From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] superseded: [PATCH common/manager/network/proxmox{-ve-rs, -perl-rs} v2 00/38] Improve status reporting for SDN / networking
Date: Fri, 7 Nov 2025 15:41:07 +0100 [thread overview]
Message-ID: <39f2000e-9555-4e21-9a8d-0fd535fbc170@proxmox.com> (raw)
In-Reply-To: <20251107085553.113655-1-s.hanreich@proxmox.com>
https://lore.proxmox.com/pve-devel/20251107143201.689035-1-s.hanreich@proxmox.com/T
On 11/7/25 9:55 AM, Stefan Hanreich wrote:
> This patch series builds upon and replaces the two patch series initially
> submitted by Gabriel [1] [2]. Main reason for merging those is that some
> additional refactoring to the status API module structure as well as the UI
> widgets for the SDN browser has been done, which both series would need to
> depend on. Additionally, the EVPN series depended on the fabric series already
> as well, so submitting them as one seemed like the least complicated option for
> both developers and maintainers with the additional changes introduced in this
> iteration.
>
> pre-built packages are available on sani: `network-resource-pve`
>
> ## Rationale
>
> Currently, the SDN and PVE networking stack provide little insight into their
> inner workings and can be a bit of a black box to users. Inspecting the current
> state of networking resources, particularly for EVPN zones, requires dropping
> into the CLI and invoking specific iproute2 / FRR commands. The current status
> endpoint only provides very coarse and limited feedback on the current state of
> SDN / networking resources.
>
> With this iteration, this patch series also adds status reporting for bridges /
> vnets, which has been requested several times in forums / enterprise support /
> trainings.
>
> Most of those endpoints could be interesting additions to the PDM UI as well,
> particularly fabrics and evpn status.
>
>
> ## New network resource type
>
> While the initial implementations extended the existing SDN resource type, this
> iteration introduces a 'network' resource type. The pre-existing SDN resource
> type utilized 'sdn/<zone_id>' as its id, which makes it hard to add additional
> types that do not share that ID space. Changing the schema for the ID would also
> break backwards-compatibility of API and UI between 9.0 and 9.1.
>
> With potential additional status reporting for other network entities (see
> below), it would make sense to generalize the resource type to network in
> particular, to avoid cluttering the top level with one type per SDN/networking
> entity. If that is not a concern, the current state could be easily adapted to
> have one top-level type per resource - simplifying the current implementation.
>
> The ID schema for this resource type is now as follow:
>
> network/{node}/{network_type}/{name}
>
> An example network resource:
>
> {
> "id": "network/acolyte/fabric/underlay",
> "type": "network",
> "network_type": "fabric",
> "network": "underlay"
> "node": "acolyte",
> "status": "ok",
> "protocol": "ospf",
> }
>
> The plan for migrating:
> * New nodes will report the resource status in *both* formats
> * New networking entities (fabrics, for now) will utilize the network resource
> type only
> * When migrating from PVE 9 -> 10, status reporting for zones will move to the
> new network resource type completely
> * old nodes should be able to cope with the old format, but they cannot display
> any newly returned information - it will get dropped
> * PDM will also be able to handle both formats with a separate pdm series, so
> older versions of Proxmox VE can also be used with PDM
>
> I know this is a bit of a sledgehammer method of solving this problem, but imo
> while this migration might be a bit painful now, it seems the best option to me
> long-term. Any suggestions / opinions on this would be greatly appreciated. I
> don't really see another way of implementing additional types of entities
> without either breaking backwards-compatibility with PVE <= 9.0 or having
> potential ID collisions in the SDN resource type or having one dedicated type
> per networking resource.
>
>
> ## Potential future work / extensions
>
> Add status reporting for the firewall, which currently acts a bit like a
> black-box as well, without any easy way of checking the current (running) state
> of the firewall.
>
> Other entities to consider adding to the resources: controllers, DNS, external
> IPAM.
>
> The data from those endpoints could be used to provide a graphical overview of a
> bridge in the UI, an idea which has been floating around internally for awhile.
>
>
> ## New API endpoints
>
> /nodes/{node}/sdn/fabrics/{fabric}/routes
> /nodes/{node}/sdn/fabrics/{fabric}/neighbors
> /nodes/{node}/sdn/fabrics/{fabric}/interfaces
>
> /nodes/{node}/sdn/zones/{zone}/ip-vrf
> /nodes/{node}/sdn/zones/{zone}/bridges
>
> /nodes/{node}/sdn/vnets/{vnet}/mac-vrf
>
>
> ## New UI panels
>
> Those panels can all be reached via the resource tree and are found in the SDN
> browser.
>
> For all zones:
> * Bridges overview
>
> For EVPN zones:
> * IP-VRF
> * MAC-VRFs
>
> For Fabrics:
> * Routes
> * Neighbors
> * Interfaces
>
>
> ## Dependencies
>
> proxmox-perl-rs depends on proxmox-ve-rs
> pve-network depends on proxmox-perl-rs
> pve-network depends on pve-common
> pve-manager depends on pve-network
>
> Changes from v1 (Thanks @Thomas, @Wolfgang, @Hannes, @Gabriel!):
> * Broadcast zones via both resource types, not only the previous sdn one
> * Add handling for receiving zones via both resource types, to avoid duplicated
> entries
> * Update fabrics API endpoints descriptions and property descriptions
> * Fix typo when checking parameter in the NetworkBrowser panel
> * add definedness check in ip_link_is_bridge_member
> * add integration / snapshot tests (courtesy of gabriel)
> * -compressvlan -> -compressvlans in IPRoute2 Helper
>
> Changes from (v1, v4):
>
> * refactor the SDN status API module structure (no functional changes to
> existing endpoints)
> * move the fabrics API endpoints to the pre-existing /nodes/{node}/sdn subdir
> * refactor the SDN content view panel, so it can be reused for the EVPN panels
> (no functional changes to existing UI panels)
> * add a completely new resource type, instead of trying to re-use the existing
> SDN one (reasoning above).
> * move the iproute2 and bridge helpers to pve-common
> * improve JSONSchema of all API endpoints (descriptions mainly)
> * return additional information in the fabric endpoints
> * add full UI integration for EVPN status (IP-VRF + MAC-VRF panels)
> * Use the installed, duplicate and bestpath properties of FRR to show only
> routes that are actually installed into the kernel routing table for EVPN
> zones
> * filter for type 2 routes specifically when invoking vtysh
>
> [1] https://lore.proxmox.com/pve-devel/20250904114206.193052-1-g.goller@proxmox.com/
> [2] https://lore.proxmox.com/pve-devel/20250905114504.195110-1-g.goller@proxmox.com/
>
> pve-common:
>
> Stefan Hanreich (2):
> iproute2: add helper for detecting bridge members
> iproute2: add helper for querying vlan information
>
> src/PVE/IPRoute2.pm | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
>
> proxmox-ve-rs:
>
> Gabriel Goller (7):
> frr: make room for deserialization structs
> frr: add deserialization types for openfabric and ospf
> ve-config: add helper function to iterate over all nodes in all
> fabrics
> ve-config: add optional tag property to vnet
> frr: fix some route deserialization types
> frr: add deserialization types for EVPN
> add derive PartialEq, Eq and HashMap->BTreeMap for tests
>
> proxmox-frr/Cargo.toml | 2 +
> proxmox-frr/debian/control | 6 +
> proxmox-frr/src/de/evpn.rs | 165 ++++++++++++
> proxmox-frr/src/de/mod.rs | 49 ++++
> proxmox-frr/src/de/openfabric.rs | 101 ++++++++
> proxmox-frr/src/de/ospf.rs | 70 +++++
> proxmox-frr/src/lib.rs | 243 +-----------------
> proxmox-frr/src/ser/mod.rs | 241 +++++++++++++++++
> proxmox-frr/src/{ => ser}/openfabric.rs | 4 +-
> proxmox-frr/src/{ => ser}/ospf.rs | 2 +-
> proxmox-frr/src/{ => ser}/route_map.rs | 0
> proxmox-frr/src/{ => ser}/serializer.rs | 2 +-
> proxmox-ve-config/src/sdn/config.rs | 27 +-
> proxmox-ve-config/src/sdn/fabric/frr.rs | 170 ++++++------
> proxmox-ve-config/src/sdn/fabric/mod.rs | 5 +
> proxmox-ve-config/src/sdn/frr.rs | 2 +-
> proxmox-ve-config/tests/fabric/main.rs | 2 +-
> proxmox-ve-config/tests/sdn/main.rs | 5 +-
> .../tests/sdn/resources/running-config.json | 1 +
> 19 files changed, 767 insertions(+), 330 deletions(-)
> create mode 100644 proxmox-frr/src/de/evpn.rs
> create mode 100644 proxmox-frr/src/de/mod.rs
> create mode 100644 proxmox-frr/src/de/openfabric.rs
> create mode 100644 proxmox-frr/src/de/ospf.rs
> create mode 100644 proxmox-frr/src/ser/mod.rs
> rename proxmox-frr/src/{ => ser}/openfabric.rs (97%)
> rename proxmox-frr/src/{ => ser}/ospf.rs (99%)
> rename proxmox-frr/src/{ => ser}/route_map.rs (100%)
> rename proxmox-frr/src/{ => ser}/serializer.rs (99%)
>
>
> proxmox-perl-rs:
>
> Gabriel Goller (11):
> pve-rs: firewall: cargo: fmt
> pve-rs: cargo: bump proxmox-apt and proxmox-ve-config versions
> pve-rs: fabrics: update proxmox-frr import path
> pve-rs: fabrics: fix clippy lint warnings
> pve-rs: fabrics: add function to get status of fabric
> pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn
> pve-rs: fabrics: add function to get routes learned by a fabric
> pve-rs: fabrics: add function to get the interfaces used for a fabric
> pve-rs: fabrics: add function to get the neighbors for a fabric
> pve-rs: fabrics: add unit-tests for fabrics
> pve-rs: fabrics: add unit-tests for evpn l2vpn and l3vpn routes
>
> Stefan Hanreich (1):
> pve-rs: firewall: add missing documentation comments
>
> pve-rs/Cargo.toml | 4 +-
> pve-rs/src/bindings/firewall/sdn.rs | 16 +-
> pve-rs/src/bindings/sdn/fabrics.rs | 313 +++-
> pve-rs/src/lib.rs | 2 +
> pve-rs/src/sdn/mod.rs | 3 +
> pve-rs/src/sdn/status.rs | 2655 +++++++++++++++++++++++++++
> 6 files changed, 2983 insertions(+), 10 deletions(-)
> create mode 100644 pve-rs/src/sdn/mod.rs
> create mode 100644 pve-rs/src/sdn/status.rs
>
>
> pve-network:
>
> Gabriel Goller (3):
> fabrics: add fabrics status to SDN::status function
> api: nodes: fabrics: add endpoint for querying route status
> api: nodes: fabrics: add endpoint for querying neighbor information
>
> Stefan Hanreich (6):
> refactor: rework api module structure for the /nodes/{node}/sdn subdir
> sdn: status: add zone type to sdn resource
> api: nodes: fabrics: add endpoint for querying interface status
> api: nodes: zones: add bridge status
> api: nodes: zones: add ip vrf endpoint for evpn zones
> api: nodes: vnets: add mac-vrf endpoint for evpn vnets
>
> src/PVE/API2/Network/SDN/Makefile | 2 +-
> src/PVE/API2/Network/SDN/Nodes/Fabric.pm | 187 +++++++++
> src/PVE/API2/Network/SDN/Nodes/Fabrics.pm | 16 +
> .../Network/SDN/{Zones => Nodes}/Makefile | 12 +-
> src/PVE/API2/Network/SDN/Nodes/Status.pm | 61 +++
> src/PVE/API2/Network/SDN/Nodes/Vnet.pm | 147 +++++++
> src/PVE/API2/Network/SDN/Nodes/Vnets.pm | 16 +
> src/PVE/API2/Network/SDN/Nodes/Zone.pm | 379 ++++++++++++++++++
> .../SDN/{Zones/Status.pm => Nodes/Zones.pm} | 58 +--
> src/PVE/API2/Network/SDN/Vnets.pm | 2 +-
> src/PVE/API2/Network/SDN/Zones/Content.pm | 88 ----
> src/PVE/Network/SDN.pm | 6 +-
> src/PVE/Network/SDN/Zones.pm | 2 +
> src/test/debug/statuscheck.pl | 3 +-
> 14 files changed, 833 insertions(+), 146 deletions(-)
> create mode 100644 src/PVE/API2/Network/SDN/Nodes/Fabric.pm
> create mode 100644 src/PVE/API2/Network/SDN/Nodes/Fabrics.pm
> rename src/PVE/API2/Network/SDN/{Zones => Nodes}/Makefile (51%)
> create mode 100644 src/PVE/API2/Network/SDN/Nodes/Status.pm
> create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnet.pm
> create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnets.pm
> create mode 100644 src/PVE/API2/Network/SDN/Nodes/Zone.pm
> rename src/PVE/API2/Network/SDN/{Zones/Status.pm => Nodes/Zones.pm} (56%)
> delete mode 100644 src/PVE/API2/Network/SDN/Zones/Content.pm
>
>
> pve-manager:
>
> Gabriel Goller (2):
> pvestatd: add network resource to status reporting
> ui: resource tree: add network resource
>
> Stefan Hanreich (6):
> api: nodes: use new status module for sdn subdirectory
> refactor: ui: sdn browser: parametrize zone content panel
> pvestatd: sdn: adapt to changes in status reporting
> ui: network browser: Add ip-vrf panel for evpn zones
> ui: network browser: add mac vrf panel
> ui: network browser: add zone bridge view
>
> PVE/API2/Cluster.pm | 118 +++++++++++++----
> PVE/API2/Nodes.pm | 50 +------
> PVE/Service/pvestatd.pm | 39 ++++--
> www/manager6/Makefile | 6 +
> www/manager6/Utils.js | 11 ++
> www/manager6/Workspace.js | 1 +
> www/manager6/sdn/Browser.js | 29 ++++
> www/manager6/sdn/EvpnZoneIpVrfPanel.js | 84 ++++++++++++
> www/manager6/sdn/EvpnZoneMacVrfPanel.js | 130 ++++++++++++++++++
> www/manager6/sdn/FabricsContentView.js | 77 +++++++++++
> www/manager6/sdn/NetworkBrowser.js | 167 ++++++++++++++++++++++++
> www/manager6/sdn/ZoneBridgeView.js | 88 +++++++++++++
> www/manager6/sdn/ZoneBridgesPanel.js | 131 +++++++++++++++++++
> www/manager6/sdn/ZoneContentPanel.js | 11 +-
> www/manager6/sdn/ZoneContentView.js | 75 ++++++-----
> www/manager6/tree/ResourceTree.js | 6 +
> 16 files changed, 909 insertions(+), 114 deletions(-)
> create mode 100644 www/manager6/sdn/EvpnZoneIpVrfPanel.js
> create mode 100644 www/manager6/sdn/EvpnZoneMacVrfPanel.js
> create mode 100644 www/manager6/sdn/FabricsContentView.js
> create mode 100644 www/manager6/sdn/NetworkBrowser.js
> create mode 100644 www/manager6/sdn/ZoneBridgeView.js
> create mode 100644 www/manager6/sdn/ZoneBridgesPanel.js
>
>
> Summary over all repositories:
> 56 files changed, 5517 insertions(+), 600 deletions(-)
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-11-07 14:40 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 8:54 [pve-devel] " Stefan Hanreich
2025-11-07 8:54 ` [pve-devel] [PATCH pve-common v2 1/2] iproute2: add helper for detecting bridge members Stefan Hanreich
2025-11-07 8:54 ` [pve-devel] [PATCH pve-common v2 2/2] iproute2: add helper for querying vlan information Stefan Hanreich
2025-11-07 8:54 ` [pve-devel] [PATCH proxmox-ve-rs v2 1/7] frr: make room for deserialization structs Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-ve-rs v2 2/7] frr: add deserialization types for openfabric and ospf Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-ve-rs v2 3/7] ve-config: add helper function to iterate over all nodes in all fabrics Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-ve-rs v2 4/7] ve-config: add optional tag property to vnet Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-ve-rs v2 5/7] frr: fix some route deserialization types Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-ve-rs v2 6/7] frr: add deserialization types for EVPN Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-ve-rs v2 7/7] add derive PartialEq, Eq and HashMap->BTreeMap for tests Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 01/12] pve-rs: firewall: cargo: fmt Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 02/12] pve-rs: firewall: add missing documentation comments Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 03/12] pve-rs: cargo: bump proxmox-apt and proxmox-ve-config versions Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 04/12] pve-rs: fabrics: update proxmox-frr import path Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 05/12] pve-rs: fabrics: fix clippy lint warnings Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 06/12] pve-rs: fabrics: add function to get status of fabric Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 07/12] pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 08/12] pve-rs: fabrics: add function to get routes learned by a fabric Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 09/12] pve-rs: fabrics: add function to get the interfaces used for " Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 10/12] pve-rs: fabrics: add function to get the neighbors " Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 11/12] pve-rs: fabrics: add unit-tests for fabrics Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH proxmox-perl-rs v2 12/12] pve-rs: fabrics: add unit-tests for evpn l2vpn and l3vpn routes Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 1/9] refactor: rework api module structure for the /nodes/{node}/sdn subdir Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 2/9] fabrics: add fabrics status to SDN::status function Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 3/9] sdn: status: add zone type to sdn resource Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 4/9] api: nodes: fabrics: add endpoint for querying route status Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 5/9] api: nodes: fabrics: add endpoint for querying neighbor information Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 6/9] api: nodes: fabrics: add endpoint for querying interface status Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 7/9] api: nodes: zones: add bridge status Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 8/9] api: nodes: zones: add ip vrf endpoint for evpn zones Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-network v2 9/9] api: nodes: vnets: add mac-vrf endpoint for evpn vnets Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 1/8] api: nodes: use new status module for sdn subdirectory Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 2/8] refactor: ui: sdn browser: parametrize zone content panel Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 3/8] pvestatd: add network resource to status reporting Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 4/8] pvestatd: sdn: adapt to changes in " Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 5/8] ui: resource tree: add network resource Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 6/8] ui: network browser: Add ip-vrf panel for evpn zones Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 7/8] ui: network browser: add mac vrf panel Stefan Hanreich
2025-11-07 8:55 ` [pve-devel] [PATCH pve-manager v2 8/8] ui: network browser: add zone bridge view Stefan Hanreich
2025-11-07 14:41 ` Stefan Hanreich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39f2000e-9555-4e21-9a8d-0fd535fbc170@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox