From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 281D11FF142 for ; Fri, 05 Jun 2026 16:18:54 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A6CD21BA3B; Fri, 5 Jun 2026 16:18:52 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH pve-network 1/1] fix #7672: evpn zone: dont generate frr vrfs on excluded nodes Date: Fri, 5 Jun 2026 16:18:09 +0200 Message-ID: <20260605141811.269424-1-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1780669058059 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.599 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 4M5M2KUB5DDE4UOPHB2GLSHRKZHQCWRI X-Message-ID-Hash: 4M5M2KUB5DDE4UOPHB2GLSHRKZHQCWRI X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: If the main EVPN controller of a EVPN zone is restricted to specific nodes, then applying the SDN configuration still tries to generate the FRR configuration for the zone and its vnets on the excluded nodes. This is because the functions generating the FRR configuration for the VRF of the zone and the vnets does not check the 'nodes' property of the EVPN controller. Avoid this situation by checking the setting in the controller and returning early to avoid generating any configuration. Fixes: e388f01fd85469e809982e71c84cc06a781899bb Signed-off-by: Stefan Hanreich --- src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm index 4220cb67..d744e882 100644 --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -324,6 +324,11 @@ sub generate_zone_frr_config { my $local_node = PVE::INotify::nodename(); + if (defined($controller->{nodes})) { + my @nodes = PVE::Tools::split_list($controller->{nodes}); + return if !grep { $_ eq $local_node } @nodes; + } + my $vrf = "vrf_$id"; my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; my $exitnodes = $plugin_config->{'exitnodes'}; @@ -586,12 +591,18 @@ sub generate_zone_frr_config { sub generate_vnet_frr_config { my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_; + my $local_node = PVE::INotify::nodename(); + + if (defined($controller->{nodes})) { + my @nodes = PVE::Tools::split_list($controller->{nodes}); + return if !grep { $_ eq $local_node } @nodes; + } + my $exitnodes = $zone->{'exitnodes'}; my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'}; return if !$exitnodes_local_routing; - my $local_node = PVE::INotify::nodename(); my $is_gateway = $exitnodes->{$local_node}; return if !$is_gateway; -- 2.47.3