From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 07C471FF14C for ; Fri, 15 May 2026 12:27:24 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id D3F1119615; Fri, 15 May 2026 12:27:23 +0200 (CEST) Message-ID: <945449f6-4238-4d8a-9f27-25892bd2dd00@proxmox.com> Date: Fri, 15 May 2026 12:26:15 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: superseded: [PATCH docs/manager/network/proxmox{-ve-rs,-perl-rs} v5 0/8] sdn: add BGP fabric To: pve-devel@lists.proxmox.com References: <20260513184213.506775-1-h.laimer@proxmox.com> From: Hannes Laimer Content-Language: en-US In-Reply-To: <20260513184213.506775-1-h.laimer@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778840769918 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.082 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 3CM5B5I5YT7NYR3PBETAGCJMG7S425IH X-Message-ID-Hash: 3CM5B5I5YT7NYR3PBETAGCJMG7S425IH X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: superseded-by: https://lore.proxmox.com/pve-devel/20260515102500.216264-1-h.laimer@proxmox.com/ On 2026-05-13 20:42, Hannes Laimer wrote: > This patch series adds BGP as a third fabric protocol alongside OpenFabric and > OSPF. It targets eBGP unnumbered underlays where each node has a unique ASN and > peers over physical interfaces without IP assignment on fabric links. > > ## Dependencies > > This series is based on the wireguard, evpn, and ospf-redist series ([3]-[5]). > > ## eBGP underlay > > Each node gets its own ASN (e.g. 65001, 65002, 65003) and peers with its > neighbors using 'remote-as external' on unnumbered interfaces. The fabric > peer-group is named after the fabric ID and uses BFD when enabled. > > ## EVPN overlay > > When the EVPN controller references a BGP fabric, VTEP sessions are iBGP, > consistent with how EVPN operates on OSPF and OpenFabric fabrics. The per-node > ASN is applied via 'local-as' on the underlay neighbor group. > > ## Single BGP process > > FRR allows only one BGP instance per VRF, so the fabric underlay and the EVPN > overlay coexist in one 'router bgp' instance. The fabric generates its own > BgpRouter and merges into the existing one via merge_fabric(), appending > neighbor groups and address families without overwriting EVPN settings. > > ## IPv6-only support > > For nodes with only an IPv6 address, the BGP router-id (which must be a 32-bit > value) is derived from the IPv6 address using FNV-1a hashing. > > ### Testing results for hash collisions > Scattered /64 n=1000 unique=1000 collisions=0 worst=1 > Scattered /64 n=10000 unique=10000 collisions=0 worst=1 > Scattered /64 n=100000 unique=99997 collisions=3 worst=2 > Sequential /64 n=1000 unique=1000 collisions=0 worst=1 > Sequential /64 n=10000 unique=10000 collisions=0 worst=1 > Sequential /64 n=100000 unique=100000 collisions=0 worst=1 > Spaced /64 (step 256) n=1000 unique=1000 collisions=0 worst=1 > Spaced /64 (step 256) n=10000 unique=10000 collisions=0 worst=1 > Spaced /64 (step 256) n=100000 unique=100000 collisions=0 worst=1 > Sparse multi-/48 n=1000 unique=1000 collisions=0 worst=1 > Sparse multi-/48 n=10000 unique=10000 collisions=0 worst=1 > Sparse multi-/48 n=100000 unique=100000 collisions=0 worst=1 > > Only the random assignment in a /64 prefix caused a tiny amount of collisions, > and having 100k routers with randomly assigned IPs is not really typical. So > FNV-1a does seem like a good choice here. (generally I'm open to alternative > approaches for getting router-ids on nodes with no ipv4 ips) > > > Thanks a lot @Stefan for the base of this series! > > > v5, thanks @Stefan for the feedback on v4!: > - renamed AddressFamilies::merge() to extend() to mirror std::Vec naming > - replaced the hand-rolled ASN deserializer with > proxmox_serde::perl::deserialize_u32 > - set VTYSH_HISTFILE=/dev/null on the BGP vtysh invocations to avoid polluting > vtysh history > - added labelWidth: 120 to the route-map / route-filter selectors in the > BGP fabric edit panel so all input fields line up with the BFD checkbox > - rebased onto latest versions of wireguard, evpn and ospf redist > - include [6] in the series, only sent separately cause I forgot to include it > in v4 > - did not include `AsRef` for ASN (opposed to what I answered on the > mail), because it is currently only accessed once, and there we don't need a > ref... > > v4: > - split route-map: `pve_bgp` (zebra `ip protocol bgp` filter) for set-src + > catch-all, `pve_bgp__in` (per-fabric peer-inbound) for filtering > - added `accept-ra 0` and `ip6-forward 1` on BGP fabric interfaces > - dropped v3's patch 6/8 (EVPN underlay prefix check) > - dropped the `router_id` field references. With prefixes always > present, the router-id is always derivable > - rebase onto the latest versions of the > route-maps[3]/wireguard[4]/evpn[5]/ospf-route-dist[6] series > > > v3, thanks @Gabriel and @Stefan for the (mostly off-list) feedback on v2!: > - fixed exit-node routing: moved the set-src route-map from `ip > protocol bgp` to the fabric peer-group's inbound direction, so EVPN > VRF imports aren't dropped by the filter's implicit deny > - renamed the route-map to be per-fabric (pve_bgp_) > - added optional router_id field on BGP nodes (required when the fabric > has no prefix), enabling prefix-less BGP fabrics > - dropped the per-node ASN uniqueness check > - ui: show `router_id` field only when the fabric has no prefix > > > v2, thanks @Gabriel and @Stefan for the (off-list) feedback on v1!: > - switched EVPN overlay from eBGP to iBGP > - rebased onto Stefan's evpn[1]/route-maps[2] series > - made LocalAsSettings fields pub (needed for Rust-side construction) > - added router-id collision validation for IPv6-only nodes > - added docs section > > [1] https://lore.proxmox.com/pve-devel/20260414163315.419384-1-s.hanreich@proxmox.com/ > [2] https://lore.proxmox.com/pve-devel/20260401143957.386809-1-s.hanreich@proxmox.com/ > > [3] https://lore.proxmox.com/pve-devel/20260512173145.596958-1-s.hanreich@proxmox.com/ > [4] https://lore.proxmox.com/pve-devel/20260504162501.425135-1-s.hanreich@proxmox.com/ > [5] https://lore.proxmox.com/pve-devel/20260504163157.429628-1-s.hanreich@proxmox.com/ > > [6] https://lore.proxmox.com/pve-devel/20260512155024.311919-1-h.laimer@proxmox.com/T/#u > > > proxmox-ve-rs: > > Stefan Hanreich (1): > sdn: fabric: add BGP protocol support > > proxmox-frr/src/ser/bgp.rs | 87 ++++- > proxmox-ve-config/src/sdn/fabric/frr.rs | 304 +++++++++++++++++- > proxmox-ve-config/src/sdn/fabric/mod.rs | 169 +++++++++- > .../src/sdn/fabric/section_config/fabric.rs | 22 ++ > .../src/sdn/fabric/section_config/mod.rs | 21 +- > .../src/sdn/fabric/section_config/node.rs | 21 ++ > .../sdn/fabric/section_config/protocol/bgp.rs | 287 +++++++++++++++++ > .../sdn/fabric/section_config/protocol/mod.rs | 1 + > .../tests/fabric/cfg/bgp_default/fabrics.cfg | 17 + > .../fabric/cfg/bgp_ipv6_only/fabrics.cfg | 17 + > proxmox-ve-config/tests/fabric/main.rs | 119 ++++++- > .../snapshots/fabric__bgp_default_pve.snap | 36 +++ > .../snapshots/fabric__bgp_default_pve1.snap | 35 ++ > .../snapshots/fabric__bgp_ipv6_only_pve.snap | 37 +++ > .../snapshots/fabric__bgp_ipv6_only_pve1.snap | 36 +++ > .../fabric__bgp_merge_with_evpn_pve.snap | 42 +++ > 16 files changed, 1238 insertions(+), 13 deletions(-) > create mode 100644 proxmox-ve-config/src/sdn/fabric/section_config/protocol/bgp.rs > create mode 100644 proxmox-ve-config/tests/fabric/cfg/bgp_default/fabrics.cfg > create mode 100644 proxmox-ve-config/tests/fabric/cfg/bgp_ipv6_only/fabrics.cfg > create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_default_pve.snap > create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_default_pve1.snap > create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_ipv6_only_pve.snap > create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_ipv6_only_pve1.snap > create mode 100644 proxmox-ve-config/tests/fabric/snapshots/fabric__bgp_merge_with_evpn_pve.snap > > > proxmox-perl-rs: > > Hannes Laimer (1): > sdn: fabrics: add BGP status endpoints > > Stefan Hanreich (1): > sdn: fabrics: add BGP config generation > > pve-rs/src/bindings/sdn/fabrics.rs | 129 ++++++++++++++++++++++++++++- > pve-rs/src/sdn/status.rs | 106 +++++++++++++++++++++++- > 2 files changed, 231 insertions(+), 4 deletions(-) > > > pve-network: > > Hannes Laimer (3): > sdn: fabrics: register bgp as a fabric protocol type > sdn: evpn: support eBGP VTEPs over BGP fabric underlays > test: evpn: add integration test for EVPN over BGP fabric > > src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 +++++- > src/PVE/Network/SDN/Fabrics.pm | 63 +++++++++++++- > src/PVE/Network/SDN/RouteMaps.pm | 15 ++++ > .../bgp_fabric/expected_controller_config | 73 ++++++++++++++++ > .../evpn/bgp_fabric/expected_sdn_interfaces | 60 +++++++++++++ > src/test/zones/evpn/bgp_fabric/interfaces | 6 ++ > src/test/zones/evpn/bgp_fabric/sdn_config | 85 +++++++++++++++++++ > 7 files changed, 325 insertions(+), 3 deletions(-) > create mode 100644 src/test/zones/evpn/bgp_fabric/expected_controller_config > create mode 100644 src/test/zones/evpn/bgp_fabric/expected_sdn_interfaces > create mode 100644 src/test/zones/evpn/bgp_fabric/interfaces > create mode 100644 src/test/zones/evpn/bgp_fabric/sdn_config > > > pve-manager: > > Hannes Laimer (1): > ui: sdn: add BGP fabric support > > www/manager6/Makefile | 3 + > www/manager6/sdn/FabricsView.js | 12 ++++ > www/manager6/sdn/fabrics/FabricEdit.js | 12 +++- > www/manager6/sdn/fabrics/NodeEdit.js | 1 + > www/manager6/sdn/fabrics/bgp/FabricEdit.js | 70 +++++++++++++++++++ > .../sdn/fabrics/bgp/InterfacePanel.js | 15 ++++ > www/manager6/sdn/fabrics/bgp/NodeEdit.js | 23 ++++++ > 7 files changed, 133 insertions(+), 3 deletions(-) > create mode 100644 www/manager6/sdn/fabrics/bgp/FabricEdit.js > create mode 100644 www/manager6/sdn/fabrics/bgp/InterfacePanel.js > create mode 100644 www/manager6/sdn/fabrics/bgp/NodeEdit.js > > > pve-docs: > > Hannes Laimer (1): > sdn: add bgp fabric section > > pvesdn.adoc | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 103 insertions(+) > > > Summary over all repositories: > 33 files changed, 2030 insertions(+), 23 deletions(-) >