]>
Commit | Line | Data |
---|---|---|
0193ebe5 | 1 | package PVE::Network::SDN::EvpnControllerPlugin; |
32602a38 AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
5 | use PVE::Network::SDN::Plugin; | |
6 | use PVE::Tools; | |
074d270b AD |
7 | use PVE::INotify; |
8 | use PVE::JSONSchema qw(get_standard_option); | |
32602a38 AD |
9 | |
10 | use base('PVE::Network::SDN::Plugin'); | |
11 | ||
12 | sub type { | |
0193ebe5 | 13 | return 'evpncontroller'; |
32602a38 AD |
14 | } |
15 | ||
8fb1ee7f AD |
16 | sub plugindata { |
17 | return { | |
18 | role => 'controller', | |
19 | }; | |
20 | } | |
21 | ||
32602a38 AD |
22 | sub properties { |
23 | return { | |
24 | 'asn' => { | |
25 | type => 'integer', | |
26 | description => "autonomous system number", | |
27 | }, | |
28 | 'peers' => { | |
29 | description => "peers address list.", | |
fcfca9ef | 30 | type => 'string', format => 'ip-list' |
32602a38 | 31 | }, |
074d270b AD |
32 | 'gateway-nodes' => get_standard_option('pve-node-list'), |
33 | 'gateway-external-peers' => { | |
34 | description => "upstream bgp peers address list.", | |
fcfca9ef | 35 | type => 'string', format => 'ip-list' |
074d270b | 36 | }, |
32602a38 AD |
37 | }; |
38 | } | |
39 | ||
40 | sub options { | |
41 | ||
42 | return { | |
43 | 'uplink-id' => { optional => 0 }, | |
44 | 'asn' => { optional => 0 }, | |
45 | 'peers' => { optional => 0 }, | |
074d270b AD |
46 | 'gateway-nodes' => { optional => 1 }, |
47 | 'gateway-external-peers' => { optional => 1 }, | |
32602a38 AD |
48 | }; |
49 | } | |
50 | ||
51 | # Plugin implementation | |
8fb1ee7f | 52 | sub generate_controller_config { |
074d270b | 53 | my ($class, $plugin_config, $router, $id, $uplinks, $config) = @_; |
32602a38 | 54 | |
32602a38 AD |
55 | my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; |
56 | ||
074d270b | 57 | my $asn = $plugin_config->{asn}; |
32602a38 | 58 | my $uplink = $plugin_config->{'uplink-id'}; |
074d270b AD |
59 | my $gatewaynodes = $plugin_config->{'gateway-nodes'}; |
60 | my @gatewaypeers = split(',', $plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; | |
61 | ||
62 | return if !$asn; | |
32602a38 | 63 | |
32602a38 AD |
64 | my $iface = "uplink$uplink"; |
65 | my $ifaceip = ""; | |
66 | ||
67 | if($uplinks->{$uplink}->{name}) { | |
68 | $iface = $uplinks->{$uplink}->{name}; | |
87d8b623 | 69 | $ifaceip = PVE::Network::SDN::Plugin::get_first_local_ipv4_from_interface($iface); |
32602a38 AD |
70 | } |
71 | ||
074d270b AD |
72 | my $is_gateway = undef; |
73 | my $local_node = PVE::INotify::nodename(); | |
74 | ||
75 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
76 | $is_gateway = 1 if $gatewaynode eq $local_node; | |
77 | } | |
17854295 | 78 | |
93dea3aa AD |
79 | my @router_config = (); |
80 | ||
93dea3aa | 81 | push @router_config, "bgp router-id $ifaceip"; |
bc49b410 | 82 | push @router_config, "no bgp default ipv4-unicast"; |
93dea3aa | 83 | push @router_config, "coalesce-time 1000"; |
32602a38 AD |
84 | |
85 | foreach my $address (@peers) { | |
86 | next if $address eq $ifaceip; | |
93dea3aa | 87 | push @router_config, "neighbor $address remote-as $asn"; |
7d35eaf5 | 88 | } |
074d270b AD |
89 | |
90 | if ($is_gateway) { | |
91 | foreach my $address (@gatewaypeers) { | |
92 | push @router_config, "neighbor $address remote-as external"; | |
93 | } | |
94 | } | |
8fb1ee7f | 95 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{""}}, @router_config); |
074d270b | 96 | |
17854295 | 97 | @router_config = (); |
32602a38 AD |
98 | foreach my $address (@peers) { |
99 | next if $address eq $ifaceip; | |
17854295 | 100 | push @router_config, "neighbor $address activate"; |
32602a38 | 101 | } |
17854295 | 102 | push @router_config, "advertise-all-vni"; |
8fb1ee7f | 103 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"l2vpn evpn"}}, @router_config); |
32602a38 | 104 | |
074d270b AD |
105 | if ($is_gateway) { |
106 | ||
107 | @router_config = (); | |
108 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) | |
109 | #frr 7.1 tag is bugged -> works fine with 7.1 stable branch(20190829-02-g6ba76bbc1) | |
110 | #https://github.com/FRRouting/frr/issues/4905 | |
111 | foreach my $address (@gatewaypeers) { | |
112 | push @router_config, "neighbor $address activate"; | |
113 | } | |
8fb1ee7f AD |
114 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @router_config); |
115 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @router_config); | |
074d270b AD |
116 | |
117 | } | |
118 | ||
32602a38 AD |
119 | return $config; |
120 | } | |
121 | ||
0589eb09 AD |
122 | sub generate_controller_transport_config { |
123 | my ($class, $plugin_config, $router, $id, $uplinks, $config) = @_; | |
124 | ||
125 | my $vrf = $plugin_config->{'vrf'}; | |
126 | my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; | |
127 | my $asn = $router->{asn}; | |
128 | my $gatewaynodes = $router->{'gateway-nodes'}; | |
129 | ||
130 | return if !$vrf || !$vrfvxlan || !$asn; | |
131 | ||
132 | #vrf | |
133 | my @router_config = (); | |
134 | push @router_config, "vni $vrfvxlan"; | |
135 | push(@{$config->{frr}->{vrf}->{"$vrf"}}, @router_config); | |
136 | ||
137 | @router_config = (); | |
138 | ||
139 | my $is_gateway = undef; | |
140 | my $local_node = PVE::INotify::nodename(); | |
141 | ||
142 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
143 | $is_gateway = 1 if $gatewaynode eq $local_node; | |
144 | } | |
145 | ||
146 | if ($is_gateway) { | |
147 | ||
148 | @router_config = (); | |
149 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) | |
150 | #frr 7.1 tag is bugged -> works fine with 7.1 stable branch(20190829-02-g6ba76bbc1) | |
151 | #https://github.com/FRRouting/frr/issues/4905 | |
152 | push @router_config, "import vrf $vrf"; | |
153 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @router_config); | |
154 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @router_config); | |
155 | ||
156 | @router_config = (); | |
157 | #redistribute connected to be able to route to local vms on the gateway | |
158 | push @router_config, "redistribute connected"; | |
159 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @router_config); | |
160 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @router_config); | |
161 | ||
162 | @router_config = (); | |
163 | #add default originate to announce 0.0.0.0/0 type5 route in evpn | |
164 | push @router_config, "default-originate ipv4"; | |
165 | push @router_config, "default-originate ipv6"; | |
166 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @router_config); | |
167 | } | |
168 | ||
169 | return $config; | |
170 | } | |
171 | ||
32602a38 | 172 | sub on_delete_hook { |
5bda8607 | 173 | my ($class, $routerid, $sdn_cfg) = @_; |
32602a38 | 174 | |
5bda8607 AD |
175 | # verify that transport is associated to this router |
176 | foreach my $id (keys %{$sdn_cfg->{ids}}) { | |
177 | my $sdn = $sdn_cfg->{ids}->{$id}; | |
178 | die "router $routerid is used by $id" | |
179 | if (defined($sdn->{router}) && $sdn->{router} eq $routerid); | |
180 | } | |
32602a38 AD |
181 | } |
182 | ||
183 | sub on_update_hook { | |
5bda8607 AD |
184 | my ($class, $routerid, $sdn_cfg) = @_; |
185 | ||
186 | # verify that asn is not already used by another router | |
187 | my $asn = $sdn_cfg->{ids}->{$routerid}->{asn}; | |
188 | foreach my $id (keys %{$sdn_cfg->{ids}}) { | |
189 | next if $id eq $routerid; | |
190 | my $sdn = $sdn_cfg->{ids}->{$id}; | |
191 | die "asn $asn is already used by $id" | |
192 | if (defined($sdn->{asn}) && $sdn->{asn} eq $asn); | |
193 | } | |
32602a38 AD |
194 | } |
195 | ||
8fb1ee7f AD |
196 | sub sort_frr_config { |
197 | my $order = {}; | |
198 | $order->{''} = 0; | |
199 | $order->{'vrf'} = 1; | |
200 | $order->{'ipv4 unicast'} = 1; | |
201 | $order->{'ipv6 unicast'} = 2; | |
202 | $order->{'l2vpn evpn'} = 3; | |
203 | ||
204 | my $a_val = 100; | |
205 | my $b_val = 100; | |
206 | ||
207 | $a_val = $order->{$a} if defined($order->{$a}); | |
208 | $b_val = $order->{$b} if defined($order->{$b}); | |
209 | ||
210 | if($a =~ /bgp (\d+)$/) { | |
211 | $a_val = 2; | |
212 | } | |
213 | ||
214 | if($b =~ /bgp (\d+)$/) { | |
215 | $b_val = 2; | |
216 | } | |
217 | ||
218 | return $a_val <=> $b_val; | |
219 | } | |
220 | ||
221 | sub generate_frr_recurse{ | |
222 | my ($final_config, $content, $parentkey, $level) = @_; | |
223 | ||
224 | my $keylist = {}; | |
225 | $keylist->{vrf} = 1; | |
226 | $keylist->{'address-family'} = 1; | |
227 | $keylist->{router} = 1; | |
228 | ||
229 | my $exitkeylist = {}; | |
230 | $exitkeylist->{vrf} = 1; | |
231 | $exitkeylist->{'address-family'} = 1; | |
232 | ||
233 | #fix me, make this generic | |
234 | my $paddinglevel = undef; | |
235 | if($level == 1 || $level == 2) { | |
236 | $paddinglevel = $level - 1; | |
237 | } elsif ($level == 3 || $level == 4) { | |
238 | $paddinglevel = $level - 2; | |
239 | } | |
240 | ||
241 | my $padding = ""; | |
242 | $padding = ' ' x ($paddinglevel) if $paddinglevel; | |
243 | ||
244 | if (ref $content eq ref {}) { | |
245 | foreach my $key (sort sort_frr_config keys %$content) { | |
246 | if ($parentkey && defined($keylist->{$parentkey})) { | |
247 | push @{$final_config}, $padding."!"; | |
248 | push @{$final_config}, $padding."$parentkey $key"; | |
249 | } else { | |
250 | push @{$final_config}, $padding."$key" if $key ne '' && !defined($keylist->{$key}); | |
251 | } | |
252 | ||
253 | my $option = $content->{$key}; | |
254 | generate_frr_recurse($final_config, $option, $key, $level+1); | |
255 | ||
256 | push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey}); | |
257 | } | |
258 | } | |
32602a38 | 259 | |
8fb1ee7f AD |
260 | if (ref $content eq 'ARRAY') { |
261 | foreach my $value (@$content) { | |
262 | push @{$final_config}, $padding."$value"; | |
263 | } | |
264 | } | |
265 | } | |
266 | ||
267 | sub write_controller_config { | |
268 | my ($class, $plugin_config, $config) = @_; | |
269 | ||
270 | my $final_config = []; | |
271 | push @{$final_config}, "log syslog informational"; | |
272 | push @{$final_config}, "!"; | |
273 | ||
274 | generate_frr_recurse($final_config, $config->{frr}, undef, 0); | |
275 | ||
276 | push @{$final_config}, "!"; | |
277 | push @{$final_config}, "line vty"; | |
278 | push @{$final_config}, "!"; | |
279 | ||
280 | my $rawconfig = join("\n", @{$final_config}); | |
281 | ||
282 | ||
283 | return if !$rawconfig; | |
284 | return if !-d "/etc/frr"; | |
285 | ||
286 | my $frr_config_file = "/etc/frr/frr.conf"; | |
287 | ||
288 | my $writefh = IO::File->new($frr_config_file,">"); | |
289 | print $writefh $rawconfig; | |
290 | $writefh->close(); | |
291 | } | |
292 | ||
fa609bdd AD |
293 | sub reload_controller { |
294 | my ($class) = @_; | |
295 | ||
296 | my $conf_file = "/etc/frr/frr.conf"; | |
297 | my $bin_path = "/usr/bin/vtysh"; | |
298 | ||
299 | my $err = sub { | |
300 | my $line = shift; | |
301 | if ($line =~ /^line (\S+)/) { | |
302 | print "$line \n"; | |
303 | } | |
304 | }; | |
305 | ||
306 | if (-e $conf_file && -e $bin_path) { | |
307 | PVE::Tools::run_command([$bin_path, '-m', '-f', $conf_file], outfunc => {}, errfunc => $err); | |
308 | } | |
309 | } | |
310 | ||
8fb1ee7f | 311 | 1; |
32602a38 | 312 | |
0589eb09 | 313 |