[pve-network.git] / PVE / Network / SDN / VxlanPlugin.pm

package PVE::Network::SDN::VxlanPlugin;

use strict;
use warnings;
use PVE::Network::SDN::Plugin;
use PVE::Tools qw($IPV4RE);
use PVE::INotify;

use base('PVE::Network::SDN::Plugin');

PVE::JSONSchema::register_format('pve-sdn-vxlanrange', \&pve_verify_sdn_vxlanrange);
sub pve_verify_sdn_vxlanrange {
   my ($vxlanstr) = @_;

   PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanstr, '16777216');

   return $vxlanstr;
}

PVE::JSONSchema::register_format('ipv4-multicast', \&parse_ipv4_multicast);
sub parse_ipv4_multicast {
    my ($ipv4, $noerr) = @_;

    if ($ipv4 !~ m/^(?:$IPV4RE)$/) {
        return undef if $noerr;
        die "value does not look like a valid multicast IPv4 address\n";
    }

    if ($ipv4 =~ m/^(\d+)\.\d+.\d+.\d+/) {
	if($1 < 224 || $1 > 239) {
	    return undef if $noerr;
	    die "value does not look like a valid multicast IPv4 address\n";
	}
    }

    return $ipv4;
}

sub type {
    return 'vxlan';
}

sub plugindata {
    return {
        role => 'transport',
    };
}

sub properties {
    return {
        'vxlan-allowed' => {
            type => 'string', format => 'pve-sdn-vxlanrange',
            description => "Allowed vlan range",
        },
        'multicast-address' => {
            description => "Multicast address.",
            type => 'string', format => 'ipv4-multicast'
        },
	'unicast-address' => {
	    description => "Unicast peers address ip list.",
	    type => 'string',  format => 'ip-list'
	},
    };
}

sub options {

    return {
	'uplink-id' => { optional => 0 },
        'multicast-address' => { optional => 1 },
        'unicast-address' => { optional => 1 },
        'vxlan-allowed' => { optional => 1 },
    };
}

# Plugin implementation
sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $uplinks, $config) = @_;

    my $tag = $vnet->{tag};
    my $alias = $vnet->{alias};
    my $ipv4 = $vnet->{ipv4};
    my $ipv6 = $vnet->{ipv6};
    my $mac = $vnet->{mac};
    my $multicastaddress = $plugin_config->{'multicast-address'};
    my @unicastaddress = split(',', $plugin_config->{'unicast-address'}) if $plugin_config->{'unicast-address'};

    my $uplink = $plugin_config->{'uplink-id'};
    my $vxlanallowed = $plugin_config->{'vxlan-allowed'};

    die "missing vxlan tag" if !$tag;
    my $iface = "uplink$uplink";
    my $ifaceip = "";

    if($uplinks->{$uplink}->{name}) {
	$iface = $uplinks->{$uplink}->{name};
	$ifaceip = PVE::Network::SDN::Plugin::get_first_local_ipv4_from_interface($iface);
    }

    my $mtu = 1450;
    $mtu = $uplinks->{$uplink}->{mtu} - 50 if $uplinks->{$uplink}->{mtu};
    $mtu = $vnet->{mtu} if $vnet->{mtu};

    #vxlan interface
    my @iface_config = ();
    push @iface_config, "vxlan-id $tag";

    if($multicastaddress) {
	push @iface_config, "vxlan-svcnodeip $multicastaddress";
	push @iface_config, "vxlan-physdev $iface";
    } elsif (@unicastaddress) {

	foreach my $address (@unicastaddress) {
	    next if $address eq $ifaceip;
	    push @iface_config, "vxlan_remoteip $address";
	}
    }

    push @iface_config, "mtu $mtu" if $mtu;
    push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"};

    #vnet bridge
    @iface_config = ();
    push @iface_config, "address $ipv4" if $ipv4;
    push @iface_config, "address $ipv6" if $ipv6;
    push @iface_config, "hwaddress $mac" if $mac;
    push @iface_config, "bridge_ports vxlan$vnetid";
    push @iface_config, "bridge_stp off";
    push @iface_config, "bridge_fd 0";
    push @iface_config, "mtu $mtu" if $mtu;
    push @iface_config, "alias $alias" if $alias;
    push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};

    return $config;
}

sub on_delete_hook {
    my ($class, $transportid, $sdn_cfg) = @_;

    # verify that no vnet are associated to this transport
    foreach my $id (keys %{$sdn_cfg->{ids}}) {
	my $sdn = $sdn_cfg->{ids}->{$id};
	die "transport $transportid is used by vnet $id"
	    if ($sdn->{type} eq 'vnet' && defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid);
    }
}

sub on_update_hook {
    my ($class, $transportid, $sdn_cfg) = @_;

    my $transport = $sdn_cfg->{ids}->{$transportid};

    # verify that vxlan-allowed don't conflict with another vxlan-allowed transport

    # verify that vxlan-allowed is matching currently vnet tag in this transport
    my $vxlanallowed = $transport->{'vxlan-allowed'};
    if ($vxlanallowed) {
	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	    my $sdn = $sdn_cfg->{ids}->{$id};
	    if ($sdn->{type} eq 'vnet' && defined($sdn->{tag})) {
		if(defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid) {
		    my $tag = $sdn->{tag};
		    eval {
			PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanallowed, '16777216', $tag);
		    };
		    if($@) {
			die "vnet $id - vlan $tag is not allowed in transport $transportid";
		    }
		}
	    }
	}
    }

    # verify that router exist
    if (defined($sdn_cfg->{ids}->{$transportid}->{router})) {
	my $router = $sdn_cfg->{ids}->{$transportid}->{router};
	if (!defined($sdn_cfg->{ids}->{$router})) {
	    die "router $router don't exist";
	} else {
	    die "$router is not a router type" if $sdn_cfg->{ids}->{$router}->{type} ne 'frr';
	}

	#vrf && vrf-vxlan need to be defined with router
	my $vrf = $sdn_cfg->{ids}->{$transportid}->{vrf};
	if (!defined($vrf)) {
	    die "missing vrf option";
	} else {
	    # verify that vrf is not already declared in another transport
	    foreach my $id (keys %{$sdn_cfg->{ids}}) {
		next if $id eq $transportid;
		die "vrf $vrf is already declared in $id"
			if (defined($sdn_cfg->{ids}->{$id}->{vrf}) && $sdn_cfg->{ids}->{$id}->{vrf} eq $vrf);
	    }
	}

	my $vrfvxlan = $sdn_cfg->{ids}->{$transportid}->{'vrf-vxlan'};
	if (!defined($vrfvxlan)) {
	    die "missing vrf-vxlan option";
	} else {
	    # verify that vrf-vxlan is not already declared in another transport
	    foreach my $id (keys %{$sdn_cfg->{ids}}) {
		next if $id eq $transportid;
		die "vrf-vxlan $vrfvxlan is already declared in $id"
			if (defined($sdn_cfg->{ids}->{$id}->{'vrf-vxlan'}) && $sdn_cfg->{ids}->{$id}->{'vrf-vxlan'} eq $vrfvxlan);
	    }
	}
    }
}

1;
Commit	Line	Data
3ee45e4c	1	package PVE::Network::SDN::VxlanPlugin;
7e720d4d AD	2
	3	use strict;
	4	use warnings;
86d22462	5	use PVE::Network::SDN::Plugin;
c692cbfa	6	use PVE::Tools qw($IPV4RE);
e3dca233	7	use PVE::INotify;
7e720d4d	8
86d22462	9	use base('PVE::Network::SDN::Plugin');
7e720d4d	10
6bffe819 AD	11	PVE::JSONSchema::register_format('pve-sdn-vxlanrange', \&pve_verify_sdn_vxlanrange);
6bffe819 AD	12	sub pve_verify_sdn_vxlanrange {
7e720d4d AD	13	my ($vxlanstr) = @_;
7e720d4d AD	14
86d22462	15	PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanstr, '16777216');
7e720d4d AD	16
	17	return $vxlanstr;
	18	}
	19
c692cbfa AD	20	PVE::JSONSchema::register_format('ipv4-multicast', \&parse_ipv4_multicast);
	21	sub parse_ipv4_multicast {
	22	my ($ipv4, $noerr) = @_;
	23
	24	if ($ipv4 !~ m/^(?:$IPV4RE)$/) {
	25	return undef if $noerr;
	26	die "value does not look like a valid multicast IPv4 address\n";
	27	}
	28
	29	if ($ipv4 =~ m/^(\d+)\.\d+.\d+.\d+/) {
	30	if($1 < 224 \|\| $1 > 239) {
	31	return undef if $noerr;
	32	die "value does not look like a valid multicast IPv4 address\n";
	33	}
	34	}
	35
	36	return $ipv4;
	37	}
	38
7e720d4d	39	sub type {
3ee45e4c	40	return 'vxlan';
7e720d4d AD	41	}
7e720d4d AD	42
8fb1ee7f AD	43	sub plugindata {
	44	return {
	45	role => 'transport',
	46	};
	47	}
	48
7e720d4d AD	49	sub properties {
	50	return {
	51	'vxlan-allowed' => {
6bffe819	52	type => 'string', format => 'pve-sdn-vxlanrange',
7e720d4d AD	53	description => "Allowed vlan range",
	54	},
	55	'multicast-address' => {
	56	description => "Multicast address.",
c692cbfa	57	type => 'string', format => 'ipv4-multicast'
7e720d4d	58	},
3ee45e4c AD	59	'unicast-address' => {
3ee45e4c AD	60	description => "Unicast peers address ip list.",
fcfca9ef	61	type => 'string', format => 'ip-list'
3ee45e4c	62	},
7e720d4d AD	63	};
	64	}
	65
	66	sub options {
	67
	68	return {
85533e98	69	'uplink-id' => { optional => 0 },
3ee45e4c AD	70	'multicast-address' => { optional => 1 },
3ee45e4c AD	71	'unicast-address' => { optional => 1 },
7e720d4d AD	72	'vxlan-allowed' => { optional => 1 },
	73	};
	74	}
	75
	76	# Plugin implementation
6bffe819	77	sub generate_sdn_config {
93dea3aa	78	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $uplinks, $config) = @_;
7e720d4d AD	79
7e720d4d AD	80	my $tag = $vnet->{tag};
dc7e431e	81	my $alias = $vnet->{alias};
5b31292c AD	82	my $ipv4 = $vnet->{ipv4};
	83	my $ipv6 = $vnet->{ipv6};
	84	my $mac = $vnet->{mac};
7e720d4d	85	my $multicastaddress = $plugin_config->{'multicast-address'};
3ee45e4c AD	86	my @unicastaddress = split(',', $plugin_config->{'unicast-address'}) if $plugin_config->{'unicast-address'};
3ee45e4c AD	87
7e720d4d AD	88	my $uplink = $plugin_config->{'uplink-id'};
	89	my $vxlanallowed = $plugin_config->{'vxlan-allowed'};
	90
	91	die "missing vxlan tag" if !$tag;
3ee45e4c AD	92	my $iface = "uplink$uplink";
	93	my $ifaceip = "";
	94
	95	if($uplinks->{$uplink}->{name}) {
	96	$iface = $uplinks->{$uplink}->{name};
	97	$ifaceip = PVE::Network::SDN::Plugin::get_first_local_ipv4_from_interface($iface);
	98	}
c1ae8486 AD	99
	100	my $mtu = 1450;
	101	$mtu = $uplinks->{$uplink}->{mtu} - 50 if $uplinks->{$uplink}->{mtu};
	102	$mtu = $vnet->{mtu} if $vnet->{mtu};
7e720d4d	103
93dea3aa AD	104	#vxlan interface
	105	my @iface_config = ();
	106	push @iface_config, "vxlan-id $tag";
3ee45e4c AD	107
3ee45e4c AD	108	if($multicastaddress) {
93dea3aa AD	109	push @iface_config, "vxlan-svcnodeip $multicastaddress";
93dea3aa AD	110	push @iface_config, "vxlan-physdev $iface";
3ee45e4c AD	111	} elsif (@unicastaddress) {
	112
	113	foreach my $address (@unicastaddress) {
	114	next if $address eq $ifaceip;
93dea3aa	115	push @iface_config, "vxlan_remoteip $address";
3ee45e4c	116	}
3ee45e4c AD	117	}
3ee45e4c AD	118
93dea3aa	119	push @iface_config, "mtu $mtu" if $mtu;
87d8b623	120	push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"};
93dea3aa AD	121
	122	#vnet bridge
	123	@iface_config = ();
	124	push @iface_config, "address $ipv4" if $ipv4;
	125	push @iface_config, "address $ipv6" if $ipv6;
	126	push @iface_config, "hwaddress $mac" if $mac;
	127	push @iface_config, "bridge_ports vxlan$vnetid";
	128	push @iface_config, "bridge_stp off";
	129	push @iface_config, "bridge_fd 0";
	130	push @iface_config, "mtu $mtu" if $mtu;
	131	push @iface_config, "alias $alias" if $alias;
87d8b623	132	push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
126fc68c	133
7e720d4d AD	134	return $config;
	135	}
	136
fe0c6b9e	137	sub on_delete_hook {
6bffe819	138	my ($class, $transportid, $sdn_cfg) = @_;
fe0c6b9e AD	139
fe0c6b9e AD	140	# verify that no vnet are associated to this transport
6bffe819 AD	141	foreach my $id (keys %{$sdn_cfg->{ids}}) {
6bffe819 AD	142	my $sdn = $sdn_cfg->{ids}->{$id};
7d35eaf5	143	die "transport $transportid is used by vnet $id"
6bffe819	144	if ($sdn->{type} eq 'vnet' && defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid);
a8ad2789	145	}
fe0c6b9e AD	146	}
fe0c6b9e AD	147
e8d5906e	148	sub on_update_hook {
6bffe819	149	my ($class, $transportid, $sdn_cfg) = @_;
c723980e	150
6bffe819	151	my $transport = $sdn_cfg->{ids}->{$transportid};
e8d5906e AD	152
	153	# verify that vxlan-allowed don't conflict with another vxlan-allowed transport
	154
7d35eaf5	155	# verify that vxlan-allowed is matching currently vnet tag in this transport
c723980e AD	156	my $vxlanallowed = $transport->{'vxlan-allowed'};
c723980e AD	157	if ($vxlanallowed) {
6bffe819 AD	158	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	159	my $sdn = $sdn_cfg->{ids}->{$id};
	160	if ($sdn->{type} eq 'vnet' && defined($sdn->{tag})) {
	161	if(defined($sdn->{transportzone}) && $sdn->{transportzone} eq $transportid) {
	162	my $tag = $sdn->{tag};
c723980e	163	eval {
86d22462	164	PVE::Network::SDN::Plugin::parse_tag_number_or_range($vxlanallowed, '16777216', $tag);
c723980e AD	165	};
	166	if($@) {
	167	die "vnet $id - vlan $tag is not allowed in transport $transportid";
	168	}
	169	}
	170	}
	171	}
	172	}
5bda8607 AD	173
	174	# verify that router exist
	175	if (defined($sdn_cfg->{ids}->{$transportid}->{router})) {
	176	my $router = $sdn_cfg->{ids}->{$transportid}->{router};
	177	if (!defined($sdn_cfg->{ids}->{$router})) {
	178	die "router $router don't exist";
	179	} else {
	180	die "$router is not a router type" if $sdn_cfg->{ids}->{$router}->{type} ne 'frr';
	181	}
	182
	183	#vrf && vrf-vxlan need to be defined with router
	184	my $vrf = $sdn_cfg->{ids}->{$transportid}->{vrf};
	185	if (!defined($vrf)) {
	186	die "missing vrf option";
	187	} else {
	188	# verify that vrf is not already declared in another transport
	189	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	190	next if $id eq $transportid;
	191	die "vrf $vrf is already declared in $id"
	192	if (defined($sdn_cfg->{ids}->{$id}->{vrf}) && $sdn_cfg->{ids}->{$id}->{vrf} eq $vrf);
	193	}
	194	}
	195
	196	my $vrfvxlan = $sdn_cfg->{ids}->{$transportid}->{'vrf-vxlan'};
	197	if (!defined($vrfvxlan)) {
	198	die "missing vrf-vxlan option";
	199	} else {
	200	# verify that vrf-vxlan is not already declared in another transport
	201	foreach my $id (keys %{$sdn_cfg->{ids}}) {
	202	next if $id eq $transportid;
	203	die "vrf-vxlan $vrfvxlan is already declared in $id"
	204	if (defined($sdn_cfg->{ids}->{$id}->{'vrf-vxlan'}) && $sdn_cfg->{ids}->{$id}->{'vrf-vxlan'} eq $vrfvxlan);
	205	}
	206	}
7d35eaf5	207	}
e8d5906e AD	208	}
e8d5906e AD	209
7e720d4d AD	210	1;
	211
	212