From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: Re: [PATCH cluster/network/proxmox{-ve-rs,-perl-rs} 00/27] Add support for route maps / prefix lists to SDN
Date: Fri, 27 Mar 2026 11:17:13 +0100 [thread overview]
Message-ID: <f6e6ca22-d238-4bc9-82bd-d7de22fdacdd@proxmox.com> (raw)
In-Reply-To: <20260325094142.174364-1-s.hanreich@proxmox.com>
Thanks for the reviews everyone, I'll wait on Gabriels v8 and send a
rebased version with all fixes shortly!
On 3/25/26 10:41 AM, Stefan Hanreich wrote:
> ## Introduction
>
> This patch adds support for managing route maps and prefix lists to the SDN
> stack. With this patch series, route maps can be applied to the BGP and EVPN
> controller for incoming / outgoing route filtering. There are currently some
> other features in development that would make use of route maps as well, namely:
>
> * VRF route leaking
> * Route Redistribution for Fabrics
>
> Prefix Lists can be used for matching inside route map match statements. They
> are implemented so they can be used inside route map match statements for now.
>
> ## Motivation
>
> There are a lot of use-cases for enabling users to create their own route-maps,
> which was currently only possible by utilizing frr.conf.local - which was clunky
> and prone to issues. Route maps can be used for filtering in/outgoing routes and
> modifiy them, so users could e.g. only selectively advertise some routes via BGP
> or only import certain EVPN routes from outside.
>
> It also allows us to programmatically manage route maps via the UI, e.g. for
> deeper EVPN integration in PDM. This opens up a lot of possibilities for
> new features.
>
>
> ## Configuration Format
>
> This patch series adds two new configuration files, route-maps.cfg and
> prefix-lists.cfg in /etc/pve/sdn.
>
> ### route-maps.cfg
>
> An example route map configuration looks as follows:
>
> route-map-entry: example_123
> action permit
> match key=vni,value=23487
> set key=tag,value=23487
>
> This would create the following FRR route map entry:
>
> route-map example permit 123
> match evpn vni 23487
> set tag 23487
>
> Every entry in route-maps.cfg maps to an entry in a route map. They are
> identified by their name as well as their ordering number. `example_123`
> specifies the 123th entry in the route map 'example'. The main reason for
> choosing this format is, that having a single section for one route-map would be
> quite unwieldy. It'd require some format like this, which is pretty awkward to
> handle / validate:
>
> route-map-entry: example
> action permit,seq=123
> match key=vni,value=23487,seq=123
> set key=tag,value=23487,seq=123
>
> From a UI POV editing singular route map entries seems better as well, and with
> the mapping of section entries to route map entries, a suitable API design
> follows quite naturally and easily maps to the respective section config
> entries, without too much data mangling required.
>
>
> ### prefix-lists.cfg
>
> An example prefix list configuration looks as follows:
>
> prefix-list: example-1
> entries action=permit,prefix=192.0.2.0/24
> entries action=permit,prefix=192.0.2.0/24,le=32
> entries action=permit,prefix=192.0.2.0/24,le=32,ge=24,seq=123
>
> This would create the following FRR prefix list:
>
> ip prefix-list example-1 permit 192.0.2.0/24
> ip prefix-list example-1 permit 192.0.2.0/24 le 32
> ip prefix-list example-1 seq 123 permit 192.0.2.0/24 le 32 ge 24
>
>
> ## API endpoints
>
> This patch series introduces the following API endpoints in the /cluster/sdn
> subfolder:
>
>
> ### Route Maps
>
> GET /route-maps - lists all route map entries
> GET /route-maps/<id> - lists all route map entries for the route map <id>
> GET /route-maps/<id>/<order> - gets the order'th entry in route map <id>
> POST /route-maps - creates a new route map entry
> PUT /route-maps/<id>/<order> - updates the order'th entry in route map <id>
> DELETE /route-maps/<id>/<order> - deletes the order'th entry in route map <id>
>
>
> ### Prefix Lists
>
> GET /prefix-lists - lists all prefix lists
> GET /prefix-lists/<id> - get prefix list <id>
> POST /prefix-lists - create a new prefix list
> PUT /prefix-lists/<id> - update prefix list <id>
> DELETE /prefix-lists/<id> - delete prefix list <id>
>
>
> ## Open questions
>
> How should we handle overriding the auto-generated route maps (e.g. in the EVPN
> controller) and prefix lists?
>
> Currently this patch series disallows creating any route map / prefix list that
> have the same name as PVE auto-generated ones via the API. They can be
> overridden by creating a new route map and then selecting it in the respective
> entity (e.g. via route-map-in in the EVPN controller). Pre-defined prefix-lists
> cannot currently be overridden, since this usually makes little sense, as they
> are used in the auto-generated route maps, which can be overriden anyway.
>
> pve-cluster:
>
> Stefan Hanreich (2):
> cfs: add 'sdn/route-maps.cfg' to observed files
> cfs: add 'sdn/prefix-lists.cfg' to observed files
>
> src/PVE/Cluster.pm | 2 ++
> src/pmxcfs/status.c | 2 ++
> 2 files changed, 4 insertions(+)
>
>
> proxmox-ve-rs:
>
> Stefan Hanreich (9):
> sdn-types: add common route-map helper types
> frr: implement routemap match/set statements via adjacent tagging
> frr: allow rendering prefix-lists/route-maps separately
> frr-templates: change route maps template to adapt to new types
> ve-config: add prefix list section config
> ve-config: frr: implement frr config generation for prefix lists
> ve-config: add route map section config
> ve-config: frr: implement frr config generation for route maps
> ve-config: fabrics: adapt frr config generation to new format
>
> .../templates/route_maps.jinja | 12 +-
> proxmox-frr/Cargo.toml | 2 +-
> proxmox-frr/src/ser/route_map.rs | 101 ++-
> proxmox-frr/src/ser/serializer.rs | 35 +-
> proxmox-sdn-types/src/bgp.rs | 50 ++
> proxmox-sdn-types/src/lib.rs | 135 ++++
> proxmox-ve-config/debian/control | 2 +
> proxmox-ve-config/src/sdn/fabric/frr.rs | 25 +-
> proxmox-ve-config/src/sdn/mod.rs | 2 +
> proxmox-ve-config/src/sdn/prefix_list.rs | 347 ++++++++
> proxmox-ve-config/src/sdn/route_map.rs | 762 ++++++++++++++++++
> 11 files changed, 1408 insertions(+), 65 deletions(-)
> create mode 100644 proxmox-sdn-types/src/bgp.rs
> create mode 100644 proxmox-ve-config/src/sdn/prefix_list.rs
> create mode 100644 proxmox-ve-config/src/sdn/route_map.rs
>
>
> proxmox-perl-rs:
>
> Stefan Hanreich (3):
> pve-rs: sdn: add route maps module
> pve-rs: sdn: add prefix lists module
> sdn: add prefix list / route maps to frr config generation helper
>
> pve-rs/Cargo.toml | 1 +
> pve-rs/Makefile | 2 +
> pve-rs/src/bindings/sdn/mod.rs | 30 ++-
> pve-rs/src/bindings/sdn/prefix_lists.rs | 199 +++++++++++++++++++
> pve-rs/src/bindings/sdn/route_maps.rs | 243 ++++++++++++++++++++++++
> 5 files changed, 472 insertions(+), 3 deletions(-)
> create mode 100644 pve-rs/src/bindings/sdn/prefix_lists.rs
> create mode 100644 pve-rs/src/bindings/sdn/route_maps.rs
>
>
> pve-network:
>
> Stefan Hanreich (13):
> controller: bgp: evpn: adapt to new match / set frr config syntax
> sdn: add prefix lists module
> api2: add prefix list module
> sdn: add route map module
> api2: add route maps api module
> api2: add route map module
> api2: add route map entry module
> evpn controller: add route_map_{in,out} parameter
> sdn: generate route map / prefix list configuration on sdn apply
> tests: add simple route map test case
> tests: add bgp evpn route map/prefix list testcase
> tests: add route map with prefix list testcase
> bgp controller: allow configuring custom route maps
>
> src/PVE/API2/Network/SDN.pm | 14 +
> src/PVE/API2/Network/SDN/Makefile | 13 +-
> src/PVE/API2/Network/SDN/PrefixLists.pm | 247 ++++++++++++++++++
> src/PVE/API2/Network/SDN/RouteMaps.pm | 137 ++++++++++
> src/PVE/API2/Network/SDN/RouteMaps/Makefile | 9 +
> .../API2/Network/SDN/RouteMaps/RouteMap.pm | 92 +++++++
> .../Network/SDN/RouteMaps/RouteMapEntry.pm | 136 ++++++++++
> src/PVE/Network/SDN.pm | 14 +-
> src/PVE/Network/SDN/Controllers/BgpPlugin.pm | 22 +-
> src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 43 +--
> src/PVE/Network/SDN/Controllers/Plugin.pm | 14 +
> src/PVE/Network/SDN/Makefile | 14 +-
> src/PVE/Network/SDN/PrefixLists.pm | 134 ++++++++++
> src/PVE/Network/SDN/RouteMaps.pm | 173 ++++++++++++
> .../expected_controller_config | 76 ++++++
> .../expected_sdn_interfaces | 41 +++
> .../bgp_evpn_routemap_prefix_list/interfaces | 7 +
> .../bgp_evpn_routemap_prefix_list/sdn_config | 86 ++++++
> .../evpn/routemap/expected_controller_config | 60 +++++
> .../evpn/routemap/expected_sdn_interfaces | 41 +++
> src/test/zones/evpn/routemap/interfaces | 7 +
> src/test/zones/evpn/routemap/sdn_config | 70 +++++
> .../expected_controller_config | 49 ++++
> .../expected_sdn_interfaces | 41 +++
> .../evpn/routemap_prefix_list/interfaces | 7 +
> .../evpn/routemap_prefix_list/sdn_config | 58 ++++
> 26 files changed, 1572 insertions(+), 33 deletions(-)
> create mode 100644 src/PVE/API2/Network/SDN/PrefixLists.pm
> create mode 100644 src/PVE/API2/Network/SDN/RouteMaps.pm
> create mode 100644 src/PVE/API2/Network/SDN/RouteMaps/Makefile
> create mode 100644 src/PVE/API2/Network/SDN/RouteMaps/RouteMap.pm
> create mode 100644 src/PVE/API2/Network/SDN/RouteMaps/RouteMapEntry.pm
> create mode 100644 src/PVE/Network/SDN/PrefixLists.pm
> create mode 100644 src/PVE/Network/SDN/RouteMaps.pm
> create mode 100644 src/test/zones/evpn/bgp_evpn_routemap_prefix_list/expected_controller_config
> create mode 100644 src/test/zones/evpn/bgp_evpn_routemap_prefix_list/expected_sdn_interfaces
> create mode 100644 src/test/zones/evpn/bgp_evpn_routemap_prefix_list/interfaces
> create mode 100644 src/test/zones/evpn/bgp_evpn_routemap_prefix_list/sdn_config
> create mode 100644 src/test/zones/evpn/routemap/expected_controller_config
> create mode 100644 src/test/zones/evpn/routemap/expected_sdn_interfaces
> create mode 100644 src/test/zones/evpn/routemap/interfaces
> create mode 100644 src/test/zones/evpn/routemap/sdn_config
> create mode 100644 src/test/zones/evpn/routemap_prefix_list/expected_controller_config
> create mode 100644 src/test/zones/evpn/routemap_prefix_list/expected_sdn_interfaces
> create mode 100644 src/test/zones/evpn/routemap_prefix_list/interfaces
> create mode 100644 src/test/zones/evpn/routemap_prefix_list/sdn_config
>
>
> Summary over all repositories:
> 44 files changed, 3456 insertions(+), 101 deletions(-)
>
prev parent reply other threads:[~2026-03-27 10:16 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 9:41 Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-cluster 1/2] cfs: add 'sdn/route-maps.cfg' to observed files Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-cluster 2/2] cfs: add 'sdn/prefix-lists.cfg' " Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 1/9] sdn-types: add common route-map helper types Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 2/9] frr: implement routemap match/set statements via adjacent tagging Stefan Hanreich
2026-03-26 14:44 ` Hannes Laimer
2026-03-27 9:02 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 3/9] frr: allow rendering prefix-lists/route-maps separately Stefan Hanreich
2026-03-25 14:32 ` Gabriel Goller
2026-03-26 12:17 ` Stefan Hanreich
2026-03-27 10:50 ` Hannes Laimer
2026-03-27 11:34 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 4/9] frr-templates: change route maps template to adapt to new types Stefan Hanreich
2026-03-25 14:33 ` Gabriel Goller
2026-03-25 14:58 ` Gabriel Goller
2026-03-27 11:01 ` Hannes Laimer
2026-03-27 11:17 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 5/9] ve-config: add prefix list section config Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 6/9] ve-config: frr: implement frr config generation for prefix lists Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 7/9] ve-config: add route map section config Stefan Hanreich
2026-03-25 14:35 ` Gabriel Goller
2026-03-26 13:49 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 8/9] ve-config: frr: implement frr config generation for route maps Stefan Hanreich
2026-03-25 15:03 ` Gabriel Goller
2026-03-26 13:50 ` Stefan Hanreich
2026-03-27 11:17 ` Hannes Laimer
2026-03-27 11:21 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-ve-rs 9/9] ve-config: fabrics: adapt frr config generation to new format Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-perl-rs 1/3] pve-rs: sdn: add route maps module Stefan Hanreich
2026-03-26 10:32 ` Wolfgang Bumiller
2026-03-26 13:57 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-perl-rs 2/3] pve-rs: sdn: add prefix lists module Stefan Hanreich
2026-03-25 9:41 ` [PATCH proxmox-perl-rs 3/3] sdn: add prefix list / route maps to frr config generation helper Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 01/13] controller: bgp: evpn: adapt to new match / set frr config syntax Stefan Hanreich
2026-03-26 15:19 ` Hannes Laimer
2026-03-27 10:05 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 02/13] sdn: add prefix lists module Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 03/13] api2: add prefix list module Stefan Hanreich
2026-03-26 15:01 ` Hannes Laimer
2026-03-27 9:57 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 04/13] sdn: add route map module Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 05/13] api2: add route maps api module Stefan Hanreich
2026-03-26 15:05 ` Hannes Laimer
2026-03-27 9:57 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 06/13] api2: add route map module Stefan Hanreich
2026-03-26 15:07 ` Hannes Laimer
2026-03-27 9:57 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 07/13] api2: add route map entry module Stefan Hanreich
2026-03-26 15:13 ` Hannes Laimer
2026-03-27 10:01 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 08/13] evpn controller: add route_map_{in,out} parameter Stefan Hanreich
2026-03-27 10:44 ` Hannes Laimer
2026-03-27 11:12 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 09/13] sdn: generate route map / prefix list configuration on sdn apply Stefan Hanreich
2026-03-27 10:47 ` Hannes Laimer
2026-03-27 11:13 ` Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 10/13] tests: add simple route map test case Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 11/13] tests: add bgp evpn route map/prefix list testcase Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 12/13] tests: add route map with prefix " Stefan Hanreich
2026-03-25 9:41 ` [PATCH pve-network 13/13] bgp controller: allow configuring custom route maps Stefan Hanreich
2026-03-25 11:38 ` [PATCH cluster/network/proxmox{-ve-rs,-perl-rs} 00/27] Add support for route maps / prefix lists to SDN Stefan Hanreich
2026-03-27 10:17 ` Stefan Hanreich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f6e6ca22-d238-4bc9-82bd-d7de22fdacdd@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox