]>
Commit | Line | Data |
---|---|---|
fa253735 | 1 | package PVE::Network::SDN::Controllers::EvpnPlugin; |
32602a38 AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
cdf2c819 | 5 | |
074d270b AD |
6 | use PVE::INotify; |
7 | use PVE::JSONSchema qw(get_standard_option); | |
cdf2c819 TL |
8 | use PVE::Tools qw(run_command file_set_contents file_get_contents); |
9 | ||
10 | use PVE::Network::SDN::Controllers::Plugin; | |
1f543c5f | 11 | use PVE::Network::SDN::Zones::Plugin; |
cdf2c819 | 12 | |
f5eabba0 | 13 | use base('PVE::Network::SDN::Controllers::Plugin'); |
32602a38 AD |
14 | |
15 | sub type { | |
fa253735 | 16 | return 'evpn'; |
8fb1ee7f AD |
17 | } |
18 | ||
32602a38 AD |
19 | sub properties { |
20 | return { | |
92526f0e TL |
21 | asn => { |
22 | type => 'integer', | |
23 | description => "autonomous system number", | |
24 | }, | |
25 | peers => { | |
26 | description => "peers address list.", | |
27 | type => 'string', format => 'ip-list' | |
28 | }, | |
074d270b | 29 | 'gateway-nodes' => get_standard_option('pve-node-list'), |
92526f0e TL |
30 | 'gateway-external-peers' => { |
31 | description => "upstream bgp peers address list.", | |
32 | type => 'string', format => 'ip-list' | |
33 | }, | |
32602a38 AD |
34 | }; |
35 | } | |
36 | ||
37 | sub options { | |
32602a38 | 38 | return { |
92526f0e TL |
39 | 'asn' => { optional => 0 }, |
40 | 'peers' => { optional => 0 }, | |
074d270b AD |
41 | 'gateway-nodes' => { optional => 1 }, |
42 | 'gateway-external-peers' => { optional => 1 }, | |
32602a38 AD |
43 | }; |
44 | } | |
45 | ||
46 | # Plugin implementation | |
8fb1ee7f | 47 | sub generate_controller_config { |
56cdcac9 | 48 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; |
32602a38 | 49 | |
3caa7687 FG |
50 | my @peers; |
51 | @peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'}; | |
32602a38 | 52 | |
074d270b | 53 | my $asn = $plugin_config->{asn}; |
074d270b | 54 | my $gatewaynodes = $plugin_config->{'gateway-nodes'}; |
3caa7687 FG |
55 | my @gatewaypeers; |
56 | @gatewaypeers = PVE::Tools::split_list($plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; | |
074d270b AD |
57 | |
58 | return if !$asn; | |
32602a38 | 59 | |
92526f0e TL |
60 | my $bgp = $config->{frr}->{router}->{"bgp $asn"} //= {}; |
61 | ||
1f543c5f | 62 | my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); |
32602a38 | 63 | |
074d270b AD |
64 | my $is_gateway = undef; |
65 | my $local_node = PVE::INotify::nodename(); | |
66 | ||
67 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
92526f0e | 68 | $is_gateway = 1 if $gatewaynode eq $local_node; |
074d270b | 69 | } |
17854295 | 70 | |
92526f0e TL |
71 | my @controller_config = ( |
72 | "bgp router-id $ifaceip", | |
73 | "no bgp default ipv4-unicast", | |
74 | "coalesce-time 1000", | |
75 | ); | |
32602a38 AD |
76 | |
77 | foreach my $address (@peers) { | |
78 | next if $address eq $ifaceip; | |
56cdcac9 | 79 | push @controller_config, "neighbor $address remote-as $asn"; |
7d35eaf5 | 80 | } |
074d270b AD |
81 | |
82 | if ($is_gateway) { | |
83 | foreach my $address (@gatewaypeers) { | |
56cdcac9 | 84 | push @controller_config, "neighbor $address remote-as external"; |
074d270b AD |
85 | } |
86 | } | |
92526f0e | 87 | push(@{$bgp->{""}}, @controller_config); |
074d270b | 88 | |
56cdcac9 | 89 | @controller_config = (); |
32602a38 AD |
90 | foreach my $address (@peers) { |
91 | next if $address eq $ifaceip; | |
56cdcac9 | 92 | push @controller_config, "neighbor $address activate"; |
32602a38 | 93 | } |
56cdcac9 | 94 | push @controller_config, "advertise-all-vni"; |
92526f0e | 95 | push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config); |
32602a38 | 96 | |
074d270b | 97 | if ($is_gateway) { |
92526f0e TL |
98 | # import /32 routes of evpn network from vrf1 to default vrf (for packet return) |
99 | @controller_config = map { "neighbor $_ activate" } @gatewaypeers; | |
074d270b | 100 | |
92526f0e TL |
101 | push(@{$bgp->{"address-family"}->{"ipv4 unicast"}}, @controller_config); |
102 | push(@{$bgp->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
074d270b AD |
103 | } |
104 | ||
32602a38 AD |
105 | return $config; |
106 | } | |
107 | ||
56cdcac9 AD |
108 | sub generate_controller_zone_config { |
109 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; | |
0589eb09 | 110 | |
1de0abc0 | 111 | my $vrf = "vrf_$id"; |
0589eb09 | 112 | my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; |
56cdcac9 AD |
113 | my $asn = $controller->{asn}; |
114 | my $gatewaynodes = $controller->{'gateway-nodes'}; | |
0589eb09 AD |
115 | |
116 | return if !$vrf || !$vrfvxlan || !$asn; | |
117 | ||
92526f0e | 118 | # vrf |
56cdcac9 AD |
119 | my @controller_config = (); |
120 | push @controller_config, "vni $vrfvxlan"; | |
121 | push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config); | |
0589eb09 | 122 | |
659c27c2 AD |
123 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, "!"); |
124 | ||
0589eb09 AD |
125 | my $local_node = PVE::INotify::nodename(); |
126 | ||
92526f0e | 127 | my $is_gateway = grep { $_ eq $local_node } PVE::Tools::split_list($gatewaynodes); |
0589eb09 AD |
128 | if ($is_gateway) { |
129 | ||
56cdcac9 | 130 | @controller_config = (); |
0589eb09 | 131 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) |
56cdcac9 AD |
132 | push @controller_config, "import vrf $vrf"; |
133 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
134 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
0589eb09 | 135 | |
56cdcac9 | 136 | @controller_config = (); |
0589eb09 | 137 | #redistribute connected to be able to route to local vms on the gateway |
56cdcac9 AD |
138 | push @controller_config, "redistribute connected"; |
139 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
140 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
0589eb09 | 141 | |
56cdcac9 | 142 | @controller_config = (); |
0589eb09 | 143 | #add default originate to announce 0.0.0.0/0 type5 route in evpn |
56cdcac9 AD |
144 | push @controller_config, "default-originate ipv4"; |
145 | push @controller_config, "default-originate ipv6"; | |
146 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
0589eb09 AD |
147 | } |
148 | ||
149 | return $config; | |
150 | } | |
151 | ||
32602a38 | 152 | sub on_delete_hook { |
56cdcac9 | 153 | my ($class, $controllerid, $zone_cfg) = @_; |
32602a38 | 154 | |
56cdcac9 AD |
155 | # verify that zone is associated to this controller |
156 | foreach my $id (keys %{$zone_cfg->{ids}}) { | |
92526f0e TL |
157 | my $zone = $zone_cfg->{ids}->{$id}; |
158 | die "controller $controllerid is used by $id" | |
159 | if (defined($zone->{controller}) && $zone->{controller} eq $controllerid); | |
5bda8607 | 160 | } |
32602a38 AD |
161 | } |
162 | ||
163 | sub on_update_hook { | |
56cdcac9 | 164 | my ($class, $controllerid, $controller_cfg) = @_; |
5bda8607 | 165 | |
c7bb4ac5 AD |
166 | # we can only have 1 evpn controller / 1 asn by server |
167 | ||
56cdcac9 AD |
168 | foreach my $id (keys %{$controller_cfg->{ids}}) { |
169 | next if $id eq $controllerid; | |
92526f0e TL |
170 | my $controller = $controller_cfg->{ids}->{$id}; |
171 | die "only 1 evpn controller can be defined" if $controller->{type} eq "evpn"; | |
5bda8607 | 172 | } |
32602a38 AD |
173 | } |
174 | ||
8fb1ee7f AD |
175 | sub sort_frr_config { |
176 | my $order = {}; | |
177 | $order->{''} = 0; | |
178 | $order->{'vrf'} = 1; | |
179 | $order->{'ipv4 unicast'} = 1; | |
180 | $order->{'ipv6 unicast'} = 2; | |
181 | $order->{'l2vpn evpn'} = 3; | |
182 | ||
183 | my $a_val = 100; | |
184 | my $b_val = 100; | |
185 | ||
186 | $a_val = $order->{$a} if defined($order->{$a}); | |
187 | $b_val = $order->{$b} if defined($order->{$b}); | |
188 | ||
92526f0e | 189 | if ($a =~ /bgp (\d+)$/) { |
8fb1ee7f AD |
190 | $a_val = 2; |
191 | } | |
192 | ||
92526f0e | 193 | if ($b =~ /bgp (\d+)$/) { |
8fb1ee7f AD |
194 | $b_val = 2; |
195 | } | |
196 | ||
197 | return $a_val <=> $b_val; | |
198 | } | |
199 | ||
200 | sub generate_frr_recurse{ | |
201 | my ($final_config, $content, $parentkey, $level) = @_; | |
202 | ||
203 | my $keylist = {}; | |
204 | $keylist->{vrf} = 1; | |
205 | $keylist->{'address-family'} = 1; | |
206 | $keylist->{router} = 1; | |
207 | ||
208 | my $exitkeylist = {}; | |
209 | $exitkeylist->{vrf} = 1; | |
210 | $exitkeylist->{'address-family'} = 1; | |
211 | ||
92526f0e | 212 | # FIXME: make this generic |
8fb1ee7f | 213 | my $paddinglevel = undef; |
92526f0e TL |
214 | if ($level == 1 || $level == 2) { |
215 | $paddinglevel = $level - 1; | |
8fb1ee7f | 216 | } elsif ($level == 3 || $level == 4) { |
92526f0e | 217 | $paddinglevel = $level - 2; |
8fb1ee7f AD |
218 | } |
219 | ||
220 | my $padding = ""; | |
221 | $padding = ' ' x ($paddinglevel) if $paddinglevel; | |
222 | ||
92526f0e | 223 | if (ref $content eq 'HASH') { |
8fb1ee7f AD |
224 | foreach my $key (sort sort_frr_config keys %$content) { |
225 | if ($parentkey && defined($keylist->{$parentkey})) { | |
92526f0e TL |
226 | push @{$final_config}, $padding."!"; |
227 | push @{$final_config}, $padding."$parentkey $key"; | |
228 | } elsif ($key ne '' && !defined($keylist->{$key})) { | |
229 | push @{$final_config}, $padding."$key"; | |
8fb1ee7f AD |
230 | } |
231 | ||
232 | my $option = $content->{$key}; | |
233 | generate_frr_recurse($final_config, $option, $key, $level+1); | |
234 | ||
235 | push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey}); | |
236 | } | |
237 | } | |
32602a38 | 238 | |
8fb1ee7f | 239 | if (ref $content eq 'ARRAY') { |
92526f0e | 240 | push @{$final_config}, map { $padding . "$_" } @$content; |
8fb1ee7f AD |
241 | } |
242 | } | |
243 | ||
244 | sub write_controller_config { | |
245 | my ($class, $plugin_config, $config) = @_; | |
246 | ||
659c27c2 AD |
247 | my $nodename = PVE::INotify::nodename(); |
248 | ||
8fb1ee7f AD |
249 | my $final_config = []; |
250 | push @{$final_config}, "log syslog informational"; | |
659c27c2 AD |
251 | push @{$final_config}, "ip forwarding"; |
252 | push @{$final_config}, "ipv6 forwarding"; | |
253 | push @{$final_config}, "frr defaults traditional"; | |
254 | push @{$final_config}, "service integrated-vtysh-config"; | |
255 | push @{$final_config}, "hostname $nodename"; | |
8fb1ee7f AD |
256 | push @{$final_config}, "!"; |
257 | ||
0d1ab7dc | 258 | if (-e "/etc/frr/frr.conf.local") { |
0d1ab7dc AD |
259 | generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1); |
260 | push @{$final_config}, "!"; | |
261 | ||
cdf2c819 TL |
262 | my $local_conf = file_get_contents("/etc/frr/frr.conf.local"); |
263 | chomp ($local_conf); | |
264 | push @{$final_config}, $local_conf; | |
0d1ab7dc AD |
265 | } else { |
266 | generate_frr_recurse($final_config, $config->{frr}, undef, 0); | |
267 | } | |
8fb1ee7f AD |
268 | |
269 | push @{$final_config}, "!"; | |
270 | push @{$final_config}, "line vty"; | |
271 | push @{$final_config}, "!"; | |
272 | ||
273 | my $rawconfig = join("\n", @{$final_config}); | |
274 | ||
8fb1ee7f AD |
275 | return if !$rawconfig; |
276 | return if !-d "/etc/frr"; | |
277 | ||
cdf2c819 | 278 | file_set_contents("/etc/frr/frr.conf", $rawconfig); |
8fb1ee7f AD |
279 | } |
280 | ||
fa609bdd AD |
281 | sub reload_controller { |
282 | my ($class) = @_; | |
283 | ||
284 | my $conf_file = "/etc/frr/frr.conf"; | |
659c27c2 AD |
285 | my $bin_path = "/usr/lib/frr/frr-reload.py"; |
286 | ||
287 | if (!-e $bin_path) { | |
288 | warn "missing $bin_path. Please install frr-pythontools package"; | |
289 | return; | |
290 | } | |
fa609bdd AD |
291 | |
292 | my $err = sub { | |
293 | my $line = shift; | |
659c27c2 AD |
294 | if ($line =~ /ERROR:/) { |
295 | warn "$line \n"; | |
fa609bdd AD |
296 | } |
297 | }; | |
298 | ||
299 | if (-e $conf_file && -e $bin_path) { | |
cdf2c819 | 300 | run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err); |
fa609bdd AD |
301 | } |
302 | } | |
303 | ||
8fb1ee7f | 304 | 1; |
32602a38 | 305 | |
0589eb09 | 306 |