From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id B0CAD1FF162
	for <inbox@lore.proxmox.com>; Mon,  7 Apr 2025 10:53:44 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 68080393C0;
	Mon,  7 Apr 2025 10:53:42 +0200 (CEST)
Message-ID: <ae99fb86-1fb2-4e4f-b31a-55a39114349d@proxmox.com>
Date: Mon, 7 Apr 2025 10:53:09 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Gabriel Goller <g.goller@proxmox.com>
References: <20250404162908.563060-1-g.goller@proxmox.com>
Content-Language: en-US
From: Friedrich Weber <f.weber@proxmox.com>
In-Reply-To: <20250404162908.563060-1-g.goller@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.009 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH
 access-control/cluster/docs/gui-tests/manager/network/proxmox{, -ve-rs,
 -perl-rs} v2 00/57] Add SDN Fabrics
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On 04/04/2025 18:28, Gabriel Goller wrote:
> This series allows the user to add fabrics such as OpenFabric and OSPF over
> their clusters.
> 
> This series relies on: 
> https://lore.proxmox.com/pve-devel/20250404135522.2603272-1-s.hanreich@proxmox.com/T/#mf4cf46c066d856cea819ac3e79d115a290f47466

Thanks for the v2, I like this feature a lot!

Unfortunately, one problem I noticed while testing this is that it may
break pre-existing FRR configs (such as full-mesh Ceph clusters set up
according to [1]) when making seemingly unrelated SDN changes. I already
quickly discussed this with Stefan, posting here in case others have
input as well.

Steps to reproduce:

- on PVE 8.3 (without these patches), set up Ceph full mesh with
OpenFabric as described in [1], includes custom /etc/frr/frr.conf
- also use some SDN feature, e.g. a VLAN zone with a Vnet
- install patched packages, systemctl restart pveproxy pvedaemon
- make a fabric-unrelated change in the SDN config, e.g. change tag of
the VLAN zone Vnet
- apply SDN config

=>
SDN stack writes out a nearly-empty /etc/frr/frr.conf on all nodes and
thus takes down the full mesh:

# cat /etc/frr/frr.conf
frr version 10.2.1
frr defaults datacenter
hostname fabric159
log syslog informational
service integrated-vtysh-config
!
!
line vty

It seems to also disable the fabricd daemon in /etc/frr/daemons:

# grep fabric /etc/frr/daemons
fabricd=no
fabricd_options="-A 127.0.0.1 --dummy_as_loopback"
# vtysh -c 'show openfabric route'
fabricd is not running

It makes sense that one cannot use both our fabrics integration and
custom FRR configs, but the above SDN config change is not related to
fabrics, so we should probably avoid touching the frr.conf if possible.
The wiki article [1] does warn that the full mesh doesn't work in
combination with EVPN, but unfortunately doesn't mention an inherent
incompatibility with the SDN stack as a whole.

[1]
https://pve.proxmox.com/wiki/Full_Mesh_Network_for_Ceph_Server#Routed_Setup_(with_Fallback)


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel