From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network v5 25/46] sdn: add route map module
Date: Tue, 5 May 2026 17:36:53 +0200 [thread overview]
Message-ID: <20260505153720.412180-26-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20260505153720.412180-1-s.hanreich@proxmox.com>
Defines helpers for common operations (reading / writing
configuration) as well as the required formats / schema definitions
for the route map API.
The Route Map ID format currently rejects all IDs that could be
auto-generated by PVE entities, to prevent accidental overrides of
built-in route maps. Instead of re-defining route maps, users can
create a new custom route map and select that in the EVPN / BGP
controller, if they want to override the auto-generated route map.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Network/SDN/Makefile | 3 +-
src/PVE/Network/SDN/RouteMaps.pm | 197 +++++++++++++++++++++++++++++++
2 files changed, 199 insertions(+), 1 deletion(-)
create mode 100644 src/PVE/Network/SDN/RouteMaps.pm
diff --git a/src/PVE/Network/SDN/Makefile b/src/PVE/Network/SDN/Makefile
index e8bed83..2a476ce 100644
--- a/src/PVE/Network/SDN/Makefile
+++ b/src/PVE/Network/SDN/Makefile
@@ -9,7 +9,8 @@ SOURCES=Vnets.pm\
Dhcp.pm\
Fabrics.pm\
Frr.pm\
- PrefixLists.pm
+ PrefixLists.pm\
+ RouteMaps.pm
PERL5DIR=${DESTDIR}/usr/share/perl5
diff --git a/src/PVE/Network/SDN/RouteMaps.pm b/src/PVE/Network/SDN/RouteMaps.pm
new file mode 100644
index 0000000..9e44546
--- /dev/null
+++ b/src/PVE/Network/SDN/RouteMaps.pm
@@ -0,0 +1,197 @@
+package PVE::Network::SDN::RouteMaps;
+
+use strict;
+use warnings;
+
+use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file cfs_write_file);
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::INotify;
+use PVE::Network::SDN;
+use PVE::RS::SDN::RouteMaps;
+
+PVE::JSONSchema::register_format(
+ 'pve-sdn-route-map-id',
+ sub {
+ my ($id, $noerr) = @_;
+
+ if ($id =~ m/^(pve_.*|MAP_VTEP_IN|MAP_VTEP_OUT|correct_src)$/) {
+ return undef if $noerr;
+ die "route map ID '$id' is currently reserved and cannot be used\n";
+ }
+
+ if ($id !~ m/^[a-zA-Z0-9][a-zA-Z0-9-_]{0,30}[a-zA-Z0-9]?$/i) {
+ return undef if $noerr;
+ die "route map ID '$id' contains illegal characters\n";
+ }
+
+ return $id;
+ },
+);
+
+our $ROUTE_MAP_MATCH_FORMAT = {
+ key => {
+ type => 'string',
+ enum => [
+ 'route-type',
+ 'vni',
+ 'ip-address-prefix-list',
+ 'ip6-address-prefix-list',
+ 'ip-next-hop-prefix-list',
+ 'ip6-next-hop-prefix-list',
+ 'ip-next-hop-address',
+ 'ip6-next-hop-address',
+ 'metric',
+ 'local-preference',
+ 'peer',
+ ],
+ },
+ value => {
+ type => 'string',
+ optional => 1,
+ description => 'value that should be matched on',
+ },
+};
+
+PVE::JSONSchema::register_standard_option(
+ 'pve-sdn-route-map-id',
+ {
+ description => "The SDN route map identifier",
+ type => 'string',
+ format => 'pve-sdn-route-map-id',
+ },
+);
+
+PVE::JSONSchema::register_standard_option(
+ 'pve-sdn-route-map-order',
+ {
+ description => 'The index of this route map entry',
+ type => 'integer',
+ minimum => 0,
+ maximum => 2**32 - 1,
+ },
+);
+
+cfs_register_file(
+ 'sdn/route-maps.cfg', \&parse_route_maps_config, \&write_route_maps_config,
+);
+
+sub parse_route_maps_config {
+ my ($filename, $raw) = @_;
+ return $raw // '';
+}
+
+sub write_route_maps_config {
+ my ($filename, $config) = @_;
+ return $config // '';
+}
+
+sub config {
+ my ($running) = @_;
+
+ if ($running) {
+ my $running_config = PVE::Network::SDN::running_config();
+
+ # if the config hasn't yet been applied after the introduction of
+ # route maps then the key does not exist in the running config so we
+ # default to an empty hash
+ my $route_maps_config = $running_config->{'route-maps'}->{ids} // {};
+ return PVE::RS::SDN::RouteMaps->running_config($route_maps_config);
+ }
+
+ my $route_map_config = cfs_read_file("sdn/route-maps.cfg");
+ return PVE::RS::SDN::RouteMaps->config($route_map_config);
+}
+
+sub write_config {
+ my ($config) = @_;
+ cfs_write_file("sdn/route-maps.cfg", $config->to_raw(), 1);
+}
+
+sub route_map_properties {
+ my ($update) = @_;
+
+ my $properties = {
+ 'route-map-id' => get_standard_option('pve-sdn-route-map-id'),
+ 'order' => get_standard_option('pve-sdn-route-map-order'),
+ digest => get_standard_option('pve-config-digest'),
+ action => {
+ description => 'Matching policy of a route map entry.',
+ type => 'string',
+ enum => ['permit', 'deny'],
+ optional => $update,
+ },
+ set => {
+ type => 'array',
+ items => {
+ type => 'string',
+ format => {
+ key => {
+ type => 'string',
+ enum => [
+ 'ip-next-hop-peer-address',
+ 'ip-next-hop',
+ 'ip-next-hop-unchanged',
+ 'ip6-next-hop-peer-address',
+ 'ip6-next-hop-prefer-global',
+ 'ip6-next-hop',
+ 'local-preference',
+ 'tag',
+ 'weight',
+ 'metric',
+ 'src',
+ ],
+ },
+ value => {
+ type => 'string',
+ optional => 1,
+ description => 'value that should be set to',
+ },
+ },
+ },
+ optional => 1,
+ },
+ match => {
+ type => 'array',
+ items => {
+ type => 'string',
+ format => $ROUTE_MAP_MATCH_FORMAT,
+ },
+ optional => 1,
+ },
+ 'exit-action' => {
+ type => 'string',
+ format => {
+ key => {
+ type => 'string',
+ enum => [
+ 'on-match-goto', 'on-match-next', 'continue',
+ ],
+ },
+ value => {
+ type => 'string',
+ optional => 1,
+ description => 'type of exit action',
+ },
+ },
+ optional => 1,
+ },
+ call => get_standard_option('pve-sdn-route-map-id', {
+ optional => 1,
+ }),
+ };
+
+ if ($update) {
+ $properties->{delete} = {
+ type => 'array',
+ optional => 1,
+ items => {
+ type => 'string',
+ enum => ['set', 'match', 'call', 'exit-action'],
+ },
+ };
+ }
+
+ return $properties;
+}
+
+1;
--
2.47.3
next prev parent reply other threads:[~2026-05-05 15:38 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-05 15:36 [PATCH access-control/cluster/manager/network/proxmox{-ve-rs,-perl-rs} v5 00/46] Add support for route maps / prefix lists to SDN Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-cluster v5 01/46] cfs: add 'sdn/route-maps.cfg' to observed files Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-cluster v5 02/46] cfs: add 'sdn/prefix-lists.cfg' " Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-access-control v5 03/46] permissions: add ACL path for prefix-lists and route-maps Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 04/46] frr: add constructor to prefix list name Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 05/46] sdn-types: add common route-map helper types Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 06/46] frr: change order type to u16 Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 07/46] frr: implement routemap match/set statements via adjacent tagging Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 08/46] frr: implement support for call and exit action Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 09/46] frr-templates: change route maps template to adapt to new frr types Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 10/46] ve-config: fabrics: adapt frr config generation Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 11/46] ve-config: add prefix list section config Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 12/46] ve-config: frr: implement frr config generation for prefix lists Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 13/46] ve-config: add route map section config Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 14/46] ve-config: frr: implement frr config generation for route maps Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 15/46] ve-config: add prefix lists integration tests Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 16/46] ve-config: add route maps " Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 17/46] fabrics: ospf: fix deserializing OspfDeletableProperties Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 18/46] fabrics: ospf: openfabric: allow user-defined route filter Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-ve-rs v5 19/46] frr: fabrics: apply route_filter setting Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-perl-rs v5 20/46] pve-rs: sdn: add route maps module Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-perl-rs v5 21/46] pve-rs: sdn: add prefix lists module Stefan Hanreich
2026-05-05 15:36 ` [PATCH proxmox-perl-rs v5 22/46] sdn: add prefix list / route maps to frr config generation helper Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 23/46] controller: bgp: evpn: adapt to new match / set frr config syntax Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 24/46] sdn: add prefix lists module Stefan Hanreich
2026-05-05 15:36 ` Stefan Hanreich [this message]
2026-05-05 15:36 ` [PATCH pve-network v5 26/46] api2: add prefix list module Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 27/46] api2: add route maps module Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 28/46] api2: add route map module Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 29/46] api2: add route map entry module Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 30/46] evpn controller: add route_map_{in,out} parameter Stefan Hanreich
2026-05-05 15:36 ` [PATCH pve-network v5 31/46] bgp controller: allow configuring custom route maps Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 32/46] sdn: commit route map / prefix list configuration on sdn apply Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 33/46] sdn: frr: consider route maps and prefix lists in dry-run Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 34/46] fabrics: ospf: openfabric: add route_filter property Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 35/46] tests: add simple route map test case Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 36/46] tests: add bgp evpn route map/prefix list testcase Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 37/46] tests: add route map with prefix " Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-network v5 38/46] tests: add exit node with custom route map testcase Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 39/46] ui: sdn: add route map selector Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 40/46] ui: sdn: add prefix list selector Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 41/46] ui: sdn: add panel for managing prefix lists Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 42/46] ui: sdn: add panel for managing route map entries Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 43/46] ui: sdn: bgp controller: allow configuring route maps Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 44/46] ui: sdn: evpn " Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 45/46] ui: sdn: openfabric: add route filter Stefan Hanreich
2026-05-05 15:37 ` [PATCH pve-manager v5 46/46] ui: sdn: ospf: add route filter setting Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260505153720.412180-26-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox