From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 63F701FF14C for ; Fri, 15 May 2026 12:25:47 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8EB1518AC2; Fri, 15 May 2026 12:25:42 +0200 (CEST) From: Hannes Laimer To: pve-devel@lists.proxmox.com Subject: [PATCH docs/manager/network/proxmox{-ve-rs,-perl-rs} v6 0/9] sdn: add BGP fabric Date: Fri, 15 May 2026 12:24:51 +0200 Message-ID: <20260515102500.216264-1-h.laimer@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778840699216 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.082 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: CJRDRDHBNLXY2QASMM2X63LOYMWN3OKM X-Message-ID-Hash: CJRDRDHBNLXY2QASMM2X63LOYMWN3OKM X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This patch series adds BGP as a third fabric protocol alongside OpenFabric and OSPF. It targets eBGP unnumbered underlays where each node has a unique ASN and peers over physical interfaces without IP assignment on fabric links. ## Dependencies This series is based on the wireguard, evpn, and ospf-redist series ([3]-[5]). ## eBGP underlay Each node gets its own ASN (e.g. 65001, 65002, 65003) and peers with its neighbors using 'remote-as external' on unnumbered interfaces. The fabric peer-group is named after the fabric ID and uses BFD when enabled. ## EVPN overlay When the EVPN controller references a BGP fabric, VTEP sessions are iBGP, consistent with how EVPN operates on OSPF and OpenFabric fabrics. The per-node ASN is applied via 'local-as' on the underlay neighbor group. ## Single BGP process FRR allows only one BGP instance per VRF, so the fabric underlay and the EVPN overlay coexist in one 'router bgp' instance. The fabric generates its own BgpRouter and merges into the existing one via merge_fabric(), appending neighbor groups and address families without overwriting EVPN settings. ## IPv6-only support For nodes with only an IPv6 address, the BGP router-id (which must be a 32-bit value) is derived from the IPv6 address using FNV-1a hashing. ### Testing results for hash collisions Scattered /64 n=1000 unique=1000 collisions=0 worst=1 Scattered /64 n=10000 unique=10000 collisions=0 worst=1 Scattered /64 n=100000 unique=99997 collisions=3 worst=2 Sequential /64 n=1000 unique=1000 collisions=0 worst=1 Sequential /64 n=10000 unique=10000 collisions=0 worst=1 Sequential /64 n=100000 unique=100000 collisions=0 worst=1 Spaced /64 (step 256) n=1000 unique=1000 collisions=0 worst=1 Spaced /64 (step 256) n=10000 unique=10000 collisions=0 worst=1 Spaced /64 (step 256) n=100000 unique=100000 collisions=0 worst=1 Sparse multi-/48 n=1000 unique=1000 collisions=0 worst=1 Sparse multi-/48 n=10000 unique=10000 collisions=0 worst=1 Sparse multi-/48 n=100000 unique=100000 collisions=0 worst=1 Only the random assignment in a /64 prefix caused a tiny amount of collisions, and having 100k routers with randomly assigned IPs is not really typical. So FNV-1a does seem like a good choice here. (generally I'm open to alternative approaches for getting router-ids on nodes with no ipv4 ips) Thanks a lot @Stefan for the base of this series! v6: - rebased on top of current master, and not-applied parts of series this is based - reject coexistence of legacy BGP controller and BGP fabric on create and update of either side v5, thanks @Stefan for the feedback on v4!: - renamed AddressFamilies::merge() to extend() to mirror std::Vec naming - replaced the hand-rolled ASN deserializer with proxmox_serde::perl::deserialize_u32 - set VTYSH_HISTFILE=/dev/null on the BGP vtysh invocations to avoid polluting vtysh history - added labelWidth: 120 to the route-map / route-filter selectors in the BGP fabric edit panel so all input fields line up with the BFD checkbox - rebased onto latest versions of wireguard, evpn and ospf redist - include [6] in the series, only sent separately cause I forgot to include it in v4 - did not include `AsRef` for ASN (opposed to what I answered on the mail), because it is currently only accessed once, and there we don't need a ref... v4: - split route-map: `pve_bgp` (zebra `ip protocol bgp` filter) for set-src + catch-all, `pve_bgp__in` (per-fabric peer-inbound) for filtering - added `accept-ra 0` and `ip6-forward 1` on BGP fabric interfaces - dropped v3's patch 6/8 (EVPN underlay prefix check) - dropped the `router_id` field references. With prefixes always present, the router-id is always derivable - rebase onto the latest versions of the route-maps[3]/wireguard[4]/evpn[5]/ospf-route-dist[6] series v3, thanks @Gabriel and @Stefan for the (mostly off-list) feedback on v2!: - fixed exit-node routing: moved the set-src route-map from `ip protocol bgp` to the fabric peer-group's inbound direction, so EVPN VRF imports aren't dropped by the filter's implicit deny - renamed the route-map to be per-fabric (pve_bgp_) - added optional router_id field on BGP nodes (required when the fabric has no prefix), enabling prefix-less BGP fabrics - dropped the per-node ASN uniqueness check - ui: show `router_id` field only when the fabric has no prefix v2, thanks @Gabriel and @Stefan for the (off-list) feedback on v1!: - switched EVPN overlay from eBGP to iBGP - rebased onto Stefan's evpn[1]/route-maps[2] series - made LocalAsSettings fields pub (needed for Rust-side construction) - added router-id collision validation for IPv6-only nodes - added docs section [1] https://lore.proxmox.com/pve-devel/20260414163315.419384-1-s.hanreich@proxmox.com/ [2] https://lore.proxmox.com/pve-devel/20260401143957.386809-1-s.hanreich@proxmox.com/ [3] https://lore.proxmox.com/pve-devel/20260512173145.596958-1-s.hanreich@proxmox.com/ [4] https://lore.proxmox.com/pve-devel/20260504162501.425135-1-s.hanreich@proxmox.com/ [5] https://lore.proxmox.com/pve-devel/20260504163157.429628-1-s.hanreich@proxmox.com/ [6] https://lore.proxmox.com/pve-devel/20260512155024.311919-1-h.laimer@proxmox.com/T/#u proxmox-ve-rs: Stefan Hanreich (1): sdn: fabric: add BGP protocol support proxmox-frr/src/ser/bgp.rs | 87 ++++- proxmox-ve-config/src/sdn/fabric/frr.rs | 304 +++++++++++++++++- proxmox-ve-config/src/sdn/fabric/mod.rs | 169 +++++++++- .../src/sdn/fabric/section_config/fabric.rs | 22 ++ .../src/sdn/fabric/section_config/mod.rs | 21 +- .../src/sdn/fabric/section_config/node.rs | 21 ++ .../sdn/fabric/section_config/protocol/bgp.rs | 287 +++++++++++++++++ .../sdn/fabric/section_config/protocol/mod.rs | 1 + .../tests/fabric/cfg/bgp_default/fabrics.cfg | 17 + .../fabric/cfg/bgp_ipv6_only/fabrics.cfg | 17 + proxmox-ve-config/tests/fabric/main.rs | 119 ++++++- .../snapshots/fabric__bgp_default_pve.snap | 36 +++ .../snapshots/fabric__bgp_default_pve1.snap | 35 ++ .../snapshots/fabric__bgp_ipv6_only_pve.snap | 37 +++ .../snapshots/fabric__bgp_ipv6_only_pve1.snap | 36 +++ .../fabric__bgp_merge_with_evpn_pve.snap | 42 +++ 16 files changed, 1238 insertions(+), 13 deletions(-) create mode 100644 proxmox-ve-config/src/sdn/fabric/section_config/protocol/bgp.rs create mode 100644 proxmox-ve-config/tests/fabric/cfg/bgp_default/fabrics.cfg create mode 100644 proxmox-ve-config/tests/fabric/cfg/bgp_ipv6_only/fabrics.cfg create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_default_pve.snap create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_default_pve1.snap create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_ipv6_only_pve.snap create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_ipv6_only_pve1.snap create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_merge_with_evpn_pve.snap proxmox-perl-rs: Hannes Laimer (1): sdn: fabrics: add BGP status endpoints Stefan Hanreich (1): sdn: fabrics: add BGP config generation pve-rs/src/bindings/sdn/fabrics.rs | 129 ++++++++++++++++++++++++++++- pve-rs/src/sdn/status.rs | 106 +++++++++++++++++++++++- 2 files changed, 231 insertions(+), 4 deletions(-) pve-network: Hannes Laimer (4): sdn: fabrics: register bgp as a fabric protocol type sdn: forbid BGP controller and BGP fabric coexistence sdn: evpn: support eBGP VTEPs over BGP fabric underlays test: evpn: add integration test for EVPN over BGP fabric src/PVE/API2/Network/SDN/Fabrics/Fabric.pm | 10 +++ src/PVE/Network/SDN/Controllers/BgpPlugin.pm | 9 ++ src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 +++++- src/PVE/Network/SDN/Fabrics.pm | 63 +++++++++++++- src/PVE/Network/SDN/RouteMaps.pm | 15 ++++ .../bgp_fabric/expected_controller_config | 73 ++++++++++++++++ .../evpn/bgp_fabric/expected_sdn_interfaces | 60 +++++++++++++ src/test/zones/evpn/bgp_fabric/interfaces | 6 ++ src/test/zones/evpn/bgp_fabric/sdn_config | 85 +++++++++++++++++++ 9 files changed, 344 insertions(+), 3 deletions(-) create mode 100644 src/test/zones/evpn/bgp_fabric/expected_controller_config create mode 100644 src/test/zones/evpn/bgp_fabric/expected_sdn_interfaces create mode 100644 src/test/zones/evpn/bgp_fabric/interfaces create mode 100644 src/test/zones/evpn/bgp_fabric/sdn_config pve-manager: Hannes Laimer (1): ui: sdn: add BGP fabric support www/manager6/Makefile | 3 + www/manager6/sdn/FabricsView.js | 12 ++++ www/manager6/sdn/fabrics/FabricEdit.js | 12 +++- www/manager6/sdn/fabrics/NodeEdit.js | 1 + www/manager6/sdn/fabrics/bgp/FabricEdit.js | 70 +++++++++++++++++++ .../sdn/fabrics/bgp/InterfacePanel.js | 15 ++++ www/manager6/sdn/fabrics/bgp/NodeEdit.js | 23 ++++++ 7 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 www/manager6/sdn/fabrics/bgp/FabricEdit.js create mode 100644 www/manager6/sdn/fabrics/bgp/InterfacePanel.js create mode 100644 www/manager6/sdn/fabrics/bgp/NodeEdit.js pve-docs: Hannes Laimer (1): sdn: add bgp fabric section pvesdn.adoc | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) Summary over all repositories: 35 files changed, 2049 insertions(+), 23 deletions(-) -- Generated by murpp 0.11.0