[pve-network.git] / PVE / Network / SDN / Controllers / EvpnPlugin.pm

package PVE::Network::SDN::Controllers::EvpnPlugin;

use strict;
use warnings;

use PVE::INotify;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Tools qw(run_command file_set_contents file_get_contents);

use PVE::Network::SDN::Controllers::Plugin;
use PVE::Network::SDN::Zones::Plugin;

use base('PVE::Network::SDN::Controllers::Plugin');

sub type {
    return 'evpn';
}

sub properties {
    return {
	asn => {
	    type => 'integer',
	    description => "autonomous system number",
	},
	peers => {
	    description => "peers address list.",
	    type => 'string', format => 'ip-list'
	},
	'gateway-nodes' => get_standard_option('pve-node-list'),
	'gateway-external-peers' => {
	    description => "upstream bgp peers address list.",
	    type => 'string', format => 'ip-list'
	},
    };
}

sub options {
    return {
	'asn' => { optional => 0 },
	'peers' => { optional => 0 },
	'gateway-nodes' => { optional => 1 },
	'gateway-external-peers' => { optional => 1 },
    };
}

# Plugin implementation
sub generate_controller_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    my @peers;
    @peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'};

    my $asn = $plugin_config->{asn};
    my $gatewaynodes = $plugin_config->{'gateway-nodes'};
    my @gatewaypeers;
    @gatewaypeers = PVE::Tools::split_list($plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'};

    return if !$asn;

    my $bgp = $config->{frr}->{router}->{"bgp $asn"} //= {};

    my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers);

    my $is_gateway = undef;
    my $local_node = PVE::INotify::nodename();

    foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) {
	$is_gateway = 1 if $gatewaynode eq $local_node;
    }

    my @controller_config = (
	"bgp router-id $ifaceip",
	"no bgp default ipv4-unicast",
	"coalesce-time 1000",
    );

    foreach my $address (@peers) {
	next if $address eq $ifaceip;
	push @controller_config, "neighbor $address remote-as $asn";
    }

    if ($is_gateway) {
	foreach my $address (@gatewaypeers) {
	    push @controller_config, "neighbor $address remote-as external";
	}
    }
    push(@{$bgp->{""}}, @controller_config);

    @controller_config = ();
    foreach my $address (@peers) {
	next if $address eq $ifaceip;
	push @controller_config, "neighbor $address activate";
    }
    push @controller_config, "advertise-all-vni";
    push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config);

    if ($is_gateway) {
	# import /32 routes of evpn network from vrf1 to default vrf (for packet return)
	@controller_config = map { "neighbor $_ activate" } @gatewaypeers;

	push(@{$bgp->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
	push(@{$bgp->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
    }

    return $config;
}

sub generate_controller_zone_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    my $vrf = "vrf_$id";
    my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
    my $asn = $controller->{asn};
    my $gatewaynodes = $controller->{'gateway-nodes'};

    return if !$vrf || !$vrfvxlan || !$asn;

    # vrf
    my @controller_config = ();
    push @controller_config, "vni $vrfvxlan";
    push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config);

    push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, "!");

    my $local_node = PVE::INotify::nodename();

    my $is_gateway = grep { $_ eq $local_node } PVE::Tools::split_list($gatewaynodes);
    if ($is_gateway) {

	@controller_config = ();
	#import /32 routes of evpn network from vrf1 to default vrf (for packet return)
	push @controller_config, "import vrf $vrf";
	push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
	push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);

	@controller_config = ();
	#redistribute connected to be able to route to local vms on the gateway
	push @controller_config, "redistribute connected";
	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);

	@controller_config = ();
	#add default originate to announce 0.0.0.0/0 type5 route in evpn
	push @controller_config, "default-originate ipv4";
	push @controller_config, "default-originate ipv6";
	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
    }

    return $config;
}

sub on_delete_hook {
    my ($class, $controllerid, $zone_cfg) = @_;

    # verify that zone is associated to this controller
    foreach my $id (keys %{$zone_cfg->{ids}}) {
	my $zone = $zone_cfg->{ids}->{$id};
	die "controller $controllerid is used by $id"
	    if (defined($zone->{controller}) && $zone->{controller} eq $controllerid);
    }
}

sub on_update_hook {
    my ($class, $controllerid, $controller_cfg) = @_;

    # we can only have 1 evpn controller / 1 asn by server

    foreach my $id (keys %{$controller_cfg->{ids}}) {
	next if $id eq $controllerid;
	my $controller = $controller_cfg->{ids}->{$id};
	die "only 1 evpn controller can be defined" if $controller->{type} eq "evpn";
    }
}

sub sort_frr_config {
    my $order = {};
    $order->{''} = 0;
    $order->{'vrf'} = 1;
    $order->{'ipv4 unicast'} = 1;
    $order->{'ipv6 unicast'} = 2;
    $order->{'l2vpn evpn'} = 3;

    my $a_val = 100;
    my $b_val = 100;

    $a_val = $order->{$a} if defined($order->{$a});
    $b_val = $order->{$b} if defined($order->{$b});

    if ($a =~ /bgp (\d+)$/) {
	$a_val = 2;
    }

    if ($b =~ /bgp (\d+)$/) {
	$b_val = 2;
    }

    return $a_val <=> $b_val;
}

sub generate_frr_recurse{
   my ($final_config, $content, $parentkey, $level) = @_;

   my $keylist = {};
   $keylist->{vrf} = 1;
   $keylist->{'address-family'} = 1;
   $keylist->{router} = 1;

   my $exitkeylist = {};
   $exitkeylist->{vrf} = 1;
   $exitkeylist->{'address-family'} = 1;

   # FIXME: make this generic
   my $paddinglevel = undef;
   if ($level == 1 || $level == 2) {
	$paddinglevel = $level - 1;
   } elsif ($level == 3 || $level ==  4) {
	$paddinglevel = $level - 2;
   }

   my $padding = "";
   $padding = ' ' x ($paddinglevel) if $paddinglevel;

   if (ref $content eq  'HASH') {
	foreach my $key (sort sort_frr_config keys %$content) {
	    if ($parentkey && defined($keylist->{$parentkey})) {
		push @{$final_config}, $padding."!";
		push @{$final_config}, $padding."$parentkey $key";
	    } elsif ($key ne '' && !defined($keylist->{$key})) {
		push @{$final_config}, $padding."$key";
	    }

	    my $option = $content->{$key};
	    generate_frr_recurse($final_config, $option, $key, $level+1);

	    push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey});
	}
    }

    if (ref $content eq 'ARRAY') {
	push @{$final_config}, map { $padding . "$_" } @$content;
    }
}

sub write_controller_config {
    my ($class, $plugin_config, $config) = @_;

    my $nodename = PVE::INotify::nodename();

    my $final_config = [];
    push @{$final_config}, "log syslog informational";
    push @{$final_config}, "ip forwarding";
    push @{$final_config}, "ipv6 forwarding";
    push @{$final_config}, "frr defaults traditional";
    push @{$final_config}, "service integrated-vtysh-config";
    push @{$final_config}, "hostname $nodename";
    push @{$final_config}, "!";

    if (-e "/etc/frr/frr.conf.local") {
	generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1);
	push @{$final_config}, "!";

	my $local_conf = file_get_contents("/etc/frr/frr.conf.local");
	chomp ($local_conf);
	push @{$final_config}, $local_conf;
    } else {
	generate_frr_recurse($final_config, $config->{frr}, undef, 0);
    }

    push @{$final_config}, "!";
    push @{$final_config}, "line vty";
    push @{$final_config}, "!";

    my $rawconfig = join("\n", @{$final_config});

    return if !$rawconfig;
    return if !-d "/etc/frr";

    file_set_contents("/etc/frr/frr.conf", $rawconfig);
}

sub reload_controller {
    my ($class) = @_;

    my $conf_file = "/etc/frr/frr.conf";
    my $bin_path = "/usr/lib/frr/frr-reload.py";

    if (!-e $bin_path) {
	warn "missing $bin_path. Please install frr-pythontools package";
	return;
    }

    my $err = sub {
	my $line = shift;
	if ($line =~ /ERROR:/) {
	    warn "$line \n";
	}
    };

    if (-e $conf_file && -e $bin_path) {
	run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err);
    }
}

1;
Commit	Line	Data
fa253735	1	package PVE::Network::SDN::Controllers::EvpnPlugin;
32602a38 AD	2
	3	use strict;
	4	use warnings;
cdf2c819	5
074d270b AD	6	use PVE::INotify;
074d270b AD	7	use PVE::JSONSchema qw(get_standard_option);
cdf2c819 TL	8	use PVE::Tools qw(run_command file_set_contents file_get_contents);
	9
	10	use PVE::Network::SDN::Controllers::Plugin;
1f543c5f	11	use PVE::Network::SDN::Zones::Plugin;
cdf2c819	12
f5eabba0	13	use base('PVE::Network::SDN::Controllers::Plugin');
32602a38 AD	14
32602a38 AD	15	sub type {
fa253735	16	return 'evpn';
8fb1ee7f AD	17	}
8fb1ee7f AD	18
32602a38 AD	19	sub properties {
32602a38 AD	20	return {
92526f0e TL	21	asn => {
	22	type => 'integer',
	23	description => "autonomous system number",
	24	},
	25	peers => {
	26	description => "peers address list.",
	27	type => 'string', format => 'ip-list'
	28	},
074d270b	29	'gateway-nodes' => get_standard_option('pve-node-list'),
92526f0e TL	30	'gateway-external-peers' => {
	31	description => "upstream bgp peers address list.",
	32	type => 'string', format => 'ip-list'
	33	},
32602a38 AD	34	};
	35	}
	36
	37	sub options {
32602a38	38	return {
92526f0e TL	39	'asn' => { optional => 0 },
92526f0e TL	40	'peers' => { optional => 0 },
074d270b AD	41	'gateway-nodes' => { optional => 1 },
074d270b AD	42	'gateway-external-peers' => { optional => 1 },
32602a38 AD	43	};
	44	}
	45
	46	# Plugin implementation
8fb1ee7f	47	sub generate_controller_config {
56cdcac9	48	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
32602a38	49
3caa7687 FG	50	my @peers;
3caa7687 FG	51	@peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'};
32602a38	52
074d270b	53	my $asn = $plugin_config->{asn};
074d270b	54	my $gatewaynodes = $plugin_config->{'gateway-nodes'};
3caa7687 FG	55	my @gatewaypeers;
3caa7687 FG	56	@gatewaypeers = PVE::Tools::split_list($plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'};
074d270b AD	57
074d270b AD	58	return if !$asn;
32602a38	59
92526f0e TL	60	my $bgp = $config->{frr}->{router}->{"bgp $asn"} //= {};
92526f0e TL	61
1f543c5f	62	my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers);
32602a38	63
074d270b AD	64	my $is_gateway = undef;
	65	my $local_node = PVE::INotify::nodename();
	66
	67	foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) {
92526f0e	68	$is_gateway = 1 if $gatewaynode eq $local_node;
074d270b	69	}
17854295	70
92526f0e TL	71	my @controller_config = (
	72	"bgp router-id $ifaceip",
	73	"no bgp default ipv4-unicast",
	74	"coalesce-time 1000",
	75	);
32602a38 AD	76
	77	foreach my $address (@peers) {
	78	next if $address eq $ifaceip;
56cdcac9	79	push @controller_config, "neighbor $address remote-as $asn";
7d35eaf5	80	}
074d270b AD	81
	82	if ($is_gateway) {
	83	foreach my $address (@gatewaypeers) {
56cdcac9	84	push @controller_config, "neighbor $address remote-as external";
074d270b AD	85	}
074d270b AD	86	}
92526f0e	87	push(@{$bgp->{""}}, @controller_config);
074d270b	88
56cdcac9	89	@controller_config = ();
32602a38 AD	90	foreach my $address (@peers) {
32602a38 AD	91	next if $address eq $ifaceip;
56cdcac9	92	push @controller_config, "neighbor $address activate";
32602a38	93	}
56cdcac9	94	push @controller_config, "advertise-all-vni";
92526f0e	95	push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
32602a38	96
074d270b	97	if ($is_gateway) {
92526f0e TL	98	# import /32 routes of evpn network from vrf1 to default vrf (for packet return)
92526f0e TL	99	@controller_config = map { "neighbor $_ activate" } @gatewaypeers;
074d270b	100
92526f0e TL	101	push(@{$bgp->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
92526f0e TL	102	push(@{$bgp->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
074d270b AD	103	}
074d270b AD	104
32602a38 AD	105	return $config;
	106	}
	107
56cdcac9 AD	108	sub generate_controller_zone_config {
56cdcac9 AD	109	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
0589eb09	110
1de0abc0	111	my $vrf = "vrf_$id";
0589eb09	112	my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
56cdcac9 AD	113	my $asn = $controller->{asn};
56cdcac9 AD	114	my $gatewaynodes = $controller->{'gateway-nodes'};
0589eb09 AD	115
	116	return if !$vrf \|\| !$vrfvxlan \|\| !$asn;
	117
92526f0e	118	# vrf
56cdcac9 AD	119	my @controller_config = ();
	120	push @controller_config, "vni $vrfvxlan";
	121	push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config);
0589eb09	122
659c27c2 AD	123	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, "!");
659c27c2 AD	124
0589eb09 AD	125	my $local_node = PVE::INotify::nodename();
0589eb09 AD	126
92526f0e	127	my $is_gateway = grep { $_ eq $local_node } PVE::Tools::split_list($gatewaynodes);
0589eb09 AD	128	if ($is_gateway) {
0589eb09 AD	129
56cdcac9	130	@controller_config = ();
0589eb09	131	#import /32 routes of evpn network from vrf1 to default vrf (for packet return)
56cdcac9 AD	132	push @controller_config, "import vrf $vrf";
	133	push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
	134	push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
0589eb09	135
56cdcac9	136	@controller_config = ();
0589eb09	137	#redistribute connected to be able to route to local vms on the gateway
56cdcac9 AD	138	push @controller_config, "redistribute connected";
	139	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
	140	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
0589eb09	141
56cdcac9	142	@controller_config = ();
0589eb09	143	#add default originate to announce 0.0.0.0/0 type5 route in evpn
56cdcac9 AD	144	push @controller_config, "default-originate ipv4";
	145	push @controller_config, "default-originate ipv6";
	146	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
0589eb09 AD	147	}
	148
	149	return $config;
	150	}
	151
32602a38	152	sub on_delete_hook {
56cdcac9	153	my ($class, $controllerid, $zone_cfg) = @_;
32602a38	154
56cdcac9 AD	155	# verify that zone is associated to this controller
56cdcac9 AD	156	foreach my $id (keys %{$zone_cfg->{ids}}) {
92526f0e TL	157	my $zone = $zone_cfg->{ids}->{$id};
	158	die "controller $controllerid is used by $id"
	159	if (defined($zone->{controller}) && $zone->{controller} eq $controllerid);
5bda8607	160	}
32602a38 AD	161	}
	162
	163	sub on_update_hook {
56cdcac9	164	my ($class, $controllerid, $controller_cfg) = @_;
5bda8607	165
c7bb4ac5 AD	166	# we can only have 1 evpn controller / 1 asn by server
c7bb4ac5 AD	167
56cdcac9 AD	168	foreach my $id (keys %{$controller_cfg->{ids}}) {
56cdcac9 AD	169	next if $id eq $controllerid;
92526f0e TL	170	my $controller = $controller_cfg->{ids}->{$id};
92526f0e TL	171	die "only 1 evpn controller can be defined" if $controller->{type} eq "evpn";
5bda8607	172	}
32602a38 AD	173	}
32602a38 AD	174
8fb1ee7f AD	175	sub sort_frr_config {
	176	my $order = {};
	177	$order->{''} = 0;
	178	$order->{'vrf'} = 1;
	179	$order->{'ipv4 unicast'} = 1;
	180	$order->{'ipv6 unicast'} = 2;
	181	$order->{'l2vpn evpn'} = 3;
	182
	183	my $a_val = 100;
	184	my $b_val = 100;
	185
	186	$a_val = $order->{$a} if defined($order->{$a});
	187	$b_val = $order->{$b} if defined($order->{$b});
	188
92526f0e	189	if ($a =~ /bgp (\d+)$/) {
8fb1ee7f AD	190	$a_val = 2;
	191	}
	192
92526f0e	193	if ($b =~ /bgp (\d+)$/) {
8fb1ee7f AD	194	$b_val = 2;
	195	}
	196
	197	return $a_val <=> $b_val;
	198	}
	199
	200	sub generate_frr_recurse{
	201	my ($final_config, $content, $parentkey, $level) = @_;
	202
	203	my $keylist = {};
	204	$keylist->{vrf} = 1;
	205	$keylist->{'address-family'} = 1;
	206	$keylist->{router} = 1;
	207
	208	my $exitkeylist = {};
	209	$exitkeylist->{vrf} = 1;
	210	$exitkeylist->{'address-family'} = 1;
	211
92526f0e	212	# FIXME: make this generic
8fb1ee7f	213	my $paddinglevel = undef;
92526f0e TL	214	if ($level == 1 \|\| $level == 2) {
92526f0e TL	215	$paddinglevel = $level - 1;
8fb1ee7f	216	} elsif ($level == 3 \|\| $level == 4) {
92526f0e	217	$paddinglevel = $level - 2;
8fb1ee7f AD	218	}
	219
	220	my $padding = "";
	221	$padding = ' ' x ($paddinglevel) if $paddinglevel;
	222
92526f0e	223	if (ref $content eq 'HASH') {
8fb1ee7f AD	224	foreach my $key (sort sort_frr_config keys %$content) {
8fb1ee7f AD	225	if ($parentkey && defined($keylist->{$parentkey})) {
92526f0e TL	226	push @{$final_config}, $padding."!";
	227	push @{$final_config}, $padding."$parentkey $key";
	228	} elsif ($key ne '' && !defined($keylist->{$key})) {
	229	push @{$final_config}, $padding."$key";
8fb1ee7f AD	230	}
	231
	232	my $option = $content->{$key};
	233	generate_frr_recurse($final_config, $option, $key, $level+1);
	234
	235	push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey});
	236	}
	237	}
32602a38	238
8fb1ee7f	239	if (ref $content eq 'ARRAY') {
92526f0e	240	push @{$final_config}, map { $padding . "$_" } @$content;
8fb1ee7f AD	241	}
	242	}
	243
	244	sub write_controller_config {
	245	my ($class, $plugin_config, $config) = @_;
	246
659c27c2 AD	247	my $nodename = PVE::INotify::nodename();
659c27c2 AD	248
8fb1ee7f AD	249	my $final_config = [];
8fb1ee7f AD	250	push @{$final_config}, "log syslog informational";
659c27c2 AD	251	push @{$final_config}, "ip forwarding";
	252	push @{$final_config}, "ipv6 forwarding";
	253	push @{$final_config}, "frr defaults traditional";
	254	push @{$final_config}, "service integrated-vtysh-config";
	255	push @{$final_config}, "hostname $nodename";
8fb1ee7f AD	256	push @{$final_config}, "!";
8fb1ee7f AD	257
0d1ab7dc	258	if (-e "/etc/frr/frr.conf.local") {
0d1ab7dc AD	259	generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1);
	260	push @{$final_config}, "!";
	261
cdf2c819 TL	262	my $local_conf = file_get_contents("/etc/frr/frr.conf.local");
	263	chomp ($local_conf);
	264	push @{$final_config}, $local_conf;
0d1ab7dc AD	265	} else {
	266	generate_frr_recurse($final_config, $config->{frr}, undef, 0);
	267	}
8fb1ee7f AD	268
	269	push @{$final_config}, "!";
	270	push @{$final_config}, "line vty";
	271	push @{$final_config}, "!";
	272
	273	my $rawconfig = join("\n", @{$final_config});
	274
8fb1ee7f AD	275	return if !$rawconfig;
	276	return if !-d "/etc/frr";
	277
cdf2c819	278	file_set_contents("/etc/frr/frr.conf", $rawconfig);
8fb1ee7f AD	279	}
8fb1ee7f AD	280
fa609bdd AD	281	sub reload_controller {
	282	my ($class) = @_;
	283
	284	my $conf_file = "/etc/frr/frr.conf";
659c27c2 AD	285	my $bin_path = "/usr/lib/frr/frr-reload.py";
	286
	287	if (!-e $bin_path) {
	288	warn "missing $bin_path. Please install frr-pythontools package";
	289	return;
	290	}
fa609bdd AD	291
	292	my $err = sub {
	293	my $line = shift;
659c27c2 AD	294	if ($line =~ /ERROR:/) {
659c27c2 AD	295	warn "$line \n";
fa609bdd AD	296	}
	297	};
	298
	299	if (-e $conf_file && -e $bin_path) {
cdf2c819	300	run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err);
fa609bdd AD	301	}
	302	}
	303
8fb1ee7f	304	1;
32602a38	305
0589eb09	306