xref:getting_help[mailing lists or in the forum] for questions and feedback.
+[[pvesdn_installation]]
Installation
------------
The {pve} SDN allows separation and fine grained control of Virtual Guests
networks, using flexible software controlled configurations.
-Separation consists of zones, a zone is it's own virtual separated area.
-A Zone can be used by one or more 'VNets'. A 'VNet' is virtual network in a
-zone. Normally it shows up as a common Linux bridge with either a VLAN or
-'VXLAN' tag, or using layer 3 routing for control.
-The 'VNets' are deployed locally on each node, after configuration was commited
-from the cluster wide datacenter level.
+Separation consists of zones, a zone is it's own virtual separated network area.
+A 'VNet' is a type of a virtual network connected to a zone. Depending on which
+type or plugin the zone uses it can behave differently and offer different
+features, advantages or disadvantages.
+Normally a 'VNet' shows up as a common Linux bridge with either a VLAN or
+'VXLAN' tag, but some can also use layer 3 routing for control.
+The 'VNets' are deployed locally on each node, after configuration was committed
+from the cluster wide datacenter SDN administration interface.
Main configuration
* VNets: The per-node building block to provide a Zone for VMs
-* Controller:
+* Controller: For complex setups to control Layer 3 routing
+[[pvesdn_config_main_sdn]]
SDN
~~~
cluster nodes nodes.
+[[pvesdn_config_zone]]
Zones
~~~~~
It's also possible to add permissions on a zone, to restrict user to use only a
specific zone and only the VNets in that zone
+[[pvesdn_config_vnet]]
VNets
~~~~~
* Tag: The unique VLAN or VXLAN id
+* VLAN Aware: Allow to add an extra VLAN tag in the virtual machine or
+ container vNIC configurations or allow the guest OS to manage the VLAN's tag.
+
* IPv4: an anycast IPv4 address, it will be configured on the underlying bridge
on each node part of the Zone. It's only useful for `bgp-evpn` routing.
on each node part of the Zone. It's only useful for `bgp-evpn` routing.
+[[pvesdn_config_controllers]]
Controllers
~~~~~~~~~~~
-Some zone types (currently only the `bgp-evpn` plugin) need an external
-controller to manage the VNet control-plane.
+Some zone types need an external controller to manage the VNet control-plane.
+Currently this is only required for the `bgp-evpn` zone plugin.
+[[pvesdn_zone_plugins]]
Zones Plugins
-------------
Common options
~~~~~~~~~~~~~~
-nodes:: deploy and allow to use a VNets configured for this Zone only on
-these nodes.
-
+nodes:: Deploy and allow to use a VNets configured for this Zone only on these
+nodes.
+[[pvesdn_zone_plugin_vlan]]
VLAN Zones
~~~~~~~~~~
Specific `VLAN` configuration options:
-bridge:: Reuse this local VLAN-aware bridge, or OVS interface, already
+bridge:: Reuse this local bridge or OVS switch, already
configured on *each* local node.
+[[pvesdn_zone_plugin_qinq]]
QinQ Zones
~~~~~~~~~~
QinQ is stacked VLAN. The first VLAN tag defined for the zone
(so called 'service-vlan'), and the second VLAN tag defined for the vnets
-NOTE: Your physical network switchs must support stacked VLANs!
+NOTE: Your physical network switches must support stacked VLANs!
Specific QinQ configuration options:
-bridge:: a local VLAN-aware bridge already configured on each local node
-service vlan:: he main VLAN tag of this zone
+bridge:: A local VLAN-aware bridge already configured on each local node
+
+service vlan:: The main VLAN tag of this zone
+
mtu:: Due to the double stacking of tags you need 4 more bytes for QinQ VLANs.
For example, you reduce the MTU to `1496` if you physical interface MTU is
`1500`.
+[[pvesdn_zone_plugin_vxlan]]
VXLAN Zones
~~~~~~~~~~~
Specific EVPN configuration options:
-peers address list:: a list of IPs from all nodes where you want to communicate (can also be external nodes)
-mtu:: because VXLAN encapsulation use 50bytes, the MTU need to be 50 bytes lower than the outgoing physical interface.
+peers address list:: A list of IPs from all nodes through which you want to
+communicate. Can also be external nodes.
+mtu:: Because VXLAN encapsulation use 50bytes, the MTU need to be 50 bytes
+lower than the outgoing physical interface.
+
+[[pvesdn_zone_plugin_evpn]]
EVPN Zones
~~~~~~~~~~
lower than the outgoing physical interface.
+[[pvesdn_controller_plugins]]
Controllers Plugins
-------------------
+For complex zones requiring a control plane.
+
+[[pvesdn_controller_plugin_evpn]]
EVPN Controller
~~~~~~~~~~~~~~~
Configuration options:
-asn:: a unique BGP ASN number. It's highly recommended to use private ASN
+asn:: A unique BGP ASN number. It's highly recommended to use private ASN
number (64512 – 65534, 4200000000 – 4294967294), as else you could end up
breaking, or get broken, by global routing by mistake.
-peers:: an ip list of all nodes where you want to communicate (could be also
+peers:: An ip list of all nodes where you want to communicate (could be also
external nodes or route reflectors servers)
Additionally, if you want to route traffic from a SDN BGP-EVPN network to
gateway-nodes:: The proxmox nodes from where the bgp-evpn traffic will exit to
external through the nodes default gateway
-If you want that gateway nodes don't use the default gateway, but, for example,
-sent traffic to external BGP routers
-
-gateway-external-peers:: 192.168.0.253,192.168.0.254
+gateway-external-peers:: If you want that gateway nodes don't use the default
+gateway, but, for example, sent traffic to external BGP routers, which handle
+(reverse) routing then dynamically you can use. For example
+`192.168.0.253,192.168.0.254'
+[[pvesdn_local_deployment_monitoring]]
Local Deployment Monitoring
---------------------------
the local network configuration is generated locally on each node in
`/etc/network/interfaces.d/sdn`, and with ifupdown2 reloaded.
+You need to add
+----
+source /etc/network/interfaces.d/*
+----
+at the end of /etc/network/interfaces to have the sdn config included
+
You can monitor the status of local zones and vnets through the main tree.
+[[pvesdn_setup_example_vlan]]
VLAN Setup Example
------------------
Then, you should be able to ping between both VMs over that network.
-QinQ setup example
+[[pvesdn_setup_example_qinq]]
+QinQ Setup Example
------------------
TIP: While we show plain configuration content here, almost everything should
----
id: myvnet2
-zone: qinqzone1
+zone: qinqzone2
tag: 100
----
or 'vm4', as they are on a different zone with different service-vlan.
+[[pvesdn_setup_example_vxlan]]
VXLAN Setup Example
-------------------
+TIP: While we show plain configuration content here, almost everything should
+be configurable using the web-interface only.
+
node1: /etc/network/interfaces
----
Then, you should be able to ping between between 'vm1' and 'vm2'.
-
-EVPN setup example
+[[pvesdn_setup_example_evpn]]
+EVPN Setup Example
------------------
node1: /etc/network/interfaces
zone: myevpnzone
tag: 11000
ipv4: 10.0.1.1/24
-mac address: 8C:73:B2:7B:F9:60 #random generate mac addres
+mac address: 8C:73:B2:7B:F9:60 #random generate mac address
----
Create the second VNet named `myvnet2' using the same EVPN zone `myevpnzone', a