[pve-network.git] / PVE / Network / SDN / VxlanPlugin.pm

package PVE::Network::SDN::VxlanPlugin;

use strict;
use warnings;
use PVE::Network::SDN::Plugin;
use PVE::Tools;
use PVE::INotify;

use base('PVE::Network::SDN::Plugin');

PVE::JSONSchema::register_format('pve-sdn-vxlanrange', \&pve_verify_sdn_vxlanrange);
sub pve_verify_sdn_vxlanrange {
   my ($vxlanstr) = @_;

   PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanstr, '16777216');

   return $vxlanstr;
}

sub type {
    return 'vxlan';
}

sub properties {
    return {
        'vxlan-allowed' => {
            type => 'string', format => 'pve-sdn-vxlanrange',
            description => "Allowed vlan range",
        },
        'multicast-address' => {
            description => "Multicast address.",
            type => 'string',  #fixme: format
        },
	'unicast-address' => {
	    description => "Unicast peers address ip list.",
	    type => 'string',  #fixme: format
	},
	'vrf' => {
	    description => "vrf name.",
	    type => 'string',  #fixme: format
	},
	'vrf-vxlan' => {
	    type => 'integer',
	    description => "l3vni.",
	},
	'router' => {
	    type => 'string',
	    description => "Frr router name",
	},
    };
}

sub options {

    return {
	'uplink-id' => { optional => 0 },
        'multicast-address' => { optional => 1 },
        'unicast-address' => { optional => 1 },
        'vxlan-allowed' => { optional => 1 },
        'vrf' => { optional => 1 },
        'vrf-vxlan' => { optional => 1 },
        'router' => { optional => 1 },
    };
}

# Plugin implementation
sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $uplinks, $config) = @_;

    my $tag = $vnet->{tag};
    my $alias = $vnet->{alias};
    my $ipv4 = $vnet->{ipv4};
    my $ipv6 = $vnet->{ipv6};
    my $mac = $vnet->{mac};
    my $multicastaddress = $plugin_config->{'multicast-address'};
    my @unicastaddress = split(',', $plugin_config->{'unicast-address'}) if $plugin_config->{'unicast-address'};

    my $uplink = $plugin_config->{'uplink-id'};
    my $vxlanallowed = $plugin_config->{'vxlan-allowed'};
    my $vrf = $plugin_config->{'vrf'};
    my $vrfvxlan = $plugin_config->{'vrf-vxlan'};

    die "missing vxlan tag" if !$tag;
    my $iface = "uplink$uplink";
    my $ifaceip = "";

    if($uplinks->{$uplink}->{name}) {
	$iface = $uplinks->{$uplink}->{name};
	$ifaceip = PVE::Network::SDN::Plugin::get_first_local_ipv4_from_interface($iface);
    }

    my $mtu = 1450;
    $mtu = $uplinks->{$uplink}->{mtu} - 50 if $uplinks->{$uplink}->{mtu};
    $mtu = $vnet->{mtu} if $vnet->{mtu};

    #vxlan interface
    my @iface_config = ();
    push @iface_config, "vxlan-id $tag";

    if($multicastaddress) {
	push @iface_config, "vxlan-svcnodeip $multicastaddress";
	push @iface_config, "vxlan-physdev $iface";
    } elsif (@unicastaddress) {

	foreach my $address (@unicastaddress) {
	    next if $address eq $ifaceip;
	    push @iface_config, "vxlan_remoteip $address";
	}
    } else {
	push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip;
	push @iface_config, "bridge-learning off";
	push @iface_config, "bridge-arp-nd-suppress on";
    }

    push @iface_config, "mtu $mtu" if $mtu;
    push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"};

    #vnet bridge
    @iface_config = ();
    push @iface_config, "address $ipv4" if $ipv4;
    push @iface_config, "address $ipv6" if $ipv6;
    push @iface_config, "hwaddress $mac" if $mac;
    push @iface_config, "bridge_ports vxlan$vnetid";
    push @iface_config, "bridge_stp off";
    push @iface_config, "bridge_fd 0";
    push @iface_config, "mtu $mtu" if $mtu;
    push @iface_config, "alias $alias" if $alias;
    push @iface_config, "ip-forward on" if $ipv4;
    push @iface_config, "ip6-forward on" if $ipv6;
    push @iface_config, "arp-accept on" if $ipv4||$ipv6;
    push @iface_config, "vrf $vrf" if $vrf;
    push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};

    if ($vrf) {
	#vrf intreface
	@iface_config = ();
	push @iface_config, "vrf-table auto";
	push(@{$config->{$vrf}}, @iface_config) if !$config->{$vrf};

	if ($vrfvxlan) {
	    #l3vni vxlan interface
	    my $iface_vxlan = "vxlan$vrf";
	    @iface_config = ();
	    push @iface_config, "vxlan-id $vrfvxlan";
	    push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip;
	    push @iface_config, "bridge-learning off";
	    push @iface_config, "bridge-arp-nd-suppress on";
	    push @iface_config, "mtu $mtu" if $mtu;
	    push(@{$config->{$iface_vxlan}}, @iface_config) if !$config->{$iface_vxlan};

	    #l3vni bridge
	    my $brvrf = "br$vrf";
	    @iface_config = ();
	    push @iface_config, "bridge-ports $iface_vxlan";
	    push @iface_config, "bridge_stp off";
	    push @iface_config, "bridge_fd 0";
	    push @iface_config, "mtu $mtu" if $mtu;
	    push @iface_config, "vrf $vrf";
	    push(@{$config->{$brvrf}}, @iface_config) if !$config->{$brvrf};
	}
    }

    return $config;
}

sub generate_frr_config {
    my ($class, $plugin_config, $router, $id, $uplinks, $config) = @_;

    my $vrf = $plugin_config->{'vrf'};
    my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
    my $asn = $router->{asn};
    my $gatewaynodes = $router->{'gateway-nodes'};

    return if !$vrf || !$vrfvxlan || !$asn;

    #vrf
    my @router_config = ();
    push @router_config, "vni $vrfvxlan";
    push(@{$config->{vrf}->{"$vrf"}}, @router_config);

    @router_config = ();

    my $is_gateway = undef;
    my $local_node = PVE::INotify::nodename();

    foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) {
	$is_gateway = 1 if $gatewaynode eq $local_node;
    }

    if ($is_gateway) {

	@router_config = ();
	#import /32 routes of evpn network from vrf1 to default vrf (for packet return)
	#frr 7.1 tag is bugged -> works fine with 7.1 stable branch(20190829-02-g6ba76bbc1)
	#https://github.com/FRRouting/frr/issues/4905
	push @router_config, "import vrf $vrf";
	push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
	push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @router_config);

	@router_config = ();
	#redistribute connected to be able to route to local vms on the gateway
	push @router_config, "redistribute connected";
	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @router_config);

	@router_config = ();
	#add default originate to announce 0.0.0.0/0 type5 route in evpn
	push @router_config, "default-originate ipv4";
	push @router_config, "default-originate ipv6";
	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @router_config);
    }

    return $config;
}

sub on_delete_hook {
    my ($class, $transportid, $sdn_cfg) = @_;

    # verify that no vnet are associated to this transport
    foreach my $id (keys %{$sdn_cfg->{ids}}) {
	my $sdn = $sdn_cfg->{ids}->{$id};
	die "transport $transportid is used by vnet $id"
	    if ($sdn->{type} eq 'vnet' && defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid);
    }
}

sub on_update_hook {
    my ($class, $transportid, $sdn_cfg) = @_;

    my $transport = $sdn_cfg->{ids}->{$transportid};

    # verify that vxlan-allowed don't conflict with another vxlan-allowed transport

    # verify that vxlan-allowed is matching currently vnet tag in this transport
    my $vxlanallowed = $transport->{'vxlan-allowed'};
    if ($vxlanallowed) {
	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	    my $sdn = $sdn_cfg->{ids}->{$id};
	    if ($sdn->{type} eq 'vnet' && defined($sdn->{tag})) {
		if(defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid) {
		    my $tag = $sdn->{tag};
		    eval {
			PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanallowed, '16777216', $tag);
		    };
		    if($@) {
			die "vnet $id - vlan $tag is not allowed in transport $transportid";
		    }
		}
	    }
	}
    }

    # verify that router exist
    if (defined($sdn_cfg->{ids}->{$transportid}->{router})) {
	my $router = $sdn_cfg->{ids}->{$transportid}->{router};
	if (!defined($sdn_cfg->{ids}->{$router})) {
	    die "router $router don't exist";
	} else {
	    die "$router is not a router type" if $sdn_cfg->{ids}->{$router}->{type} ne 'frr';
	}

	#vrf && vrf-vxlan need to be defined with router
	my $vrf = $sdn_cfg->{ids}->{$transportid}->{vrf};
	if (!defined($vrf)) {
	    die "missing vrf option";
	} else {
	    # verify that vrf is not already declared in another transport
	    foreach my $id (keys %{$sdn_cfg->{ids}}) {
		next if $id eq $transportid;
		die "vrf $vrf is already declared in $id"
			if (defined($sdn_cfg->{ids}->{$id}->{vrf}) && $sdn_cfg->{ids}->{$id}->{vrf} eq $vrf);
	    }
	}

	my $vrfvxlan = $sdn_cfg->{ids}->{$transportid}->{'vrf-vxlan'};
	if (!defined($vrfvxlan)) {
	    die "missing vrf-vxlan option";
	} else {
	    # verify that vrf-vxlan is not already declared in another transport
	    foreach my $id (keys %{$sdn_cfg->{ids}}) {
		next if $id eq $transportid;
		die "vrf-vxlan $vrfvxlan is already declared in $id"
			if (defined($sdn_cfg->{ids}->{$id}->{'vrf-vxlan'}) && $sdn_cfg->{ids}->{$id}->{'vrf-vxlan'} eq $vrfvxlan);
	    }
	}
    }
}

1;
Commit	Line	Data
3ee45e4c	1	package PVE::Network::SDN::VxlanPlugin;
7e720d4d AD	2
	3	use strict;
	4	use warnings;
86d22462	5	use PVE::Network::SDN::Plugin;
3ee45e4c	6	use PVE::Tools;
e3dca233	7	use PVE::INotify;
7e720d4d	8
86d22462	9	use base('PVE::Network::SDN::Plugin');
7e720d4d	10
6bffe819 AD	11	PVE::JSONSchema::register_format('pve-sdn-vxlanrange', \&pve_verify_sdn_vxlanrange);
6bffe819 AD	12	sub pve_verify_sdn_vxlanrange {
7e720d4d AD	13	my ($vxlanstr) = @_;
7e720d4d AD	14
86d22462	15	PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanstr, '16777216');
7e720d4d AD	16
	17	return $vxlanstr;
	18	}
	19
	20	sub type {
3ee45e4c	21	return 'vxlan';
7e720d4d AD	22	}
	23
	24	sub properties {
	25	return {
	26	'vxlan-allowed' => {
6bffe819	27	type => 'string', format => 'pve-sdn-vxlanrange',
7e720d4d AD	28	description => "Allowed vlan range",
	29	},
	30	'multicast-address' => {
	31	description => "Multicast address.",
7d35eaf5	32	type => 'string', #fixme: format
7e720d4d	33	},
3ee45e4c AD	34	'unicast-address' => {
3ee45e4c AD	35	description => "Unicast peers address ip list.",
7d35eaf5	36	type => 'string', #fixme: format
3ee45e4c	37	},
126fc68c AD	38	'vrf' => {
126fc68c AD	39	description => "vrf name.",
7d35eaf5	40	type => 'string', #fixme: format
126fc68c AD	41	},
	42	'vrf-vxlan' => {
	43	type => 'integer',
	44	description => "l3vni.",
	45	},
87d8b623 AD	46	'router' => {
	47	type => 'string',
	48	description => "Frr router name",
	49	},
7e720d4d AD	50	};
	51	}
	52
	53	sub options {
	54
	55	return {
85533e98	56	'uplink-id' => { optional => 0 },
3ee45e4c AD	57	'multicast-address' => { optional => 1 },
3ee45e4c AD	58	'unicast-address' => { optional => 1 },
7e720d4d	59	'vxlan-allowed' => { optional => 1 },
126fc68c AD	60	'vrf' => { optional => 1 },
126fc68c AD	61	'vrf-vxlan' => { optional => 1 },
87d8b623	62	'router' => { optional => 1 },
7e720d4d AD	63	};
	64	}
	65
	66	# Plugin implementation
6bffe819	67	sub generate_sdn_config {
93dea3aa	68	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $uplinks, $config) = @_;
7e720d4d AD	69
7e720d4d AD	70	my $tag = $vnet->{tag};
dc7e431e	71	my $alias = $vnet->{alias};
5b31292c AD	72	my $ipv4 = $vnet->{ipv4};
	73	my $ipv6 = $vnet->{ipv6};
	74	my $mac = $vnet->{mac};
7e720d4d	75	my $multicastaddress = $plugin_config->{'multicast-address'};
3ee45e4c AD	76	my @unicastaddress = split(',', $plugin_config->{'unicast-address'}) if $plugin_config->{'unicast-address'};
3ee45e4c AD	77
7e720d4d AD	78	my $uplink = $plugin_config->{'uplink-id'};
7e720d4d AD	79	my $vxlanallowed = $plugin_config->{'vxlan-allowed'};
126fc68c AD	80	my $vrf = $plugin_config->{'vrf'};
126fc68c AD	81	my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
7e720d4d AD	82
7e720d4d AD	83	die "missing vxlan tag" if !$tag;
3ee45e4c AD	84	my $iface = "uplink$uplink";
	85	my $ifaceip = "";
	86
	87	if($uplinks->{$uplink}->{name}) {
	88	$iface = $uplinks->{$uplink}->{name};
	89	$ifaceip = PVE::Network::SDN::Plugin::get_first_local_ipv4_from_interface($iface);
	90	}
c1ae8486 AD	91
	92	my $mtu = 1450;
	93	$mtu = $uplinks->{$uplink}->{mtu} - 50 if $uplinks->{$uplink}->{mtu};
	94	$mtu = $vnet->{mtu} if $vnet->{mtu};
7e720d4d	95
93dea3aa AD	96	#vxlan interface
	97	my @iface_config = ();
	98	push @iface_config, "vxlan-id $tag";
3ee45e4c AD	99
3ee45e4c AD	100	if($multicastaddress) {
93dea3aa AD	101	push @iface_config, "vxlan-svcnodeip $multicastaddress";
93dea3aa AD	102	push @iface_config, "vxlan-physdev $iface";
3ee45e4c AD	103	} elsif (@unicastaddress) {
	104
	105	foreach my $address (@unicastaddress) {
	106	next if $address eq $ifaceip;
93dea3aa	107	push @iface_config, "vxlan_remoteip $address";
3ee45e4c AD	108	}
3ee45e4c AD	109	} else {
93dea3aa AD	110	push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip;
	111	push @iface_config, "bridge-learning off";
	112	push @iface_config, "bridge-arp-nd-suppress on";
3ee45e4c AD	113	}
3ee45e4c AD	114
93dea3aa	115	push @iface_config, "mtu $mtu" if $mtu;
87d8b623	116	push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"};
93dea3aa AD	117
	118	#vnet bridge
	119	@iface_config = ();
	120	push @iface_config, "address $ipv4" if $ipv4;
	121	push @iface_config, "address $ipv6" if $ipv6;
	122	push @iface_config, "hwaddress $mac" if $mac;
	123	push @iface_config, "bridge_ports vxlan$vnetid";
	124	push @iface_config, "bridge_stp off";
	125	push @iface_config, "bridge_fd 0";
	126	push @iface_config, "mtu $mtu" if $mtu;
	127	push @iface_config, "alias $alias" if $alias;
79939ff7 AD	128	push @iface_config, "ip-forward on" if $ipv4;
	129	push @iface_config, "ip6-forward on" if $ipv6;
	130	push @iface_config, "arp-accept on" if $ipv4\|\|$ipv6;
93dea3aa	131	push @iface_config, "vrf $vrf" if $vrf;
87d8b623	132	push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
126fc68c AD	133
126fc68c AD	134	if ($vrf) {
93dea3aa AD	135	#vrf intreface
	136	@iface_config = ();
	137	push @iface_config, "vrf-table auto";
87d8b623	138	push(@{$config->{$vrf}}, @iface_config) if !$config->{$vrf};
126fc68c AD	139
126fc68c AD	140	if ($vrfvxlan) {
93dea3aa AD	141	#l3vni vxlan interface
	142	my $iface_vxlan = "vxlan$vrf";
	143	@iface_config = ();
	144	push @iface_config, "vxlan-id $vrfvxlan";
	145	push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip;
	146	push @iface_config, "bridge-learning off";
	147	push @iface_config, "bridge-arp-nd-suppress on";
	148	push @iface_config, "mtu $mtu" if $mtu;
87d8b623	149	push(@{$config->{$iface_vxlan}}, @iface_config) if !$config->{$iface_vxlan};
93dea3aa AD	150
93dea3aa AD	151	#l3vni bridge
126fc68c	152	my $brvrf = "br$vrf";
93dea3aa AD	153	@iface_config = ();
	154	push @iface_config, "bridge-ports $iface_vxlan";
	155	push @iface_config, "bridge_stp off";
	156	push @iface_config, "bridge_fd 0";
	157	push @iface_config, "mtu $mtu" if $mtu;
	158	push @iface_config, "vrf $vrf";
87d8b623	159	push(@{$config->{$brvrf}}, @iface_config) if !$config->{$brvrf};
126fc68c AD	160	}
126fc68c AD	161	}
7e720d4d AD	162
	163	return $config;
	164	}
	165
87d8b623	166	sub generate_frr_config {
074d270b	167	my ($class, $plugin_config, $router, $id, $uplinks, $config) = @_;
87d8b623 AD	168
	169	my $vrf = $plugin_config->{'vrf'};
	170	my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
074d270b AD	171	my $asn = $router->{asn};
074d270b AD	172	my $gatewaynodes = $router->{'gateway-nodes'};
87d8b623	173
074d270b	174	return if !$vrf \|\| !$vrfvxlan \|\| !$asn;
87d8b623 AD	175
	176	#vrf
	177	my @router_config = ();
	178	push @router_config, "vni $vrfvxlan";
17854295	179	push(@{$config->{vrf}->{"$vrf"}}, @router_config);
87d8b623	180
87d8b623	181	@router_config = ();
e3dca233 AD	182
	183	my $is_gateway = undef;
	184	my $local_node = PVE::INotify::nodename();
	185
	186	foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) {
	187	$is_gateway = 1 if $gatewaynode eq $local_node;
	188	}
	189
	190	if ($is_gateway) {
	191
	192	@router_config = ();
	193	#import /32 routes of evpn network from vrf1 to default vrf (for packet return)
	194	#frr 7.1 tag is bugged -> works fine with 7.1 stable branch(20190829-02-g6ba76bbc1)
	195	#https://github.com/FRRouting/frr/issues/4905
17854295 AD	196	push @router_config, "import vrf $vrf";
17854295 AD	197	push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
074d270b	198	push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @router_config);
e3dca233 AD	199
e3dca233 AD	200	@router_config = ();
6c8d2382 AD	201	#redistribute connected to be able to route to local vms on the gateway
	202	push @router_config, "redistribute connected";
	203	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
074d270b	204	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @router_config);
e3dca233	205
6c8d2382	206	@router_config = ();
e3dca233	207	#add default originate to announce 0.0.0.0/0 type5 route in evpn
17854295	208	push @router_config, "default-originate ipv4";
074d270b	209	push @router_config, "default-originate ipv6";
17854295	210	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @router_config);
e3dca233	211	}
87d8b623 AD	212
	213	return $config;
	214	}
	215
fe0c6b9e	216	sub on_delete_hook {
6bffe819	217	my ($class, $transportid, $sdn_cfg) = @_;
fe0c6b9e AD	218
fe0c6b9e AD	219	# verify that no vnet are associated to this transport
6bffe819 AD	220	foreach my $id (keys %{$sdn_cfg->{ids}}) {
6bffe819 AD	221	my $sdn = $sdn_cfg->{ids}->{$id};
7d35eaf5	222	die "transport $transportid is used by vnet $id"
6bffe819	223	if ($sdn->{type} eq 'vnet' && defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid);
a8ad2789	224	}
fe0c6b9e AD	225	}
fe0c6b9e AD	226
e8d5906e	227	sub on_update_hook {
6bffe819	228	my ($class, $transportid, $sdn_cfg) = @_;
c723980e	229
6bffe819	230	my $transport = $sdn_cfg->{ids}->{$transportid};
e8d5906e AD	231
	232	# verify that vxlan-allowed don't conflict with another vxlan-allowed transport
	233
7d35eaf5	234	# verify that vxlan-allowed is matching currently vnet tag in this transport
c723980e AD	235	my $vxlanallowed = $transport->{'vxlan-allowed'};
c723980e AD	236	if ($vxlanallowed) {
6bffe819 AD	237	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	238	my $sdn = $sdn_cfg->{ids}->{$id};
	239	if ($sdn->{type} eq 'vnet' && defined($sdn->{tag})) {
	240	if(defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid) {
	241	my $tag = $sdn->{tag};
c723980e	242	eval {
86d22462	243	PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanallowed, '16777216', $tag);
c723980e AD	244	};
	245	if($@) {
	246	die "vnet $id - vlan $tag is not allowed in transport $transportid";
	247	}
	248	}
	249	}
	250	}
	251	}
5bda8607 AD	252
	253	# verify that router exist
	254	if (defined($sdn_cfg->{ids}->{$transportid}->{router})) {
	255	my $router = $sdn_cfg->{ids}->{$transportid}->{router};
	256	if (!defined($sdn_cfg->{ids}->{$router})) {
	257	die "router $router don't exist";
	258	} else {
	259	die "$router is not a router type" if $sdn_cfg->{ids}->{$router}->{type} ne 'frr';
	260	}
	261
	262	#vrf && vrf-vxlan need to be defined with router
	263	my $vrf = $sdn_cfg->{ids}->{$transportid}->{vrf};
	264	if (!defined($vrf)) {
	265	die "missing vrf option";
	266	} else {
	267	# verify that vrf is not already declared in another transport
	268	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	269	next if $id eq $transportid;
	270	die "vrf $vrf is already declared in $id"
	271	if (defined($sdn_cfg->{ids}->{$id}->{vrf}) && $sdn_cfg->{ids}->{$id}->{vrf} eq $vrf);
	272	}
	273	}
	274
	275	my $vrfvxlan = $sdn_cfg->{ids}->{$transportid}->{'vrf-vxlan'};
	276	if (!defined($vrfvxlan)) {
	277	die "missing vrf-vxlan option";
	278	} else {
	279	# verify that vrf-vxlan is not already declared in another transport
	280	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	281	next if $id eq $transportid;
	282	die "vrf-vxlan $vrfvxlan is already declared in $id"
	283	if (defined($sdn_cfg->{ids}->{$id}->{'vrf-vxlan'}) && $sdn_cfg->{ids}->{$id}->{'vrf-vxlan'} eq $vrfvxlan);
	284	}
	285	}
7d35eaf5	286	}
e8d5906e AD	287	}
e8d5906e AD	288
7e720d4d AD	289	1;
	290
	291