]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Network::SDN::Controllers::EvpnPlugin; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::INotify; | |
7 | use PVE::JSONSchema qw(get_standard_option); | |
8 | use PVE::Tools qw(run_command file_set_contents file_get_contents); | |
9 | ||
10 | use PVE::Network::SDN::Controllers::Plugin; | |
11 | use PVE::Network::SDN::Zones::Plugin; | |
12 | use Net::IP; | |
13 | ||
14 | use base('PVE::Network::SDN::Controllers::Plugin'); | |
15 | ||
16 | sub type { | |
17 | return 'evpn'; | |
18 | } | |
19 | ||
20 | sub properties { | |
21 | return { | |
22 | asn => { | |
23 | type => 'integer', | |
24 | description => "autonomous system number", | |
25 | minimum => 0, | |
26 | maximum => 4294967296 | |
27 | }, | |
28 | peers => { | |
29 | description => "peers address list.", | |
30 | type => 'string', format => 'ip-list' | |
31 | }, | |
32 | }; | |
33 | } | |
34 | ||
35 | sub options { | |
36 | return { | |
37 | 'asn' => { optional => 0 }, | |
38 | 'peers' => { optional => 0 }, | |
39 | }; | |
40 | } | |
41 | ||
42 | # Plugin implementation | |
43 | sub generate_controller_config { | |
44 | my ($class, $plugin_config, $controller_cfg, $id, $uplinks, $config) = @_; | |
45 | ||
46 | my @peers; | |
47 | @peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'}; | |
48 | ||
49 | my $local_node = PVE::INotify::nodename(); | |
50 | ||
51 | my $asn = $plugin_config->{asn}; | |
52 | my $ebgp = undef; | |
53 | my $loopback = undef; | |
54 | my $autortas = undef; | |
55 | my $bgprouter = find_bgp_controller($local_node, $controller_cfg); | |
56 | if($bgprouter) { | |
57 | $ebgp = 1 if $plugin_config->{'asn'} ne $bgprouter->{asn}; | |
58 | $loopback = $bgprouter->{loopback} if $bgprouter->{loopback}; | |
59 | $asn = $bgprouter->{asn} if $bgprouter->{asn}; | |
60 | $autortas = $plugin_config->{'asn'} if $ebgp; | |
61 | } | |
62 | ||
63 | return if !$asn; | |
64 | ||
65 | my $bgp = $config->{frr}->{router}->{"bgp $asn"} //= {}; | |
66 | ||
67 | my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers, $loopback); | |
68 | ||
69 | my $remoteas = $ebgp ? "external" : $asn; | |
70 | ||
71 | #global options | |
72 | my @controller_config = ( | |
73 | "bgp router-id $ifaceip", | |
74 | "no bgp default ipv4-unicast", | |
75 | "coalesce-time 1000", | |
76 | ); | |
77 | ||
78 | push(@{$bgp->{""}}, @controller_config) if keys %{$bgp} == 0; | |
79 | ||
80 | @controller_config = (); | |
81 | ||
82 | #VTEP neighbors | |
83 | push @controller_config, "neighbor VTEP peer-group"; | |
84 | push @controller_config, "neighbor VTEP remote-as $remoteas"; | |
85 | push @controller_config, "neighbor VTEP bfd"; | |
86 | ||
87 | if($ebgp && $loopback) { | |
88 | push @controller_config, "neighbor VTEP ebgp-multihop 10"; | |
89 | push @controller_config, "neighbor VTEP update-source $loopback"; | |
90 | } | |
91 | ||
92 | # VTEP peers | |
93 | foreach my $address (@peers) { | |
94 | next if $address eq $ifaceip; | |
95 | push @controller_config, "neighbor $address peer-group VTEP"; | |
96 | } | |
97 | ||
98 | push(@{$bgp->{""}}, @controller_config); | |
99 | ||
100 | # address-family l2vpn | |
101 | @controller_config = (); | |
102 | push @controller_config, "neighbor VTEP route-map MAP_VTEP_OUT out"; | |
103 | push @controller_config, "neighbor VTEP activate"; | |
104 | push @controller_config, "advertise-all-vni"; | |
105 | push @controller_config, "autort as $autortas" if $autortas; | |
106 | push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
107 | ||
108 | push(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, []); | |
109 | ||
110 | return $config; | |
111 | } | |
112 | ||
113 | sub generate_controller_zone_config { | |
114 | my ($class, $plugin_config, $controller, $controller_cfg, $id, $uplinks, $config) = @_; | |
115 | ||
116 | my $local_node = PVE::INotify::nodename(); | |
117 | ||
118 | my $vrf = "vrf_$id"; | |
119 | my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; | |
120 | my $exitnodes = $plugin_config->{'exitnodes'}; | |
121 | my $exitnodes_primary = $plugin_config->{'exitnodes-primary'}; | |
122 | my $advertisesubnets = $plugin_config->{'advertise-subnets'}; | |
123 | my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'}; | |
124 | my $rt_import = [PVE::Tools::split_list($plugin_config->{'rt-import'})] if $plugin_config->{'rt-import'}; | |
125 | ||
126 | my $asn = $controller->{asn}; | |
127 | my @peers = PVE::Tools::split_list($controller->{'peers'}) if $controller->{'peers'}; | |
128 | my $ebgp = undef; | |
129 | my $loopback = undef; | |
130 | my $autortas = undef; | |
131 | my $bgprouter = find_bgp_controller($local_node, $controller_cfg); | |
132 | if($bgprouter) { | |
133 | $ebgp = 1 if $controller->{'asn'} ne $bgprouter->{asn}; | |
134 | $loopback = $bgprouter->{loopback} if $bgprouter->{loopback}; | |
135 | $asn = $bgprouter->{asn} if $bgprouter->{asn}; | |
136 | $autortas = $controller->{'asn'} if $ebgp; | |
137 | } | |
138 | ||
139 | return if !$vrf || !$vrfvxlan || !$asn; | |
140 | ||
141 | my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers, $loopback); | |
142 | ||
143 | # vrf | |
144 | my @controller_config = (); | |
145 | push @controller_config, "vni $vrfvxlan"; | |
146 | push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config); | |
147 | ||
148 | #main vrf router | |
149 | @controller_config = (); | |
150 | push @controller_config, "bgp router-id $ifaceip"; | |
151 | push @controller_config, "no bgp ebgp-requires-policy" if $ebgp; | |
152 | # push @controller_config, "!"; | |
153 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, @controller_config); | |
154 | ||
155 | if ($autortas) { | |
156 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, "route-target import $autortas:$vrfvxlan"); | |
157 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, "route-target export $autortas:$vrfvxlan"); | |
158 | } | |
159 | ||
160 | my $is_gateway = $exitnodes->{$local_node}; | |
161 | ||
162 | if ($is_gateway) { | |
163 | ||
164 | if($exitnodes_primary && $exitnodes_primary ne $local_node) { | |
165 | my $routemap_config = (); | |
166 | push @{$routemap_config}, "match evpn vni $vrfvxlan"; | |
167 | push @{$routemap_config}, "match evpn route-type prefix"; | |
168 | push @{$routemap_config}, "set metric 200"; | |
169 | unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap_config); | |
170 | } | |
171 | ||
172 | if (!$exitnodes_local_routing) { | |
173 | @controller_config = (); | |
174 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) | |
175 | push @controller_config, "import vrf $vrf"; | |
176 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
177 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
178 | ||
179 | @controller_config = (); | |
180 | #redistribute connected to be able to route to local vms on the gateway | |
181 | push @controller_config, "redistribute connected"; | |
182 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
183 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
184 | } | |
185 | ||
186 | @controller_config = (); | |
187 | #add default originate to announce 0.0.0.0/0 type5 route in evpn | |
188 | push @controller_config, "default-originate ipv4"; | |
189 | push @controller_config, "default-originate ipv6"; | |
190 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
191 | } elsif ($advertisesubnets) { | |
192 | ||
193 | @controller_config = (); | |
194 | #redistribute connected networks | |
195 | push @controller_config, "redistribute connected"; | |
196 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
197 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
198 | ||
199 | @controller_config = (); | |
200 | #advertise connected networks type5 route in evpn | |
201 | push @controller_config, "advertise ipv4 unicast"; | |
202 | push @controller_config, "advertise ipv6 unicast"; | |
203 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
204 | } | |
205 | ||
206 | if($rt_import) { | |
207 | @controller_config = (); | |
208 | foreach my $rt (sort @{$rt_import}) { | |
209 | push @controller_config, "route-target import $rt"; | |
210 | } | |
211 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
212 | } | |
213 | ||
214 | return $config; | |
215 | } | |
216 | ||
217 | sub generate_controller_vnet_config { | |
218 | my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_; | |
219 | ||
220 | my $exitnodes = $zone->{'exitnodes'}; | |
221 | my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'}; | |
222 | ||
223 | return if !$exitnodes_local_routing; | |
224 | ||
225 | my $local_node = PVE::INotify::nodename(); | |
226 | my $is_gateway = $exitnodes->{$local_node}; | |
227 | ||
228 | return if !$is_gateway; | |
229 | ||
230 | my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1); | |
231 | my @controller_config = (); | |
232 | foreach my $subnetid (sort keys %{$subnets}) { | |
233 | my $subnet = $subnets->{$subnetid}; | |
234 | my $cidr = $subnet->{cidr}; | |
235 | push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid"; | |
236 | } | |
237 | push(@{$config->{frr}->{''}}, @controller_config); | |
238 | } | |
239 | ||
240 | sub on_delete_hook { | |
241 | my ($class, $controllerid, $zone_cfg) = @_; | |
242 | ||
243 | # verify that zone is associated to this controller | |
244 | foreach my $id (keys %{$zone_cfg->{ids}}) { | |
245 | my $zone = $zone_cfg->{ids}->{$id}; | |
246 | die "controller $controllerid is used by $id" | |
247 | if (defined($zone->{controller}) && $zone->{controller} eq $controllerid); | |
248 | } | |
249 | } | |
250 | ||
251 | sub on_update_hook { | |
252 | my ($class, $controllerid, $controller_cfg) = @_; | |
253 | ||
254 | # we can only have 1 evpn controller / 1 asn by server | |
255 | ||
256 | my $controllernb = 0; | |
257 | foreach my $id (keys %{$controller_cfg->{ids}}) { | |
258 | next if $id eq $controllerid; | |
259 | my $controller = $controller_cfg->{ids}->{$id}; | |
260 | next if $controller->{type} ne "evpn"; | |
261 | $controllernb++; | |
262 | die "only 1 global evpn controller can be defined" if $controllernb > 1; | |
263 | } | |
264 | } | |
265 | ||
266 | sub find_bgp_controller { | |
267 | my ($nodename, $controller_cfg) = @_; | |
268 | ||
269 | my $controller = undef; | |
270 | foreach my $id (keys %{$controller_cfg->{ids}}) { | |
271 | $controller = $controller_cfg->{ids}->{$id}; | |
272 | next if $controller->{type} ne 'bgp'; | |
273 | next if $controller->{node} ne $nodename; | |
274 | last; | |
275 | } | |
276 | ||
277 | return $controller; | |
278 | } | |
279 | ||
280 | ||
281 | sub sort_frr_config { | |
282 | my $order = {}; | |
283 | $order->{''} = 0; | |
284 | $order->{'vrf'} = 1; | |
285 | $order->{'ipv4 unicast'} = 1; | |
286 | $order->{'ipv6 unicast'} = 2; | |
287 | $order->{'l2vpn evpn'} = 3; | |
288 | ||
289 | my $a_val = 100; | |
290 | my $b_val = 100; | |
291 | ||
292 | $a_val = $order->{$a} if defined($order->{$a}); | |
293 | $b_val = $order->{$b} if defined($order->{$b}); | |
294 | ||
295 | if ($a =~ /bgp (\d+)$/) { | |
296 | $a_val = 2; | |
297 | } | |
298 | ||
299 | if ($b =~ /bgp (\d+)$/) { | |
300 | $b_val = 2; | |
301 | } | |
302 | ||
303 | return $a_val <=> $b_val; | |
304 | } | |
305 | ||
306 | sub generate_frr_recurse{ | |
307 | my ($final_config, $content, $parentkey, $level) = @_; | |
308 | ||
309 | my $keylist = {}; | |
310 | $keylist->{vrf} = 1; | |
311 | $keylist->{'address-family'} = 1; | |
312 | $keylist->{router} = 1; | |
313 | ||
314 | my $exitkeylist = {}; | |
315 | $exitkeylist->{vrf} = 1; | |
316 | $exitkeylist->{'address-family'} = 1; | |
317 | ||
318 | # FIXME: make this generic | |
319 | my $paddinglevel = undef; | |
320 | if ($level == 1 || $level == 2) { | |
321 | $paddinglevel = $level - 1; | |
322 | } elsif ($level == 3 || $level == 4) { | |
323 | $paddinglevel = $level - 2; | |
324 | } | |
325 | ||
326 | my $padding = ""; | |
327 | $padding = ' ' x ($paddinglevel) if $paddinglevel; | |
328 | ||
329 | if (ref $content eq 'HASH') { | |
330 | foreach my $key (sort sort_frr_config keys %$content) { | |
331 | if ($parentkey && defined($keylist->{$parentkey})) { | |
332 | push @{$final_config}, $padding."!"; | |
333 | push @{$final_config}, $padding."$parentkey $key"; | |
334 | } elsif ($key ne '' && !defined($keylist->{$key})) { | |
335 | push @{$final_config}, $padding."$key"; | |
336 | } | |
337 | ||
338 | my $option = $content->{$key}; | |
339 | generate_frr_recurse($final_config, $option, $key, $level+1); | |
340 | ||
341 | push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey}); | |
342 | } | |
343 | } | |
344 | ||
345 | if (ref $content eq 'ARRAY') { | |
346 | push @{$final_config}, map { $padding . "$_" } @$content; | |
347 | } | |
348 | } | |
349 | ||
350 | sub generate_frr_routemap { | |
351 | my ($final_config, $routemaps) = @_; | |
352 | ||
353 | foreach my $id (sort keys %$routemaps) { | |
354 | ||
355 | my $routemap = $routemaps->{$id}; | |
356 | my $order = 0; | |
357 | foreach my $seq (@$routemap) { | |
358 | $order++; | |
359 | my @config = (); | |
360 | push @config, "!"; | |
361 | push @config, "route-map $id permit $order"; | |
362 | push @config, map { " $_" } @$seq; | |
363 | push @{$final_config}, @config; | |
364 | } | |
365 | } | |
366 | } | |
367 | sub generate_controller_rawconfig { | |
368 | my ($class, $plugin_config, $config) = @_; | |
369 | ||
370 | my $nodename = PVE::INotify::nodename(); | |
371 | ||
372 | my $final_config = []; | |
373 | push @{$final_config}, "log syslog informational"; | |
374 | push @{$final_config}, "ip forwarding"; | |
375 | push @{$final_config}, "ipv6 forwarding"; | |
376 | push @{$final_config}, "frr defaults datacenter"; | |
377 | push @{$final_config}, "service integrated-vtysh-config"; | |
378 | push @{$final_config}, "hostname $nodename"; | |
379 | push @{$final_config}, "!"; | |
380 | ||
381 | if (-e "/etc/frr/frr.conf.local") { | |
382 | generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1); | |
383 | generate_frr_routemap($final_config, $config->{frr_routemap}); | |
384 | push @{$final_config}, "!"; | |
385 | ||
386 | my $local_conf = file_get_contents("/etc/frr/frr.conf.local"); | |
387 | chomp ($local_conf); | |
388 | push @{$final_config}, $local_conf; | |
389 | } else { | |
390 | generate_frr_recurse($final_config, $config->{frr}, undef, 0); | |
391 | generate_frr_routemap($final_config, $config->{frr_routemap}); | |
392 | } | |
393 | ||
394 | push @{$final_config}, "!"; | |
395 | push @{$final_config}, "line vty"; | |
396 | push @{$final_config}, "!"; | |
397 | ||
398 | my $rawconfig = join("\n", @{$final_config}); | |
399 | ||
400 | return if !$rawconfig; | |
401 | return $rawconfig; | |
402 | } | |
403 | ||
404 | sub write_controller_config { | |
405 | my ($class, $plugin_config, $config) = @_; | |
406 | ||
407 | my $rawconfig = $class->generate_controller_rawconfig($plugin_config, $config); | |
408 | return if !$rawconfig; | |
409 | return if !-d "/etc/frr"; | |
410 | ||
411 | file_set_contents("/etc/frr/frr.conf", $rawconfig); | |
412 | } | |
413 | ||
414 | sub reload_controller { | |
415 | my ($class) = @_; | |
416 | ||
417 | my $conf_file = "/etc/frr/frr.conf"; | |
418 | my $bin_path = "/usr/lib/frr/frr-reload.py"; | |
419 | ||
420 | if (!-e $bin_path) { | |
421 | warn "missing $bin_path. Please install frr-pythontools package"; | |
422 | return; | |
423 | } | |
424 | ||
425 | my $err = sub { | |
426 | my $line = shift; | |
427 | if ($line =~ /ERROR:/) { | |
428 | warn "$line \n"; | |
429 | } | |
430 | }; | |
431 | ||
432 | if (-e $conf_file && -e $bin_path) { | |
433 | run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err); | |
434 | } | |
435 | } | |
436 | ||
437 | 1; | |
438 | ||
439 |