From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network v2 06/18] evpn controller: allow multiple evpn controllers in a cluster
Date: Mon, 4 May 2026 18:24:45 +0200 [thread overview]
Message-ID: <20260504162501.425135-7-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20260504162501.425135-1-s.hanreich@proxmox.com>
Previously it was only possible to define one global EVPN controller
in a cluster, which represented a single peer-group - VTEP. This patch
allows defining multiple EVPN controllers in a cluster. One can think
of one EVPN controller as mapping to a single peer-group. This patch
series adds the possibility of defining multiple peer-groups.
In order to enable this change, introduce a new setting in the EVPN
controller 'peer-group-name'. Since it was only possible to create a
single EVPN controller in the entire cluster, the FRR config
generation generated a single peer group with a hard-coded name. To
allow defining multiple peer-groups and preserve
backwards-compatibility, a custom peer group name needs to be defined
explicitly for each additional controller. The setting is optional and
the peer group name defaults to 'VTEP' if unset, in order to avoid
breaking backwards-compatibility with custom FRR configurations.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Reviewed-by: Hannes Laimer <h.laimer@proxmox.com>
---
src/PVE/API2/Network/SDN/Controllers.pm | 5 ++
src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 68 +++++++++++++------
2 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/src/PVE/API2/Network/SDN/Controllers.pm b/src/PVE/API2/Network/SDN/Controllers.pm
index 8633e45..49951a3 100644
--- a/src/PVE/API2/Network/SDN/Controllers.pm
+++ b/src/PVE/API2/Network/SDN/Controllers.pm
@@ -94,6 +94,11 @@ my $CONTROLLER_PROPERTIES = {
format => 'pve-sdn-isis-net',
},
nodes => get_standard_option('pve-node-list', { optional => 1 }),
+ 'peer-group-name' => {
+ description => "Name of the peer group for this EVPN controller",
+ type => 'string',
+ optional => 1,
+ },
};
__PACKAGE__->register_method({
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 4c2891c..67046da 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -38,6 +38,12 @@ sub properties {
format => 'ip-list',
},
nodes => get_standard_option('pve-node-list', { optional => 1 }),
+ 'peer-group-name' => {
+ description => "Name of the peer group for this EVPN controller",
+ type => 'string',
+ optional => 1,
+ default => 'VTEP',
+ },
};
}
@@ -49,6 +55,7 @@ sub options {
'route-map-in' => { optional => 1 },
'route-map-out' => { optional => 1 },
'nodes' => { optional => 1 },
+ 'peer-group-name' => { optional => 1 },
};
}
@@ -147,11 +154,13 @@ sub generate_frr_config {
$bgp_router->{address_families} = {};
}
+ my $peer_group_name = $plugin_config->{'peer-group-name'} // 'VTEP';
+
# Build VTEP neighbor group
my @vtep_ips = grep { $_ ne $ifaceip } @peers;
my $neighbor_group = {
- name => "VTEP",
+ name => $peer_group_name,
bfd => 1,
remote_as => $ebgp ? "external" : $asn,
ips => \@vtep_ips,
@@ -164,28 +173,37 @@ sub generate_frr_config {
# Configure l2vpn evpn address family
$bgp_router->{address_families}->{l2vpn_evpn} //= {
- neighbors => [{
- name => "VTEP",
- route_map_in => 'MAP_VTEP_IN',
- route_map_out => 'MAP_VTEP_OUT',
- }],
+ neighbors => [],
advertise_all_vni => 1,
};
+ my $route_map_in = 'MAP_VTEP_IN';
+ $route_map_in .= "_$peer_group_name" if $plugin_config->{'peer-group-name'};
+
+ my $route_map_out = 'MAP_VTEP_OUT';
+ $route_map_out .= "_$peer_group_name" if $plugin_config->{'peer-group-name'};
+
+ push $bgp_router->{address_families}->{l2vpn_evpn}->{neighbors}->@*,
+ {
+ name => $peer_group_name,
+ route_map_in => $route_map_in,
+ route_map_out => $route_map_out,
+ };
+
$bgp_router->{address_families}->{l2vpn_evpn}->{autort_as} = $autortas if $autortas;
- if (!$config->{frr}->{routemaps}->{'MAP_VTEP_IN'}) {
+ if (!$config->{frr}->{routemaps}->{$route_map_in}) {
my $entry = { seq => 1, action => "permit" };
$entry->{call} = $plugin_config->{'route-map-in'} if $plugin_config->{'route-map-in'};
- push($config->{frr}->{routemaps}->{'MAP_VTEP_IN'}->@*, $entry);
+ push($config->{frr}->{routemaps}->{$route_map_in}->@*, $entry);
}
- if (!$config->{frr}->{routemaps}->{'MAP_VTEP_OUT'}) {
+ if (!$config->{frr}->{routemaps}->{$route_map_out}) {
my $entry = { seq => 1, action => "permit" };
$entry->{call} = $plugin_config->{'route-map-out'} if $plugin_config->{'route-map-out'};
- push($config->{frr}->{routemaps}->{'MAP_VTEP_OUT'}->@*, $entry);
+ push($config->{frr}->{routemaps}->{$route_map_out}->@*, $entry);
}
return $config;
@@ -343,6 +361,12 @@ sub generate_zone_frr_config {
{ seq => 1, action => 'permit', network => '::/0', is_ipv6 => 1 },
) if !defined($config->{frr}->{prefix_lists}->{only_default_v6});
+ my $route_map_in = 'MAP_VTEP_IN';
+ $route_map_in .= "_$controller->{'peer-group-name'}" if $controller->{'peer-group-name'};
+
+ my $route_map_out = 'MAP_VTEP_OUT';
+ $route_map_out .= "_$controller->{'peer-group-name'}" if $controller->{'peer-group-name'};
+
if (!$exitnodes_primary || $exitnodes_primary eq $local_node) {
# Filter default route coming from other exit nodes on primary node
my $routemap_config_v6 = {
@@ -351,7 +375,7 @@ sub generate_zone_frr_config {
};
my $routemap_v6 = { seq => 1, matches => [$routemap_config_v6], action => "deny" };
unshift(
- @{ $config->{frr}->{routemaps}->{'MAP_VTEP_IN'} }, $routemap_v6,
+ @{ $config->{frr}->{routemaps}->{$route_map_in} }, $routemap_v6,
);
my $routemap_config = {
@@ -359,7 +383,7 @@ sub generate_zone_frr_config {
value => 'only_default',
};
my $routemap = { seq => 1, matches => [$routemap_config], action => "deny" };
- unshift(@{ $config->{frr}->{routemaps}->{'MAP_VTEP_IN'} }, $routemap);
+ unshift(@{ $config->{frr}->{routemaps}->{$route_map_in} }, $routemap);
} elsif ($exitnodes_primary ne $local_node) {
my $routemap_config_v6 = {
@@ -373,7 +397,7 @@ sub generate_zone_frr_config {
action => "permit",
};
unshift(
- @{ $config->{frr}->{routemaps}->{'MAP_VTEP_OUT'} }, $routemap_v6,
+ @{ $config->{frr}->{routemaps}->{$route_map_out} }, $routemap_v6,
);
my $routemap_config = {
@@ -386,7 +410,7 @@ sub generate_zone_frr_config {
sets => [{ key => 'metric', value => "200" }],
action => "permit",
};
- unshift(@{ $config->{frr}->{routemaps}->{'MAP_VTEP_OUT'} }, $routemap);
+ unshift(@{ $config->{frr}->{routemaps}->{$route_map_out} }, $routemap);
}
if (!$exitnodes_local_routing) {
@@ -493,18 +517,20 @@ sub on_delete_hook {
sub on_update_hook {
my ($class, $controllerid, $controller_cfg) = @_;
- # we can only have 1 evpn controller / 1 asn by server
+ my $controller = $controller_cfg->{ids}->{$controllerid};
- my $controllernb = 0;
foreach my $id (keys %{ $controller_cfg->{ids} }) {
next if $id eq $controllerid;
- my $controller = $controller_cfg->{ids}->{$id};
- next if $controller->{type} ne "evpn";
- $controllernb++;
- die "only 1 global evpn controller can be defined" if $controllernb >= 1;
+ my $other_controller = $controller_cfg->{ids}->{$id};
+ next if $other_controller->{type} ne "evpn";
+
+ my $peer_group_name_self = $controller->{'peer-group-name'} // 'VTEP';
+ my $peer_group_name_other = $other_controller->{'peer-group-name'} // 'VTEP';
+
+ die "cannot have two controllers with same peer-group-name configured ($peer_group_name_self)"
+ if $peer_group_name_self eq $peer_group_name_other;
}
- my $controller = $controller_cfg->{ids}->{$controllerid};
my $route_map_config = PVE::Network::SDN::RouteMaps::config(0);
if ($controller->{'route-map-in'}) {
--
2.47.3
next prev parent reply other threads:[~2026-05-04 16:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-04 16:24 [PATCH docs/manager/network/proxmox-ve-rs v2 00/18] Extend EVPN controller functionality Stefan Hanreich
2026-05-04 16:24 ` [PATCH proxmox-ve-rs v2 01/18] frr: add local-as setting Stefan Hanreich
2026-05-04 16:24 ` [PATCH proxmox-ve-rs v2 02/18] frr: add support for extcommunity lists Stefan Hanreich
2026-05-04 16:24 ` [PATCH proxmox-ve-rs v2 03/18] frr-templates: render local-as setting Stefan Hanreich
2026-05-04 16:24 ` [PATCH proxmox-ve-rs v2 04/18] frr-templates: render community lists in templates Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 05/18] evpn controller: make nodes configurable Stefan Hanreich
2026-05-04 16:24 ` Stefan Hanreich [this message]
2026-05-04 16:24 ` [PATCH pve-network v2 07/18] evpn controller: add bgp-mode setting Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 08/18] evpn zone: add secondary-controllers and rt filtering Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 09/18] evpn controller: add ebgp-multihop setting Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 10/18] test: evpn: add test for ibgp + ebgp evpn controller Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 11/18] test: evpn: add legacy test Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 12/18] tests: add rt_import test case when using multiple evpn controllers Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 13/18] " Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 14/18] tests: evpn: force ibgp over ebgp bgp controller with ebgp wan session Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-network v2 15/18] tests: test route filtering mechanism with multiple zones/controllers Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-manager v2 16/18] sdn: evpn: zone: controller: add new advanced fields Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-docs v2 17/18] sdn: evpn: document new zone / controller options Stefan Hanreich
2026-05-04 16:24 ` [PATCH pve-docs v2 18/18] sdn: fix typo in bgp controller Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260504162501.425135-7-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox