Re: [PATCH pve-network 06/16] evpn controller: allow multiple evpn controllers in a cluster

[Gabriel Goller <g.goller@proxmox.com>]

On 16.04.2026 17:30, Hannes Laimer wrote:
> On 2026-04-14 18:33, Stefan Hanreich wrote:
> > Previously it was only possible to define one global EVPN controller
> > in a cluster, which represented a single peer-group - VTEP. This patch
> > allows defining multiple EVPN controllers in a cluster. One can think
> > of one EVPN controller as mapping to a single peer-group. This patch
> > series adds the possibility of defining multiple peer-groups.
> > 
> > In order to enable this change, introduce a new setting in the EVPN
> > controller 'peer-group-name'. Since it was only possible to create a
> > single EVPN controller in the entire cluster, the FRR config
> > generation generated a single peer group with a hard-coded name. To
> > allow defining multiple peer-groups and preserve
> > backwards-compatibility, a custom peer group name needs to be defined
> > explicitly for each additional controller. The setting is optional and
> > the peer group name defaults to 'VTEP' if unset, in order to avoid
> > breaking backwards-compatibility with custom FRR configurations.
> > 
> > Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> > ---
> 
> [..]
> 
> > @@ -493,18 +517,20 @@ sub on_delete_hook {
> >  sub on_update_hook {
> >      my ($class, $controllerid, $controller_cfg) = @_;
> >  
> > -    # we can only have 1 evpn controller / 1 asn by server
> > +    my $controller = $controller_cfg->{ids}->{$controllerid};
> >  
> > -    my $controllernb = 0;
> >      foreach my $id (keys %{ $controller_cfg->{ids} }) {
> >          next if $id eq $controllerid;
> > -        my $controller = $controller_cfg->{ids}->{$id};
> > -        next if $controller->{type} ne "evpn";
> > -        $controllernb++;
> > -        die "only 1 global evpn controller can be defined" if $controllernb >= 1;
> > +        my $other_controller = $controller_cfg->{ids}->{$id};
> > +        next if $other_controller->{type} ne "evpn";
> > +
> > +        die "cannot have two controllers with no peer-group-name configured"
> > +            if !$controller->{'peer-group-name'} && !$other_controller->{'peer-group-name'};
> > +
> > +        die "cannot have two controllers with same peer-group-name configured"
> > +            if $controller->{'peer-group-name'} eq $other_controller->{'peer-group-name'};
> 
> if one has none, so the default('VTEP'), and the other sets 'VTEP', we
> miss that case here I think. something like
> ```
>     my $pg_self = $controller->{'peer-group-name'} // 'VTEP';
>     my $pg_other = $other_controller->{'peer-group-name'} // 'VTEP';
>     die "cannot have two controllers with ..." if $pg_self eq $pg_other;
> ```
> might be better

Maybe tangentially related: we should probably disallow VTEP as a bgp fabric
name.

> >      }
> >  
> > -    my $controller = $controller_cfg->{ids}->{$controllerid};
> >      if ($controller->{type} eq 'evpn') {
> >          die "must have exactly one of peers / fabric defined"
> >              if ($controller->{peers} && $controller->{fabric})
> 
> 
> 
> 
>