From: Hannes Laimer <h.laimer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: superseded: [PATCH docs/manager/network/proxmox{-ve-rs,-perl-rs} v5 0/8] sdn: add BGP fabric
Date: Fri, 15 May 2026 12:26:15 +0200 [thread overview]
Message-ID: <945449f6-4238-4d8a-9f27-25892bd2dd00@proxmox.com> (raw)
In-Reply-To: <20260513184213.506775-1-h.laimer@proxmox.com>
superseded-by:
https://lore.proxmox.com/pve-devel/20260515102500.216264-1-h.laimer@proxmox.com/
On 2026-05-13 20:42, Hannes Laimer wrote:
> This patch series adds BGP as a third fabric protocol alongside OpenFabric and
> OSPF. It targets eBGP unnumbered underlays where each node has a unique ASN and
> peers over physical interfaces without IP assignment on fabric links.
>
> ## Dependencies
>
> This series is based on the wireguard, evpn, and ospf-redist series ([3]-[5]).
>
> ## eBGP underlay
>
> Each node gets its own ASN (e.g. 65001, 65002, 65003) and peers with its
> neighbors using 'remote-as external' on unnumbered interfaces. The fabric
> peer-group is named after the fabric ID and uses BFD when enabled.
>
> ## EVPN overlay
>
> When the EVPN controller references a BGP fabric, VTEP sessions are iBGP,
> consistent with how EVPN operates on OSPF and OpenFabric fabrics. The per-node
> ASN is applied via 'local-as' on the underlay neighbor group.
>
> ## Single BGP process
>
> FRR allows only one BGP instance per VRF, so the fabric underlay and the EVPN
> overlay coexist in one 'router bgp' instance. The fabric generates its own
> BgpRouter and merges into the existing one via merge_fabric(), appending
> neighbor groups and address families without overwriting EVPN settings.
>
> ## IPv6-only support
>
> For nodes with only an IPv6 address, the BGP router-id (which must be a 32-bit
> value) is derived from the IPv6 address using FNV-1a hashing.
>
> ### Testing results for hash collisions
> Scattered /64 n=1000 unique=1000 collisions=0 worst=1
> Scattered /64 n=10000 unique=10000 collisions=0 worst=1
> Scattered /64 n=100000 unique=99997 collisions=3 worst=2
> Sequential /64 n=1000 unique=1000 collisions=0 worst=1
> Sequential /64 n=10000 unique=10000 collisions=0 worst=1
> Sequential /64 n=100000 unique=100000 collisions=0 worst=1
> Spaced /64 (step 256) n=1000 unique=1000 collisions=0 worst=1
> Spaced /64 (step 256) n=10000 unique=10000 collisions=0 worst=1
> Spaced /64 (step 256) n=100000 unique=100000 collisions=0 worst=1
> Sparse multi-/48 n=1000 unique=1000 collisions=0 worst=1
> Sparse multi-/48 n=10000 unique=10000 collisions=0 worst=1
> Sparse multi-/48 n=100000 unique=100000 collisions=0 worst=1
>
> Only the random assignment in a /64 prefix caused a tiny amount of collisions,
> and having 100k routers with randomly assigned IPs is not really typical. So
> FNV-1a does seem like a good choice here. (generally I'm open to alternative
> approaches for getting router-ids on nodes with no ipv4 ips)
>
>
> Thanks a lot @Stefan for the base of this series!
>
>
> v5, thanks @Stefan for the feedback on v4!:
> - renamed AddressFamilies::merge() to extend() to mirror std::Vec naming
> - replaced the hand-rolled ASN deserializer with
> proxmox_serde::perl::deserialize_u32
> - set VTYSH_HISTFILE=/dev/null on the BGP vtysh invocations to avoid polluting
> vtysh history
> - added labelWidth: 120 to the route-map / route-filter selectors in the
> BGP fabric edit panel so all input fields line up with the BFD checkbox
> - rebased onto latest versions of wireguard, evpn and ospf redist
> - include [6] in the series, only sent separately cause I forgot to include it
> in v4
> - did not include `AsRef<u32>` for ASN (opposed to what I answered on the
> mail), because it is currently only accessed once, and there we don't need a
> ref...
>
> v4:
> - split route-map: `pve_bgp` (zebra `ip protocol bgp` filter) for set-src +
> catch-all, `pve_bgp_<id>_in` (per-fabric peer-inbound) for filtering
> - added `accept-ra 0` and `ip6-forward 1` on BGP fabric interfaces
> - dropped v3's patch 6/8 (EVPN underlay prefix check)
> - dropped the `router_id` field references. With prefixes always
> present, the router-id is always derivable
> - rebase onto the latest versions of the
> route-maps[3]/wireguard[4]/evpn[5]/ospf-route-dist[6] series
>
>
> v3, thanks @Gabriel and @Stefan for the (mostly off-list) feedback on v2!:
> - fixed exit-node routing: moved the set-src route-map from `ip
> protocol bgp` to the fabric peer-group's inbound direction, so EVPN
> VRF imports aren't dropped by the filter's implicit deny
> - renamed the route-map to be per-fabric (pve_bgp_<id>)
> - added optional router_id field on BGP nodes (required when the fabric
> has no prefix), enabling prefix-less BGP fabrics
> - dropped the per-node ASN uniqueness check
> - ui: show `router_id` field only when the fabric has no prefix
>
>
> v2, thanks @Gabriel and @Stefan for the (off-list) feedback on v1!:
> - switched EVPN overlay from eBGP to iBGP
> - rebased onto Stefan's evpn[1]/route-maps[2] series
> - made LocalAsSettings fields pub (needed for Rust-side construction)
> - added router-id collision validation for IPv6-only nodes
> - added docs section
>
> [1] https://lore.proxmox.com/pve-devel/20260414163315.419384-1-s.hanreich@proxmox.com/
> [2] https://lore.proxmox.com/pve-devel/20260401143957.386809-1-s.hanreich@proxmox.com/
>
> [3] https://lore.proxmox.com/pve-devel/20260512173145.596958-1-s.hanreich@proxmox.com/
> [4] https://lore.proxmox.com/pve-devel/20260504162501.425135-1-s.hanreich@proxmox.com/
> [5] https://lore.proxmox.com/pve-devel/20260504163157.429628-1-s.hanreich@proxmox.com/
>
> [6] https://lore.proxmox.com/pve-devel/20260512155024.311919-1-h.laimer@proxmox.com/T/#u
>
>
> proxmox-ve-rs:
>
> Stefan Hanreich (1):
> sdn: fabric: add BGP protocol support
>
> proxmox-frr/src/ser/bgp.rs | 87 ++++-
> proxmox-ve-config/src/sdn/fabric/frr.rs | 304 +++++++++++++++++-
> proxmox-ve-config/src/sdn/fabric/mod.rs | 169 +++++++++-
> .../src/sdn/fabric/section_config/fabric.rs | 22 ++
> .../src/sdn/fabric/section_config/mod.rs | 21 +-
> .../src/sdn/fabric/section_config/node.rs | 21 ++
> .../sdn/fabric/section_config/protocol/bgp.rs | 287 +++++++++++++++++
> .../sdn/fabric/section_config/protocol/mod.rs | 1 +
> .../tests/fabric/cfg/bgp_default/fabrics.cfg | 17 +
> .../fabric/cfg/bgp_ipv6_only/fabrics.cfg | 17 +
> proxmox-ve-config/tests/fabric/main.rs | 119 ++++++-
> .../snapshots/fabric__bgp_default_pve.snap | 36 +++
> .../snapshots/fabric__bgp_default_pve1.snap | 35 ++
> .../snapshots/fabric__bgp_ipv6_only_pve.snap | 37 +++
> .../snapshots/fabric__bgp_ipv6_only_pve1.snap | 36 +++
> .../fabric__bgp_merge_with_evpn_pve.snap | 42 +++
> 16 files changed, 1238 insertions(+), 13 deletions(-)
> create mode 100644 proxmox-ve-config/src/sdn/fabric/section_config/protocol/bgp.rs
> create mode 100644 proxmox-ve-config/tests/fabric/cfg/bgp_default/fabrics.cfg
> create mode 100644 proxmox-ve-config/tests/fabric/cfg/bgp_ipv6_only/fabrics.cfg
> create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_default_pve.snap
> create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_default_pve1.snap
> create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_ipv6_only_pve.snap
> create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_ipv6_only_pve1.snap
> create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_merge_with_evpn_pve.snap
>
>
> proxmox-perl-rs:
>
> Hannes Laimer (1):
> sdn: fabrics: add BGP status endpoints
>
> Stefan Hanreich (1):
> sdn: fabrics: add BGP config generation
>
> pve-rs/src/bindings/sdn/fabrics.rs | 129 ++++++++++++++++++++++++++++-
> pve-rs/src/sdn/status.rs | 106 +++++++++++++++++++++++-
> 2 files changed, 231 insertions(+), 4 deletions(-)
>
>
> pve-network:
>
> Hannes Laimer (3):
> sdn: fabrics: register bgp as a fabric protocol type
> sdn: evpn: support eBGP VTEPs over BGP fabric underlays
> test: evpn: add integration test for EVPN over BGP fabric
>
> src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 +++++-
> src/PVE/Network/SDN/Fabrics.pm | 63 +++++++++++++-
> src/PVE/Network/SDN/RouteMaps.pm | 15 ++++
> .../bgp_fabric/expected_controller_config | 73 ++++++++++++++++
> .../evpn/bgp_fabric/expected_sdn_interfaces | 60 +++++++++++++
> src/test/zones/evpn/bgp_fabric/interfaces | 6 ++
> src/test/zones/evpn/bgp_fabric/sdn_config | 85 +++++++++++++++++++
> 7 files changed, 325 insertions(+), 3 deletions(-)
> create mode 100644 src/test/zones/evpn/bgp_fabric/expected_controller_config
> create mode 100644 src/test/zones/evpn/bgp_fabric/expected_sdn_interfaces
> create mode 100644 src/test/zones/evpn/bgp_fabric/interfaces
> create mode 100644 src/test/zones/evpn/bgp_fabric/sdn_config
>
>
> pve-manager:
>
> Hannes Laimer (1):
> ui: sdn: add BGP fabric support
>
> www/manager6/Makefile | 3 +
> www/manager6/sdn/FabricsView.js | 12 ++++
> www/manager6/sdn/fabrics/FabricEdit.js | 12 +++-
> www/manager6/sdn/fabrics/NodeEdit.js | 1 +
> www/manager6/sdn/fabrics/bgp/FabricEdit.js | 70 +++++++++++++++++++
> .../sdn/fabrics/bgp/InterfacePanel.js | 15 ++++
> www/manager6/sdn/fabrics/bgp/NodeEdit.js | 23 ++++++
> 7 files changed, 133 insertions(+), 3 deletions(-)
> create mode 100644 www/manager6/sdn/fabrics/bgp/FabricEdit.js
> create mode 100644 www/manager6/sdn/fabrics/bgp/InterfacePanel.js
> create mode 100644 www/manager6/sdn/fabrics/bgp/NodeEdit.js
>
>
> pve-docs:
>
> Hannes Laimer (1):
> sdn: add bgp fabric section
>
> pvesdn.adoc | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 103 insertions(+)
>
>
> Summary over all repositories:
> 33 files changed, 2030 insertions(+), 23 deletions(-)
>
prev parent reply other threads:[~2026-05-15 10:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 18:42 [PATCH docs/manager/network/proxmox{-ve-rs,-perl-rs} v5 0/8] sdn: add BGP fabric Hannes Laimer
2026-05-13 18:42 ` [PATCH proxmox-ve-rs v5 1/8] sdn: fabric: add BGP protocol support Hannes Laimer
2026-05-13 18:42 ` [PATCH proxmox-perl-rs v5 2/8] sdn: fabrics: add BGP config generation Hannes Laimer
2026-05-13 18:42 ` [PATCH proxmox-perl-rs v5 3/8] sdn: fabrics: add BGP status endpoints Hannes Laimer
2026-05-13 18:42 ` [PATCH pve-network v5 4/8] sdn: fabrics: register bgp as a fabric protocol type Hannes Laimer
2026-05-13 18:42 ` [PATCH pve-network v5 5/8] sdn: evpn: support eBGP VTEPs over BGP fabric underlays Hannes Laimer
2026-05-13 18:42 ` [PATCH pve-network v5 6/8] test: evpn: add integration test for EVPN over BGP fabric Hannes Laimer
2026-05-13 18:42 ` [PATCH pve-manager v5 7/8] ui: sdn: add BGP fabric support Hannes Laimer
2026-05-13 18:42 ` [PATCH pve-docs v5 8/8] sdn: add bgp fabric section Hannes Laimer
2026-05-15 10:26 ` Hannes Laimer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=945449f6-4238-4d8a-9f27-25892bd2dd00@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox