public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Gabriel Goller <g.goller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH network] sdn: vxlan: always set local tunnel IP
Date: Thu,  2 Jul 2026 16:33:47 +0200	[thread overview]
Message-ID: <20260702143349.252142-1-g.goller@proxmox.com> (raw)

Frr 10.6 changed the evpn advertise-all-vni handling and no longer
falls back to the BGP router-id to derive the local vtep address for
vxlan interfaces without an explicit local tunnel IP.

This breaks setups where an evpn controller is used together with a
vxlan zone to get plain L2VNIs. In that setup, the vxlan zone creates
the linux vxlan devices, while the evpn controller advertises them
via frr's advertise-all-vni. Without a local vxlan tunnel IP on the
interface, frr 10.6 cannot reliably determine the local vtep address and
the VNI is not advertised/handled correctly.

Explicitly emit the ifupdown2 `vxlan-local-tunnelip` stanza for vxlan
zones, using the local peer/fabric underlay address that is already
determined while generating the zone configuration. Fail generation if
no local tunnel IP can be determined, since generating such an interface
would result in a broken evpn/vxlan setup with current frr.

evpn zones already emit `vxlan-local-tunnelip` for their vxlan devices
when the local vtep address is known.

Fixes: #7766.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
 src/PVE/Network/SDN/Zones/VxlanPlugin.pm                   | 4 ++++
 src/test/zones/vxlan/basic/expected_sdn_interfaces         | 1 +
 src/test/zones/vxlan/ipv6/expected_sdn_interfaces          | 1 +
 src/test/zones/vxlan/vlanawarevnet/expected_sdn_interfaces | 1 +
 src/test/zones/vxlan/vxlanport/expected_sdn_interfaces     | 1 +
 5 files changed, 8 insertions(+)

diff --git a/src/PVE/Network/SDN/Zones/VxlanPlugin.pm b/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
index a40826153d9c..b1bd56db6ea9 100644
--- a/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/VxlanPlugin.pm
@@ -117,6 +117,9 @@ sub generate_sdn_config {
         die "neither peers nor fabric configured for VXLAN zone $plugin_config->{id}";
     }
 
+    die "could not determine local tunnel IP for VXLAN zone $zoneid"
+        if !$ifaceip;
+
     my $mtu = 1450;
     if ($iface) {
         $mtu = $interfaces_config->{$iface}->{mtu} - 50 if $interfaces_config->{$iface}->{mtu};
@@ -126,6 +129,7 @@ sub generate_sdn_config {
     #vxlan interface
     my @iface_config = ();
     push @iface_config, "vxlan-id $tag";
+    push @iface_config, "vxlan-local-tunnelip $ifaceip";
 
     for my $address (sort @peers) {
         next if $address eq $ifaceip;
diff --git a/src/test/zones/vxlan/basic/expected_sdn_interfaces b/src/test/zones/vxlan/basic/expected_sdn_interfaces
index 7b73c3e3ca60..ed6869dfa9e6 100644
--- a/src/test/zones/vxlan/basic/expected_sdn_interfaces
+++ b/src/test/zones/vxlan/basic/expected_sdn_interfaces
@@ -10,6 +10,7 @@ iface myvnet
 auto vxlan_myvnet
 iface vxlan_myvnet
 	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
 	vxlan_remoteip 192.168.0.2
 	vxlan_remoteip 192.168.0.3
 	mtu 1450
diff --git a/src/test/zones/vxlan/ipv6/expected_sdn_interfaces b/src/test/zones/vxlan/ipv6/expected_sdn_interfaces
index 032ab991826c..14354f61f923 100644
--- a/src/test/zones/vxlan/ipv6/expected_sdn_interfaces
+++ b/src/test/zones/vxlan/ipv6/expected_sdn_interfaces
@@ -10,6 +10,7 @@ iface myvnet
 auto vxlan_myvnet
 iface vxlan_myvnet
 	vxlan-id 100
+	vxlan-local-tunnelip 2a08:2200:100:1::10
 	vxlan_remoteip 2a08:2200:100:1::11
 	vxlan_remoteip 2a08:2200:100:1::12
 	mtu 1450
diff --git a/src/test/zones/vxlan/vlanawarevnet/expected_sdn_interfaces b/src/test/zones/vxlan/vlanawarevnet/expected_sdn_interfaces
index 55cdf9cb8887..e6331d2e3807 100644
--- a/src/test/zones/vxlan/vlanawarevnet/expected_sdn_interfaces
+++ b/src/test/zones/vxlan/vlanawarevnet/expected_sdn_interfaces
@@ -12,6 +12,7 @@ iface myvnet
 auto vxlan_myvnet
 iface vxlan_myvnet
 	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
 	vxlan_remoteip 192.168.0.2
 	vxlan_remoteip 192.168.0.3
 	mtu 1450
diff --git a/src/test/zones/vxlan/vxlanport/expected_sdn_interfaces b/src/test/zones/vxlan/vxlanport/expected_sdn_interfaces
index 572550a438e7..a3147b66a9c1 100644
--- a/src/test/zones/vxlan/vxlanport/expected_sdn_interfaces
+++ b/src/test/zones/vxlan/vxlanport/expected_sdn_interfaces
@@ -10,6 +10,7 @@ iface myvnet
 auto vxlan_myvnet
 iface vxlan_myvnet
 	vxlan-id 100
+	vxlan-local-tunnelip 192.168.0.1
 	vxlan_remoteip 192.168.0.2
 	vxlan_remoteip 192.168.0.3
 	vxlan-port 6000
-- 
2.47.3





             reply	other threads:[~2026-07-02 14:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02 14:33 Gabriel Goller [this message]
2026-07-02 14:37 ` [PATCH network] sdn: vxlan: always set local tunnel IP Gabriel Goller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260702143349.252142-1-g.goller@proxmox.com \
    --to=g.goller@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal