From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id A0B761FF16F for ; Thu, 19 Dec 2024 17:17:37 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4BFF9CAC0; Thu, 19 Dec 2024 17:17:36 +0100 (CET) To: pve-devel@lists.proxmox.com Date: Thu, 19 Dec 2024 17:17:23 +0100 MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: Alexandre Derumier via pve-devel Precedence: list Cc: Alexandre Derumier X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: [pve-devel] [PATCH pve-network] controllers: bgp: split v4 && v6 peers in different groups Content-Type: multipart/mixed; boundary="===============7502196254134844126==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============7502196254134844126== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 001CCC4E1F for ; Thu, 19 Dec 2024 17:17:34 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DC31ECA2F for ; Thu, 19 Dec 2024 17:17:34 +0100 (CET) Received: from bastiontest.odiso.net (unknown [IPv6:2a0a:1580:2000:6700::14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 19 Dec 2024 17:17:32 +0100 (CET) Received: from formationkvm1.odiso.net (unknown [10.11.201.57]) by bastiontest.odiso.net (Postfix) with ESMTP id E0F4D85A3FF; Thu, 19 Dec 2024 17:17:25 +0100 (CET) Received: by formationkvm1.odiso.net (Postfix, from userid 0) id 1B89E11A3EF5; Thu, 19 Dec 2024 17:17:25 +0100 (CET) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Subject: [PATCH pve-network] controllers: bgp: split v4 && v6 peers in different groups Date: Thu, 19 Dec 2024 17:17:23 +0100 Message-Id: <20241219161723.951909-1-alexandre.derumier@groupe-cyllene.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.027 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_NONE 0.1 DMARC none policy HEADER_FROM_DIFFERENT_DOMAINS 0.248 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_NONE 0.25 DKIM has Failed or SPF has failed on the message and the domain has no DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record reported by user on the forum: https://forum.proxmox.com/threads/sdn-mismatch-afi-with-bgp-controller-ipv6-session.159250/ This is for dualstack, when evpn is ipv4, and bgp is ipv6+(ipv4) Signed-off-by: Alexandre Derumier --- src/PVE/Network/SDN/Controllers/BgpPlugin.pm | 43 ++++++++----- .../bgp_ipv4_ipv6/expected_controller_config | 63 +++++++++++++++++++ .../bgp_ipv4_ipv6/expected_sdn_interfaces | 41 ++++++++++++ src/test/zones/evpn/bgp_ipv4_ipv6/interfaces | 11 ++++ src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config | 48 ++++++++++++++ 5 files changed, 192 insertions(+), 14 deletions(-) create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/interfaces create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config diff --git a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm index 53963e5..24828db 100644 --- a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm +++ b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm @@ -94,28 +94,43 @@ sub generate_controller_config { push @controller_config, "bgp bestpath as-path multipath-relax" if $multipath_relax; + my $peers_ipversion = { 4 => [], 6 => [] }; + foreach my $address (@peers) { + my $ipversion = Net::IP::ip_is_ipv6($address) ? "6" : "4"; + push (@{$peers_ipversion->{$ipversion}}, $address); + } + #BGP neighbors - if(@peers) { - push @controller_config, "neighbor BGP peer-group"; - push @controller_config, "neighbor BGP remote-as $remoteas"; - push @controller_config, "neighbor BGP bfd"; - push @controller_config, "neighbor BGP ebgp-multihop $ebgp_multihop" if $ebgp && $ebgp_multihop; + for my $version (sort keys %$peers_ipversion) { + next if !@{$peers_ipversion->{$version}}; + $version = "" if $version eq '4'; + push @controller_config, "neighbor BGP${version} peer-group"; + push @controller_config, "neighbor BGP${version} remote-as $remoteas"; + push @controller_config, "neighbor BGP${version} bfd"; + push @controller_config, "neighbor BGP${version} ebgp-multihop $ebgp_multihop" if $ebgp && $ebgp_multihop; } # BGP peers - foreach my $address (@peers) { - push @controller_config, "neighbor $address peer-group BGP"; + for my $version (sort keys %$peers_ipversion) { + for my $address (@{$peers_ipversion->{$version}}) { + $version = "" if $version eq '4'; + push @controller_config, "neighbor $address peer-group BGP${version}"; + } } + push(@{$bgp->{""}}, @controller_config); # address-family unicast - if (@peers) { - my $ipversion = Net::IP::ip_is_ipv6($ifaceip) ? "ipv6" : "ipv4"; - my $mask = Net::IP::ip_is_ipv6($ifaceip) ? "/128" : "32"; - - push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "network $ifaceip/$mask") if $loopback; - push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP activate"); - push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP soft-reconfiguration inbound"); + for my $version (sort keys %$peers_ipversion) { + next if !@{$peers_ipversion->{$version}}; + my $ipversion = "ipv${version}"; + $version = "" if $version eq '4'; + if($loopback) { + my $mask = Net::IP::ip_is_ipv6($ifaceip) ? "/128" : "32"; + push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "network $ifaceip/$mask"); + } + push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP${version} activate"); + push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP${version} soft-reconfiguration inbound"); } if ($loopback) { diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config new file mode 100644 index 0000000..a5671c8 --- /dev/null +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config @@ -0,0 +1,63 @@ +frr version 8.5.2 +frr defaults datacenter +hostname localhost +log syslog informational +service integrated-vtysh-config +! +! +vrf vrf_myzone + vni 1000 +exit-vrf +! +router bgp 65000 + bgp router-id 192.168.0.1 + no bgp hard-administrative-reset + no bgp default ipv4-unicast + coalesce-time 1000 + no bgp graceful-restart notification + neighbor VTEP peer-group + neighbor VTEP remote-as 65000 + neighbor VTEP bfd + neighbor 192.168.0.2 peer-group VTEP + neighbor 192.168.0.3 peer-group VTEP + neighbor BGP peer-group + neighbor BGP remote-as 65000 + neighbor BGP bfd + neighbor BGP6 peer-group + neighbor BGP6 remote-as 65000 + neighbor BGP6 bfd + neighbor 192.168.0.10 peer-group BGP + neighbor 2a08:2142:302:3::2 peer-group BGP6 + ! + address-family ipv4 unicast + neighbor BGP activate + neighbor BGP soft-reconfiguration inbound + exit-address-family + ! + address-family ipv6 unicast + neighbor BGP6 activate + neighbor BGP6 soft-reconfiguration inbound + exit-address-family + ! + address-family l2vpn evpn + neighbor VTEP activate + neighbor VTEP route-map MAP_VTEP_IN in + neighbor VTEP route-map MAP_VTEP_OUT out + advertise-all-vni + exit-address-family +exit +! +router bgp 65000 vrf vrf_myzone + bgp router-id 192.168.0.1 + no bgp hard-administrative-reset + no bgp graceful-restart notification +exit +! +route-map MAP_VTEP_IN permit 1 +exit +! +route-map MAP_VTEP_OUT permit 1 +exit +! +line vty +! \ No newline at end of file diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces new file mode 100644 index 0000000..4cf13e0 --- /dev/null +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces @@ -0,0 +1,41 @@ +#version:1 + +auto myvnet +iface myvnet + address 10.0.0.1/24 + bridge_ports vxlan_myvnet + bridge_stp off + bridge_fd 0 + mtu 1450 + ip-forward on + arp-accept on + vrf vrf_myzone + +auto vrf_myzone +iface vrf_myzone + vrf-table auto + post-up ip route add vrf vrf_myzone unreachable default metric 4278198272 + +auto vrfbr_myzone +iface vrfbr_myzone + bridge-ports vrfvx_myzone + bridge_stp off + bridge_fd 0 + mtu 1450 + vrf vrf_myzone + +auto vrfvx_myzone +iface vrfvx_myzone + vxlan-id 1000 + vxlan-local-tunnelip 192.168.0.1 + bridge-learning off + bridge-arp-nd-suppress on + mtu 1450 + +auto vxlan_myvnet +iface vxlan_myvnet + vxlan-id 100 + vxlan-local-tunnelip 192.168.0.1 + bridge-learning off + bridge-arp-nd-suppress on + mtu 1450 diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/interfaces b/src/test/zones/evpn/bgp_ipv4_ipv6/interfaces new file mode 100644 index 0000000..36e97ce --- /dev/null +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/interfaces @@ -0,0 +1,11 @@ +auto vmbr0 +iface vmbr0 inet static + address 192.168.0.1/24 + gateway 192.168.0.254 + bridge-ports eth0 + bridge-stp off + bridge-fd 0 + +auto vmbr0 +iface vmbr0 inet6 static + address 2a08:2142:302:3::1/64 diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config b/src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config new file mode 100644 index 0000000..e5674bf --- /dev/null +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config @@ -0,0 +1,48 @@ +{ + version => 1, + vnets => { + ids => { + myvnet => { + tag => "100", + type => "vnet", + zone => "myzone", + }, + }, + }, + + zones => { + ids => { + myzone => { + ipam => "pve", + type => "evpn", + controller => "evpnctl", + 'vrf-vxlan' => 1000, + }, + }, + }, + controllers => { + ids => { + evpnctl => { + type => "evpn", + 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', + asn => "65000", + }, + localhost => { + type => "bgp", + 'peers' => '192.168.0.10,2a08:2142:302:3::2', + asn => "65000", + node => "localhost", + }, + }, + }, + + subnets => { + ids => { + 'myzone-10.0.0.0-24' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + 'gateway' => '10.0.0.1', + }, + }, + }, +} -- 2.39.5 --===============7502196254134844126== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============7502196254134844126==--