]>
Commit | Line | Data |
---|---|---|
fa253735 | 1 | package PVE::Network::SDN::Controllers::EvpnPlugin; |
32602a38 AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
f5eabba0 | 5 | use PVE::Network::SDN::Controllers::Plugin; |
4405f2de | 6 | use PVE::Tools qw(run_command); |
074d270b AD |
7 | use PVE::INotify; |
8 | use PVE::JSONSchema qw(get_standard_option); | |
32602a38 | 9 | |
f5eabba0 | 10 | use base('PVE::Network::SDN::Controllers::Plugin'); |
32602a38 AD |
11 | |
12 | sub type { | |
fa253735 | 13 | return 'evpn'; |
8fb1ee7f AD |
14 | } |
15 | ||
32602a38 AD |
16 | sub properties { |
17 | return { | |
18 | 'asn' => { | |
19 | type => 'integer', | |
20 | description => "autonomous system number", | |
21 | }, | |
22 | 'peers' => { | |
23 | description => "peers address list.", | |
fcfca9ef | 24 | type => 'string', format => 'ip-list' |
32602a38 | 25 | }, |
074d270b AD |
26 | 'gateway-nodes' => get_standard_option('pve-node-list'), |
27 | 'gateway-external-peers' => { | |
28 | description => "upstream bgp peers address list.", | |
fcfca9ef | 29 | type => 'string', format => 'ip-list' |
074d270b | 30 | }, |
32602a38 AD |
31 | }; |
32 | } | |
33 | ||
34 | sub options { | |
35 | ||
36 | return { | |
32602a38 AD |
37 | 'asn' => { optional => 0 }, |
38 | 'peers' => { optional => 0 }, | |
074d270b AD |
39 | 'gateway-nodes' => { optional => 1 }, |
40 | 'gateway-external-peers' => { optional => 1 }, | |
32602a38 AD |
41 | }; |
42 | } | |
43 | ||
4405f2de AD |
44 | sub get_local_route_ip { |
45 | my ($targetip) = @_; | |
46 | ||
47 | my $ip = undef; | |
48 | my $interface = undef; | |
49 | ||
50 | run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub { | |
51 | if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) { | |
52 | $ip = $1; | |
53 | } | |
54 | if ($_[0] =~ m/dev (\S+)/) { | |
55 | $interface = $1; | |
56 | } | |
57 | ||
58 | }); | |
59 | return ($ip, $interface); | |
60 | } | |
61 | ||
62 | sub find_local_ip_interface { | |
63 | my ($peers) = @_; | |
64 | ||
65 | my $network_config = PVE::INotify::read_file('interfaces'); | |
66 | my $ifaces = $network_config->{ifaces}; | |
67 | #is a local ip member of peers list ? | |
68 | foreach my $address (@{$peers}) { | |
69 | while (my $interface = each %$ifaces) { | |
70 | my $ip = $ifaces->{$interface}->{address}; | |
71 | if ($ip && $ip eq $address) { | |
72 | return ($ip, $interface); | |
73 | } | |
74 | } | |
75 | } | |
76 | ||
77 | #if peer is remote, find source with ip route | |
78 | foreach my $address (@{$peers}) { | |
79 | my ($ip, $interface) = get_local_route_ip($address); | |
80 | return ($ip, $interface); | |
81 | } | |
82 | } | |
83 | ||
32602a38 | 84 | # Plugin implementation |
8fb1ee7f | 85 | sub generate_controller_config { |
56cdcac9 | 86 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; |
32602a38 | 87 | |
32602a38 AD |
88 | my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; |
89 | ||
074d270b | 90 | my $asn = $plugin_config->{asn}; |
074d270b AD |
91 | my $gatewaynodes = $plugin_config->{'gateway-nodes'}; |
92 | my @gatewaypeers = split(',', $plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; | |
93 | ||
94 | return if !$asn; | |
32602a38 | 95 | |
4405f2de | 96 | my ($ifaceip, $interface) = find_local_ip_interface(\@peers); |
32602a38 | 97 | |
074d270b AD |
98 | my $is_gateway = undef; |
99 | my $local_node = PVE::INotify::nodename(); | |
100 | ||
101 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
102 | $is_gateway = 1 if $gatewaynode eq $local_node; | |
103 | } | |
17854295 | 104 | |
56cdcac9 | 105 | my @controller_config = (); |
93dea3aa | 106 | |
56cdcac9 AD |
107 | push @controller_config, "bgp router-id $ifaceip"; |
108 | push @controller_config, "no bgp default ipv4-unicast"; | |
109 | push @controller_config, "coalesce-time 1000"; | |
32602a38 AD |
110 | |
111 | foreach my $address (@peers) { | |
112 | next if $address eq $ifaceip; | |
56cdcac9 | 113 | push @controller_config, "neighbor $address remote-as $asn"; |
7d35eaf5 | 114 | } |
074d270b AD |
115 | |
116 | if ($is_gateway) { | |
117 | foreach my $address (@gatewaypeers) { | |
56cdcac9 | 118 | push @controller_config, "neighbor $address remote-as external"; |
074d270b AD |
119 | } |
120 | } | |
56cdcac9 | 121 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{""}}, @controller_config); |
074d270b | 122 | |
56cdcac9 | 123 | @controller_config = (); |
32602a38 AD |
124 | foreach my $address (@peers) { |
125 | next if $address eq $ifaceip; | |
56cdcac9 | 126 | push @controller_config, "neighbor $address activate"; |
32602a38 | 127 | } |
56cdcac9 AD |
128 | push @controller_config, "advertise-all-vni"; |
129 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
32602a38 | 130 | |
074d270b AD |
131 | if ($is_gateway) { |
132 | ||
56cdcac9 | 133 | @controller_config = (); |
074d270b | 134 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) |
074d270b | 135 | foreach my $address (@gatewaypeers) { |
56cdcac9 | 136 | push @controller_config, "neighbor $address activate"; |
074d270b | 137 | } |
56cdcac9 AD |
138 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); |
139 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
074d270b AD |
140 | |
141 | } | |
142 | ||
32602a38 AD |
143 | return $config; |
144 | } | |
145 | ||
56cdcac9 AD |
146 | sub generate_controller_zone_config { |
147 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; | |
0589eb09 | 148 | |
7cb9714d | 149 | my $vrf = $id; |
0589eb09 | 150 | my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; |
56cdcac9 AD |
151 | my $asn = $controller->{asn}; |
152 | my $gatewaynodes = $controller->{'gateway-nodes'}; | |
0589eb09 AD |
153 | |
154 | return if !$vrf || !$vrfvxlan || !$asn; | |
155 | ||
156 | #vrf | |
56cdcac9 AD |
157 | my @controller_config = (); |
158 | push @controller_config, "vni $vrfvxlan"; | |
159 | push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config); | |
0589eb09 | 160 | |
659c27c2 AD |
161 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, "!"); |
162 | ||
56cdcac9 | 163 | @controller_config = (); |
0589eb09 AD |
164 | |
165 | my $is_gateway = undef; | |
166 | my $local_node = PVE::INotify::nodename(); | |
167 | ||
168 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
169 | $is_gateway = 1 if $gatewaynode eq $local_node; | |
170 | } | |
171 | ||
172 | if ($is_gateway) { | |
173 | ||
56cdcac9 | 174 | @controller_config = (); |
0589eb09 | 175 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) |
56cdcac9 AD |
176 | push @controller_config, "import vrf $vrf"; |
177 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
178 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
0589eb09 | 179 | |
56cdcac9 | 180 | @controller_config = (); |
0589eb09 | 181 | #redistribute connected to be able to route to local vms on the gateway |
56cdcac9 AD |
182 | push @controller_config, "redistribute connected"; |
183 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
184 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
0589eb09 | 185 | |
56cdcac9 | 186 | @controller_config = (); |
0589eb09 | 187 | #add default originate to announce 0.0.0.0/0 type5 route in evpn |
56cdcac9 AD |
188 | push @controller_config, "default-originate ipv4"; |
189 | push @controller_config, "default-originate ipv6"; | |
190 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
0589eb09 AD |
191 | } |
192 | ||
193 | return $config; | |
194 | } | |
195 | ||
32602a38 | 196 | sub on_delete_hook { |
56cdcac9 | 197 | my ($class, $controllerid, $zone_cfg) = @_; |
32602a38 | 198 | |
56cdcac9 AD |
199 | # verify that zone is associated to this controller |
200 | foreach my $id (keys %{$zone_cfg->{ids}}) { | |
201 | my $zone = $zone_cfg->{ids}->{$id}; | |
202 | die "controller $controllerid is used by $id" | |
203 | if (defined($zone->{controller}) && $zone->{controller} eq $controllerid); | |
5bda8607 | 204 | } |
32602a38 AD |
205 | } |
206 | ||
207 | sub on_update_hook { | |
56cdcac9 | 208 | my ($class, $controllerid, $controller_cfg) = @_; |
5bda8607 | 209 | |
56cdcac9 AD |
210 | # verify that asn is not already used by another controller |
211 | my $asn = $controller_cfg->{ids}->{$controllerid}->{asn}; | |
212 | foreach my $id (keys %{$controller_cfg->{ids}}) { | |
213 | next if $id eq $controllerid; | |
214 | my $controller = $controller_cfg->{ids}->{$id}; | |
5bda8607 | 215 | die "asn $asn is already used by $id" |
56cdcac9 | 216 | if (defined($controller->{asn}) && $controller->{asn} eq $asn); |
5bda8607 | 217 | } |
32602a38 AD |
218 | } |
219 | ||
8fb1ee7f AD |
220 | sub sort_frr_config { |
221 | my $order = {}; | |
222 | $order->{''} = 0; | |
223 | $order->{'vrf'} = 1; | |
224 | $order->{'ipv4 unicast'} = 1; | |
225 | $order->{'ipv6 unicast'} = 2; | |
226 | $order->{'l2vpn evpn'} = 3; | |
227 | ||
228 | my $a_val = 100; | |
229 | my $b_val = 100; | |
230 | ||
231 | $a_val = $order->{$a} if defined($order->{$a}); | |
232 | $b_val = $order->{$b} if defined($order->{$b}); | |
233 | ||
234 | if($a =~ /bgp (\d+)$/) { | |
235 | $a_val = 2; | |
236 | } | |
237 | ||
238 | if($b =~ /bgp (\d+)$/) { | |
239 | $b_val = 2; | |
240 | } | |
241 | ||
242 | return $a_val <=> $b_val; | |
243 | } | |
244 | ||
245 | sub generate_frr_recurse{ | |
246 | my ($final_config, $content, $parentkey, $level) = @_; | |
247 | ||
248 | my $keylist = {}; | |
249 | $keylist->{vrf} = 1; | |
250 | $keylist->{'address-family'} = 1; | |
251 | $keylist->{router} = 1; | |
252 | ||
253 | my $exitkeylist = {}; | |
254 | $exitkeylist->{vrf} = 1; | |
255 | $exitkeylist->{'address-family'} = 1; | |
256 | ||
257 | #fix me, make this generic | |
258 | my $paddinglevel = undef; | |
259 | if($level == 1 || $level == 2) { | |
260 | $paddinglevel = $level - 1; | |
261 | } elsif ($level == 3 || $level == 4) { | |
262 | $paddinglevel = $level - 2; | |
263 | } | |
264 | ||
265 | my $padding = ""; | |
266 | $padding = ' ' x ($paddinglevel) if $paddinglevel; | |
267 | ||
268 | if (ref $content eq ref {}) { | |
269 | foreach my $key (sort sort_frr_config keys %$content) { | |
270 | if ($parentkey && defined($keylist->{$parentkey})) { | |
271 | push @{$final_config}, $padding."!"; | |
272 | push @{$final_config}, $padding."$parentkey $key"; | |
273 | } else { | |
274 | push @{$final_config}, $padding."$key" if $key ne '' && !defined($keylist->{$key}); | |
275 | } | |
276 | ||
277 | my $option = $content->{$key}; | |
278 | generate_frr_recurse($final_config, $option, $key, $level+1); | |
279 | ||
280 | push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey}); | |
281 | } | |
282 | } | |
32602a38 | 283 | |
8fb1ee7f AD |
284 | if (ref $content eq 'ARRAY') { |
285 | foreach my $value (@$content) { | |
286 | push @{$final_config}, $padding."$value"; | |
287 | } | |
288 | } | |
289 | } | |
290 | ||
291 | sub write_controller_config { | |
292 | my ($class, $plugin_config, $config) = @_; | |
293 | ||
659c27c2 AD |
294 | my $nodename = PVE::INotify::nodename(); |
295 | ||
8fb1ee7f AD |
296 | my $final_config = []; |
297 | push @{$final_config}, "log syslog informational"; | |
659c27c2 AD |
298 | push @{$final_config}, "ip forwarding"; |
299 | push @{$final_config}, "ipv6 forwarding"; | |
300 | push @{$final_config}, "frr defaults traditional"; | |
301 | push @{$final_config}, "service integrated-vtysh-config"; | |
302 | push @{$final_config}, "hostname $nodename"; | |
8fb1ee7f AD |
303 | push @{$final_config}, "!"; |
304 | ||
305 | generate_frr_recurse($final_config, $config->{frr}, undef, 0); | |
306 | ||
307 | push @{$final_config}, "!"; | |
308 | push @{$final_config}, "line vty"; | |
309 | push @{$final_config}, "!"; | |
310 | ||
311 | my $rawconfig = join("\n", @{$final_config}); | |
312 | ||
313 | ||
314 | return if !$rawconfig; | |
315 | return if !-d "/etc/frr"; | |
316 | ||
317 | my $frr_config_file = "/etc/frr/frr.conf"; | |
318 | ||
319 | my $writefh = IO::File->new($frr_config_file,">"); | |
320 | print $writefh $rawconfig; | |
321 | $writefh->close(); | |
322 | } | |
323 | ||
fa609bdd AD |
324 | sub reload_controller { |
325 | my ($class) = @_; | |
326 | ||
327 | my $conf_file = "/etc/frr/frr.conf"; | |
659c27c2 AD |
328 | my $bin_path = "/usr/lib/frr/frr-reload.py"; |
329 | ||
330 | if (!-e $bin_path) { | |
331 | warn "missing $bin_path. Please install frr-pythontools package"; | |
332 | return; | |
333 | } | |
fa609bdd AD |
334 | |
335 | my $err = sub { | |
336 | my $line = shift; | |
659c27c2 AD |
337 | if ($line =~ /ERROR:/) { |
338 | warn "$line \n"; | |
fa609bdd AD |
339 | } |
340 | }; | |
341 | ||
342 | if (-e $conf_file && -e $bin_path) { | |
659c27c2 | 343 | PVE::Tools::run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err); |
fa609bdd AD |
344 | } |
345 | } | |
346 | ||
8fb1ee7f | 347 | 1; |
32602a38 | 348 | |
0589eb09 | 349 |