
+ match metric 8347
+ match local-preference 8347
+ set ip next-hop 198.51.100.3
+ set local-preference 1234
+ set tag 999
+exit
+!
+route-map map-in deny 222
+ match ip next-hop address 192.0.2.45
+ match metric 8347
+ match local-preference 8347
+exit
+!
+route-map map-out permit 999
+exit
+!
+line vty
+!
diff --git a/src/test/zones/evpn/routemap_exit_node/expected_sdn_interfaces b/src/test/zones/evpn/routemap_exit_node/expected_sdn_interfaces
new file mode 100644
index 0000000..5ab3084
--- /dev/null
+++ b/src/test/zones/evpn/routemap_exit_node/expected_sdn_interfaces
@@ -0,0 +1,41 @@
+#version:1
+
+auto myvnet
+iface myvnet
+ address 10.0.0.1/24
+ bridge_ports vxlan_myvnet
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ ip-forward on
+ arp-accept on
+ vrf vrf_myzone
+
+auto vrf_myzone
+iface vrf_myzone
+ vrf-table auto
+ post-up ip route del vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+ bridge-ports vrfvx_myzone
+ bridge_stp off
+ bridge_fd 0
+ mtu 1450
+ vrf vrf_myzone
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+ vxlan-id 1000
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+ vxlan-id 100
+ vxlan-local-tunnelip 192.168.0.1
+ bridge-learning off
+ bridge-arp-nd-suppress on
+ mtu 1450
diff --git a/src/test/zones/evpn/routemap_exit_node/interfaces b/src/test/zones/evpn/routemap_exit_node/interfaces
new file mode 100644
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/evpn/routemap_exit_node/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+ address 192.168.0.1/24
+ gateway 192.168.0.254
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/src/test/zones/evpn/routemap_exit_node/sdn_config b/src/test/zones/evpn/routemap_exit_node/sdn_config
new file mode 100644
index 0000000..812c13b
--- /dev/null
+++ b/src/test/zones/evpn/routemap_exit_node/sdn_config
@@ -0,0 +1,71 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+ },
+ },
+
+ zones => {
+ ids => { myzone => { ipam => "pve", type => "evpn", controller =>
+ "evpnctl", 'vrf-vxlan' => 1000, exitnodes => { 'localhost' => 1 } } },
+ },
+ controllers => {
+ ids => { evpnctl => { type => "evpn", 'peers' =>
+ '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000",
+ 'route-map-in' => 'map-in', 'route-map-out' => 'map-out' } },
+ },
+
+ subnets => {
+ ids => { 'myzone-10.0.0.0-24' => {
+ 'type' => 'subnet',
+ 'vnet' => 'myvnet',
+ 'gateway' => '10.0.0.1',
+ }
+ }
+ },
+ 'route-maps' => {
+ ids => {
+ 'map-in_222' => {
+ id => 'map-in_222',
+ type => 'route-map-entry',
+ action => 'deny',
+ match => [
+ 'key=ip-next-hop-address,value=192.0.2.45',
+ 'key=metric,value=8347',
+ 'key=local-preference,value=8347',
+ ],
+ },
+ 'map-in_5' => {
+ id => 'map-in_5',
+ type => 'route-map-entry',
+ action => 'deny',
+ set => [
+ 'key=src,value=192.0.2.1'
+ ],
+ },
+ 'map-in_123' => {
+ id => 'map-in_123',
+ type => 'route-map-entry',
+ action => 'permit',
+ match => [
+ 'key=ip-next-hop-address,value=192.0.2.45',
+ 'key=metric,value=8347',
+ 'key=local-preference,value=8347',
+ ],
+ set => [
+ 'key=ip-next-hop,value=198.51.100.3',
+ 'key=local-preference,value=1234',
+ 'key=tag,value=999',
+ ],
+ },
+ 'map-out_999' => {
+ id => 'map-out_999',
+ type => 'route-map-entry',
+ action => 'permit',
+ }
+ }
+ }
+}
+
+
--
2.47.3
next prev parent reply other threads:[~2026-05-04 11:43 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-04 11:38 [PATCH access-control/cluster/manager/network/proxmox{-ve-rs,-perl-rs} v3 00/44] Add support for route maps / prefix lists to SDN Stefan Hanreich
2026-05-04 11:38 ` [PATCH pve-cluster v3 01/44] cfs: add 'sdn/route-maps.cfg' to observed files Stefan Hanreich
2026-05-04 11:38 ` [PATCH pve-cluster v3 02/44] cfs: add 'sdn/prefix-lists.cfg' " Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-access-control v3 03/44] permissions: add ACL path for prefix-lists and route-maps Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 04/44] frr: add constructor to prefix list name Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 05/44] sdn-types: add common route-map helper types Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 06/44] frr: change order type to u16 Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 07/44] frr: implement routemap match/set statements via adjacent tagging Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 08/44] frr: implement support for call and exit action Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 09/44] frr-templates: change route maps template to adapt to new frr types Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 10/44] ve-config: fabrics: adapt frr config generation Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 11/44] ve-config: add prefix list section config Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 12/44] ve-config: frr: implement frr config generation for prefix lists Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 13/44] ve-config: add route map section config Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 14/44] ve-config: frr: implement frr config generation for route maps Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 15/44] ve-config: add prefix lists integration tests Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-ve-rs v3 16/44] ve-config: add route maps " Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-perl-rs v3 17/44] pve-rs: sdn: add route maps module Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-perl-rs v3 18/44] pve-rs: sdn: add prefix lists module Stefan Hanreich
2026-05-04 11:39 ` [PATCH proxmox-perl-rs v3 19/44] sdn: add prefix list / route maps to frr config generation helper Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 20/44] controller: bgp: evpn: adapt to new match / set frr config syntax Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 21/44] sdn: add prefix lists module Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 22/44] sdn: add route map module Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 23/44] api2: add prefix list module Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 24/44] api2: add route maps module Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 25/44] api2: add route map module Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 26/44] api2: add route map entry module Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 27/44] evpn controller: add route_map_{in,out} parameter Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 28/44] bgp controller: allow configuring custom route maps Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 29/44] sdn: change detection for route maps / prefix lists Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 30/44] sdn: generate route map / prefix list configuration on sdn apply Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 31/44] sdn: frr: consider route maps and prefix lists in dry-run Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 32/44] fabrics: ospf: openfabric: add route_filter property Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 33/44] tests: add simple route map test case Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 34/44] tests: add bgp evpn route map/prefix list testcase Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-network v3 35/44] tests: add route map with prefix " Stefan Hanreich
2026-05-04 11:39 ` Stefan Hanreich [this message]
2026-05-04 11:39 ` [PATCH pve-manager v3 37/44] ui: sdn: add route map selector Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 38/44] ui: sdn: add prefix list selector Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 39/44] ui: sdn: add panel for managing prefix lists Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 40/44] ui: sdn: add panel for managing route map entries Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 41/44] ui: sdn: bgp controller: allow configuring route maps Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 42/44] ui: sdn: evpn " Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 43/44] ui: sdn: openfabric: add route filter Stefan Hanreich
2026-05-04 11:39 ` [PATCH pve-manager v3 44/44] ui: sdn: ospf: add route filter setting Stefan Hanreich
2026-05-04 16:37 ` superseded: [PATCH access-control/cluster/manager/network/proxmox{-ve-rs,-perl-rs} v3 00/44] Add support for route maps / prefix lists to SDN Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260504113943.159905-37-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox